commit 528a572daea90aa41db92683e5a8756acef514c4 ("ide: add ->chipset field
to ide_pci_device_t") broke hwif->chipset setup (it is now set to ide_cmd646
for CMD648 instead of CMD646). It seems that the breakage happend while
I was moving patches around (cmd64x_chipsets[] entries for CMD646 and CMD648
are identical except for 'name' field). Fix it and bump driver version.
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Use ide_cd_release() to do the cleanup if ide_cdrom_setup() fails.
It fixes:
- the default drive->dsc_overlap value not being restored
- the default drive->queue's prep_rq_fn not being restored
- struct gendisk 'g' not being freed
- wrong function name being reported on unregister_cdrom() error
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: New device ID for the CP2101 driver
USB: VID/PID update for sierra
USB: Unbreak fsl_usb2_udc
Cory T. Tusar [Sun, 23 Dec 2007 20:34:51 +0000 (12:34 -0800)]
tty: fix logic change introduced by wait_event_interruptible_timeout()
Commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8 introduced a subtle logic
change in tty_wait_until_sent(). The original version would only error out
of the 'do { ... } while (timeout)' loop if signal_pending() evaluated to
true; a timeout or break due to an empty buffer would fall out of the loop
and into the tty->driver->wait_until_sent handling. The current
implementation will error out on either a pending signal or an empty
buffer, falling through to the tty->driver->wait_until_sent handling only
on a timeout.
The ->wait_until_sent() will not be reached if the buffer empties before
timeout jiffies have elapsed. This behavior differs from that prior to commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8.
I turned this up while using a little serial download utility to bootstrap an
ARM-based eval board. The util worked fine on 2.6.22.x, but consistently
failed on 2.6.23.x. Once I'd determined that, I narrowed things down with git
bisect, and found the above difference in logic in tty_wait_until_sent() by
inspection.
This change reverts the logic flow in tty_wait_until_sent() to match that
prior to the aforementioned commit.
Signed-off-by: Cory T. Tusar <ctusar@videon-central.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by: Jiri Slaby <jirislaby@gmail.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Paul Mundt [Sat, 22 Dec 2007 22:03:30 +0000 (14:03 -0800)]
kconfig: obey KCONFIG_ALLCONFIG choices with randconfig.
Currently when using KCONFIG_ALLCONFIG with randconfig the choice options
are clobbered. As recommended by Roman, this adds an is_new test to see
whether to select a new option or obey the existing one.
This is a resend of the earlier patch a couple of weeks ago, since there
was no reply. Original thread is at http://lkml.org/lkml/2007/11/28/94
Signed-off-by: Paul Mundt <lethal@linux-sh.org> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Zijlstra [Sat, 22 Dec 2007 22:03:29 +0000 (14:03 -0800)]
lib: proportion: fix underflow in prop_norm_percpu()
Zhe Jiang noticed that its possible to underflow pl->events in
prop_norm_percpu() when the value returned by percpu_counter_read() is less
than the error on that read and the period delay > 1. In that case half might
not trigger the batch increment and the value will be identical on the next
iteration, causing the same half to be subtracted again and again.
Fix this by rewriting the division as a single subtraction instead of a
subtraction loop and using percpu_counter_sum() when the value returned by
percpu_counter_read() is smaller than the error.
The latter is still needed if we want pl->events to shrink properly in the
error region.
[akpm@linux-foundation.org: cleanups] Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Reviewed-by: Jiang Zhe <zhe.jiang@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Walker [Sat, 22 Dec 2007 22:03:28 +0000 (14:03 -0800)]
ps3: vuart: fix error path locking
This stray down would cause a permanent sleep which doesn't seem correct.
The other uses of this semaphore appear fairly mutex like it's even
initialized with init_MUTEX() .. So here a patch for removing this one
down().
Signed-off-by: Geoff Levand <geoffrey.levand@am.sony.com> Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Sandeen [Sat, 22 Dec 2007 22:03:26 +0000 (14:03 -0800)]
ecryptfs: redo dget,mntget on dentry_open failure
Thanks to Jeff Moyer for pointing this out.
If the RDWR dentry_open() in ecryptfs_init_persistent_file fails,
it will do a dput/mntput. Need to re-take references if we
retry as RDONLY.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Acked-by: Mike Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Sandeen [Sat, 22 Dec 2007 22:03:26 +0000 (14:03 -0800)]
ecryptfs: fix unlocking in error paths
Thanks to Josef Bacik for finding these.
A couple of ecryptfs error paths don't properly unlock things they locked.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: Josef Bacik <jbacik@redhat.com> Cc: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Kara [Sat, 22 Dec 2007 22:03:25 +0000 (14:03 -0800)]
Don't send quota messages repeatedly when hardlimit reached
We should send quota message to netlink only once when hardlimit is
reached. Otherwise user could easily make the system busy by trying to
exceed the hardlimit (and also the messages could be anoying if you cannot
stop writing just now).
Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Kara [Sat, 22 Dec 2007 22:03:25 +0000 (14:03 -0800)]
Fix computation of SKB size for quota messages
Fix computation of size of skb needed for quota message. We should use
netlink provided functions and not just an ad-hoc number. Also don't print
the return value from nla_put_foo() as it is always -1.
Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Sandeen [Sat, 22 Dec 2007 22:03:24 +0000 (14:03 -0800)]
ecryptfs: fix string overflow on long cipher names
Passing a cipher name > 32 chars on mount results in an overflow when the
cipher name is printed, because the last character in the struct
ecryptfs_key_tfm's cipher_name string was never zeroed.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Martin Kusserow [Fri, 21 Dec 2007 11:02:17 +0000 (12:02 +0100)]
USB: New device ID for the CP2101 driver
attached please find a new device ID for CP2101 driver. This device is a
usb stick from Dynastream to communicate with ANT wireless devices which
I suppose is fairly similar to the ANT dev board having product id 0x1003.
From: Martin Kusserow <kusserow@ife.ee.ethz.ch> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin R Page [Thu, 13 Dec 2007 01:10:48 +0000 (01:10 +0000)]
USB: VID/PID update for sierra
Adds VID/PID for the MC8775 found internally in the Thinkpad X61s laptop
(and likely others). For commercial reasons the driver maintainer cannot
add VID/PIDs for laptop OEM devices himself.
Signed-off-by: Kevin R Page <linux-kernel@krp.org.uk> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Peter Korsgaard [Fri, 21 Dec 2007 16:33:46 +0000 (08:33 -0800)]
USB: Unbreak fsl_usb2_udc
Commit a4e3ef5... (USB: gadget: gadget_is_{dualspeed,otg} predicates
and cleanup) broke fsl_usb2_udc; the build test didn't cover peripheral
drivers, just gadget drivers.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Due to the change in kobject name handling, the module kobject needs to
have a null release function to ensure that the name it previously set
will be properly cleaned up.
All of this wierdness goes away in 2.6.25 with the rework of the kobject
name and cleanup logic, but this is required for 2.6.24.
Thanks to Alexey Dobriyan for finding the problem, and to Kay Sievers
for pointing out the simple way to fix it after I tried many complex
ways.
Gregory CLEMENT [Wed, 19 Dec 2007 17:23:44 +0000 (18:23 +0100)]
MACB: clear transmit buffers properly on transmit underrun
Initially transmit buffer pointers were only reset. But buffer
descriptors were possibly still set as ready, and buffer in upper
layer was not freed. This caused driver hang under big load. Now
reset clean properly the buffer descriptor and freed upper layer.
Al Viro [Sat, 22 Dec 2007 19:44:10 +0000 (19:44 +0000)]
3c359 endianness annotations and fixes
Same story as with olympic - htons(readw()) when swab16(readw()) is needed,
missing conversions to le32 when dealing with shared descriptors, etc.
Olympic got those fixes in 2.4.0-test2, 3c359 didn't.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Sat, 22 Dec 2007 18:56:53 +0000 (18:56 +0000)]
fec_mpc52xx: write in C...
If you need to find a difference between addresses of two
struct members, subtract offsetof() or cast addresses to
char * and subtract those if you prefer it that way. Doing
that same with s/char */u32/, OTOH...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Sat, 22 Dec 2007 18:56:13 +0000 (18:56 +0000)]
3c574 and 3c589 endianness fixes (.24?)
Both store MAC address in CIS; there's no decoder for that
type (0x88) so the drivers work with raw data. It is
byteswapped, so ntohs() works for little-endian, but for
big-endian it's wrong. ntohs(le16_to_cpu()) does the
right thing on both (and always expands to swab16()).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Sat, 22 Dec 2007 18:11:18 +0000 (18:11 +0000)]
dl2k endianness fixes (.24 fodder?)
* shift before cpu_to_le64(), not after it
* writel() converts to l-e itself
* misc missing conversions
* in set_multicast() hash_table[] is host-endian; we feed it to card
via writel() and populate it as host-endian, so we'd better put the
first element into it also in host-endian
* pci_unmap_single() et.al. expect host-endian, not little-endian
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Sat, 22 Dec 2007 17:42:36 +0000 (17:42 +0000)]
asix fixes
* usb_control_message() to/from stack (breaks on e.g. arm); some
places did kmalloc() for buffer, some just worked from stack.
Added kmalloc()/memcpy()/kfree() in asix_read_cmd()/asix_write_cmd(),
removed that crap from callers.
* Fixed a leak in ax88172_bind() - on success it forgot to kfree() the
buffer.
* Endianness bug in ax88178_bind() - we read a word from eeprom and work with
it without converting to host-endian
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Fri, 21 Dec 2007 06:21:03 +0000 (06:21 +0000)]
typhoon: memory corruptor on big-endian if TSO is enabled
txlo_dma_addr should be host-endian; we pass it to typhoon_tso_fill(),
which does arithmetics on it, converts to l-e and passes it to card.
Unfortunately, we forgot le32_to_cpu() when initializing it from
face->txLoAddr, which sits in shared memory and is little-endian.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Fri, 21 Dec 2007 06:20:43 +0000 (06:20 +0000)]
typhoon: set_settings broken on big-endian
One cpu_to_le16() too many when passing argument for TYPHOON_CMD_XCVR_SELECT;
we end up passing host-endian while the hardware expects little-endian. The
other place doing that (typhoon_start_runtime()) does the right thing, so the
card will recover at the next ifconfig up/tx timeout/resume, which limits the
amount of mess, but still, WTF?
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Al Viro [Fri, 21 Dec 2007 06:20:33 +0000 (06:20 +0000)]
typhoon: missing le32_to_cpu() in get_drvinfo
in typhoon_get_drvinfo() .parm2 is little-endian; not critical
since we just get the firmware id flipped in get_drvinfo output
on big-endian boxen, but...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
nl_fib_input re-reuses incoming skb to send the reply. This means that this
packet will be freed twice, namely in:
- netlink_unicast_kernel
- on receive path
Use clone to send as a cure, the caller is responsible for kfree_skb on error.
Thanks to Alexey Dobryan, who originally found the problem.
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
x86: intel_cacheinfo.c: cpu cache info entry for Intel Tolapai
x86: fix die() to not be preemptible
Lachlan McIlroy [Fri, 21 Dec 2007 00:00:23 +0000 (11:00 +1100)]
[XFS] Initialise current offset in xfs_file_readdir correctly
After reading the directory contents into the temporary buffer, we grab
each dirent and pass it to filldir witht eh current offset of the dirent.
The current offset was not being set for the first dirent in the temporary
buffer, which coul dresult in bad offsets being set in the f_pos field
result in looping and duplicate entries being returned from readdir.
This was broken by my '[XFS] simplify xfs_create/mknod/symlink prototype',
which assigned the re-shuffled ondisk dev_t back to the rdev variable in
xfs_vn_mknod. Because of that i_rdev is set to the ondisk dev_t instead of
the linux dev_t later down the function.
Fortunately the fix for it is trivial: we can just remove the assignment
because xfs_revalidate_inode has done the proper job before unlocking the
inode.
Ingo Molnar [Fri, 21 Dec 2007 00:27:19 +0000 (01:27 +0100)]
x86: fix die() to not be preemptible
Andrew "Eagle Eye" Morton noticed that we use raw_local_save_flags()
instead of raw_local_irq_save(flags) in die(). This allows the
preemption of oopsing contexts - which is highly undesirable. It also
causes CONFIG_DEBUG_PREEMPT to complain, as reported by Miles Lane.
that is not a correct open-coding of spin_lock_irqsave(): both the
ordering is wrong (irqs should be disabled _first_), and the wrong
flags-saving API was used.
Wei Yongjun [Thu, 20 Dec 2007 22:36:44 +0000 (14:36 -0800)]
[NET]: Fix function put_cmsg() which may cause usr application memory overflow
When used function put_cmsg() to copy kernel information to user
application memory, if the memory length given by user application is
not enough, by the bad length calculate of msg.msg_controllen,
put_cmsg() function may cause the msg.msg_controllen to be a large
value, such as 0xFFFFFFF0, so the following put_cmsg() can also write
data to usr application memory even usr has no valid memory to store
this. This may cause usr application memory overflow.
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
{
struct cmsghdr __user *cm
= (__force struct cmsghdr __user *)msg->msg_control;
struct cmsghdr cmhdr;
int cmlen = CMSG_LEN(len);
~~~~~~~~~~~~~~~~~~~~~
int err;
if (MSG_CMSG_COMPAT & msg->msg_flags)
return put_cmsg_compat(msg, level, type, len, data);
err = -EFAULT;
if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
goto out;
if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
goto out;
cmlen = CMSG_SPACE(len);
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If MSG_CTRUNC flags is set, msg->msg_controllen is less than
CMSG_SPACE(len), "msg->msg_controllen -= cmlen" will cause unsinged int
type msg->msg_controllen to be a large value.
~~~~~~~~~~~~~~~~~~~~~~~~~~~
msg->msg_control += cmlen;
msg->msg_controllen -= cmlen;
~~~~~~~~~~~~~~~~~~~~~
err = 0;
out:
return err;
}
The same promble exists in put_cmsg_compat(). This patch can fix this
problem.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Milan Broz [Thu, 13 Dec 2007 14:16:10 +0000 (14:16 +0000)]
dm crypt: use bio_add_page
Fix possible max_phys_segments violation in cloned dm-crypt bio.
In write operation dm-crypt needs to allocate new bio request
and run crypto operation on this clone. Cloned request has always
the same size, but number of physical segments can be increased
and violate max_phys_segments restriction.
This can lead to data corruption and serious hardware malfunction.
This was observed when using XFS over dm-crypt and at least
two HBA controller drivers (arcmsr, cciss) recently.
Fix it by using bio_add_page() call (which tests for other
restrictions too) instead of constructing own biovec.
All versions of dm-crypt are affected by this bug.
Cc: stable@kernel.org Cc: dm-crypt@saout.de Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Jun'ichi Nomura [Thu, 13 Dec 2007 14:15:25 +0000 (14:15 +0000)]
dm: table detect io beyond device
This patch fixes a panic on shrinking a DM device if there is
outstanding I/O to the part of the device that is being removed.
(Normally this doesn't happen - a filesystem would be resized first,
for example.)
The bug is that __clone_and_map() assumes dm_table_find_target()
always returns a valid pointer. It may fail if a bio arrives from the
block layer but its target sector is no longer included in the DM
btree.
This patch appends an empty entry to table->targets[] which will
be returned by a lookup beyond the end of the device.
After calling dm_table_find_target(), __clone_and_map() and target_message()
check for this condition using
dm_target_is_valid().
Ivan Kokshaysky [Thu, 20 Dec 2007 08:47:07 +0000 (11:47 +0300)]
mm: fix exit_mmap BUG() on a.out binary exit
The problem was introduced by commit "mm: variable length argument
support" (b6a2fea39318e43fee84fa7b0b90d68bed92d2ba)
as it didn't update fs/binfmt_aout.c like other binfmt's.
I noticed that on alpha when accidentally launched old OSF/1
Acrobat Reader binary. Obviously, other architectures are affected
as well.
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Ollie Wild <aaw@google.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Hugh Dickins <hugh@veritas.com> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Arjan van de Ven [Thu, 20 Dec 2007 14:01:17 +0000 (15:01 +0100)]
debug: add end-of-oops marker
Right now it's nearly impossible for parsers that collect kernel crashes
from logs or emails (such as www.kerneloops.org) to detect the
end-of-oops condition. In addition, it's not currently possible to
detect whether or not 2 oopses that look alike are actually the same
oops reported twice, or are truly two unique oopses.
This patch adds an end-of-oops marker, and makes the end marker include
a very simple 64-bit random ID to be able to detect duplicate reports.
Normally, this ID is calculated as a late_initcall() (in the hope that
at that time there is enough entropy to get a unique enough ID); however
for early oopses the oops_exit() function needs to generate the ID on
the fly.
We do this all at the _end_ of an oops printout, so this does not impact
our ability to get the most important portions of a crash out to the
console first.
[ Sidenote: the already existing oopses-since-bootup counter we print
during crashes serves as the differentiator between multiple oopses
that trigger during the same bootup. ]
Tested on 32-bit and 64-bit x86. Artificially injected very early
crashes as well, as expected they result in this constant ID after
multiple bootups:
because the random pools are still all zero. But it all still works
fine and causes no additional problems (which is the main goal of
instrumentation code).
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
David S. Miller [Thu, 20 Dec 2007 09:29:45 +0000 (01:29 -0800)]
[SPARC64]: Fix OOPS in dma_sync_*_for_device()
I included these operations vector cases for situations
where we never need to do anything, the entries aren't
filled in by any implementation, so we OOPS trying to
invoke NULL pointer functions.
Really make them NOPs, to fix the bug.
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Thu, 20 Dec 2007 08:00:45 +0000 (00:00 -0800)]
[XFRM]: Audit function arguments misordered
In several places the arguments to the xfrm_audit_start() function are
in the wrong order resulting in incorrect user information being
reported. This patch corrects this by pacing the arguments in the
correct order.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 20 Dec 2007 07:44:29 +0000 (23:44 -0800)]
[IPSEC]: Avoid undefined shift operation when testing algorithm ID
The aalgos/ealgos fields are only 32 bits wide. However, af_key tries
to test them with the expression 1 << id where id can be as large as
253. This produces different behaviour on different architectures.
The following patch explicitly checks whether ID is greater than 31
and fails the check if that's the case.
We cannot easily extend the mask to be longer than 32 bits due to
exposure to user-space. Besides, this whole interface is obsolete
anyway in favour of the xfrm_user interface which doesn't use this
bit mask in templates (well not within the kernel anyway).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 18 Dec 2007 07:00:31 +0000 (23:00 -0800)]
[TG3]: Endianness bugfix.
tg3_nvram_write_block_unbuffered() is reading data from nvram into
allocated buffer before overwriting a part of it with user-supplied
data. Then it feeds the entire page back to nvram. It should be
storing the words it had read as little-endian, not as host-endian.
Note that tg3_set_eeprom() does exactly that for padding the same
data to full words before it gets passed down to tg3_nvram_write_block()
and then to tg3_nvram_write_block_unbuffered().
Moreover, when we get to sending the entire thing back to nvram, we
go through it word-by-word, doing essentially
writel(swab32(le32_to_cpu(word)), ...)
so if we want them to reach the card in host-independent endianness,
we'd better really have all that buffer filled with fixed-endian.
For user-supplied part we obviously do have that (it's an array of
octets memcpy'd in), ditto for padding of user-supplied part to word
boundaries (taken care of in tg3_set_eeprom()). The rest of the
buffer gets filled by tg3_nvram_write_block_unbuffered() and it would
damn better be consistent with that (and with tg3_get_eeprom(), while
we are at it - there we also convert the words read from nvram to
little-endian before returning the buffer to user).
The bug should get triggered on big-endian boxen when set_eeprom is done
for less than entire page. Then the words that should've been unaffected
at all will actually get byteswapped in place in nvram.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 18 Dec 2007 06:59:57 +0000 (22:59 -0800)]
[TG3]: Endianness annotations.
Fixed misannotations, introduced a new helper - tg3_nvram_read_le().
It gets __le32 * instead of u32 * and puts there the value converted
to little-endian. A lot of callers of tg3_nvram_read() were doing
that; converted them to tg3_nvram_read_le().
At that point the driver is practically endian-clean; the only remaining
place is an actual bug, AFAICS; will be dealt with in the next patch.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
Cyrill Gorcunov [Fri, 14 Dec 2007 00:17:03 +0000 (16:17 -0800)]
NET: mac80211: fix inappropriate memory freeing
Fix inappropriate memory freeing in case of requested rate_control_ops was
not found. In this case the list head entity is going to be accidentally
wasted.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 12 Dec 2007 15:31:52 +0000 (16:31 +0100)]
mac80211: fix header ops
When using recvfrom() on a SOCK_DGRAM packet socket, I noticed that the MAC
address passed back for wireless frames was always completely wrong. The
reason for this is that the header parse function assigned to our virtual
interfaces is a function parsing an 802.11 rather than 802.3 header. This
patch fixes it by keeping the default ethernet header operations assigned.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>