- 07 Apr, 2006 23 commits
-
-
Jouni Malinen authored
Fixed encrypted of EAPOL frames from wlan#ap interface (hostapd). This was broken when moving to use new frame control field defines in net/ieee80211.h. hostapd uses Protected flag, not protocol version (which was cleared in this function anyway). This fixes WPA group key handshake and re-authentication. http://hostap.epitest.fi/bugz/show_bug.cgi?id=126Signed-off-by:
Jouni Malinen <jkmaline@cc.hut.fi>
-
Takashi Iwai authored
Added the default entry of ALC880 configuration table for CTL Travel Master U553W. This patch was already included in Linus' tree. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Adrian Bunk <bunk@stusta.de> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Adrian Bunk authored
CRYPTO is a helper variable, and to make it easier for users, it should therefore select'ed and not be listed in the dependencies. drivers/net/wireless/airo.c requires CONFIG_CRYPTO for compilations. Therefore, AIRO_CS also has to select CRYPTO. Signed-off-by:
-
Christoph Lameter authored
Fix NULL pointer dereference in node_read_numastat() zone_pcp() only returns valid values if the processor is online. Change node_read_numastat() to only scan online processors. Signed-off-by:
Christoph Lameter <clameter@sgi.com> Signed-off-by:
-
Adrian Bunk authored
This patch fixes a big array overun found by the Coverity checker. This was already fixed in Linus' tree. Signed-off-by:
-
Antonino A. Daplas authored
The monochrome->color expansion routine that handles bitmaps which have (widths % 8) != 0 (slow_imageblit) produces corrupt characters in big-endian. This is caused by a bogus bit test in slow_imageblit(). Fix. Signed-off-by:
Antonino Daplas <adaplas@pol.net> Acked-by:
Herbert Poetzl <herbert@13thfloor.at> Signed-off-by:
-
David S. Miller authored
Please apply to 2.6.{14,15,16} -stable, thanks a lot. From: Robert Olsson <robert.olsson@its.uu.se> [FIB_TRIE]: Fix leaf freeing. Seems like leaf (end-nodes) has been freed by __tnode_free_rcu and not by __leaf_free_rcu. This fixes the problem. Only tnode_free is now used which checks for appropriate node type. free_leaf can be removed. Signed-off-by:Robert Olsson <robert.olsson@its.uu.se> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Sergey Vlasov authored
If the change of personality does not lead to change of exec domain, __set_personality() returned without releasing the module reference acquired by lookup_exec_domain(). This patch was already included in Linus' tree. Signed-off-by:
Sergey Vlasov <vsu@altlinux.ru> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
-
Venkatesh Pallipadi authored
[CPUFREQ] Fix the p4-clockmod N60 errata workaround. Fix the code to disable freqs less than 2GHz in N60 errata. Signed-off-by:
Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
-
Kirill Korotaev authored
Wrong error path in dup_fd() - it should return NULL on error, not an address of already freed memory :/ Triggered by OpenVZ stress test suite. What is interesting is that it was causing different oopses in RCU like below: Call Trace: [<c013492c>] rcu_do_batch+0x2c/0x80 [<c0134bdd>] rcu_process_callbacks+0x3d/0x70 [<c0126cf3>] tasklet_action+0x73/0xe0 [<c01269aa>] __do_softirq+0x10a/0x130 [<c01058ff>] do_softirq+0x4f/0x60 ======================= [<c0113817>] smp_apic_timer_interrupt+0x77/0x110 [<c0103b54>] apic_timer_interrupt+0x1c/0x24 Code: Bad EIP value. <0>Kernel panic - not syncing: Fatal exception in interrupt Signed-Off-By:
Pavel Emelianov <xemul@sw.ru> Signed-Off-By:
Dmitry Mishin <dim@openvz.org> Signed-Off-By:
Kirill Korotaev <dev@openvz.org> Signed-Off-By:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
-
Martin Josefsson authored
[NETFILTER]: {ip,nf}_conntrack_netlink: fix expectation notifier unregistration This patch fixes expectation notifier unregistration on module unload to use ip_conntrack_expect_unregister_notifier(). This bug causes a soft lockup at the first expectation created after a rmmod ; insmod of this module. Should go into -stable as well. Signed-off-by:Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
maximilian attems authored
The isicom driver uses request_firmware() and thus needs to select FW_LOADER. This patch was already included in Linus' tree. Signed-off-by:
maximilian attems <maks@sternwelten.at> Signed-off-by:
-
Dave Jones authored
[CPUFREQ] Mark longhaul driver as broken. This seems to work for a short period of time, but when used in conjunction with a userspace governor that changes the frequency regularly, it's only a matter of time before everything just locks up. Signed-off-by:
-
Takashi Iwai authored
Modules: Opti9xx drivers Fix compile errors without CONFIG_PNP. This patch was already included in Linus' tree. Signed-off-by:
-
Janos Farkas authored
For some time, the core pcmcia drivers seem not to think single character prod_ids are valid, thus preventing the "cleverly" named "D" "Link DWL-650 11Mbps WLAN Card" Before (as in 2.6.16): PRODID_1="" PRODID_2="Link DWL-650 11Mbps WLAN Card" PRODID_3="Version 01.02" PRODID_4="" MANFID=0156,0002 FUNCID=6 After (with the patch) PRODID_1="D" PRODID_2="Link DWL-650 11Mbps WLAN Card" PRODID_3="Version 01.02" PRODID_4="" MANFID=0156,0002 FUNCID=6 Signed-off-by:
Janos Farkas <chexum@gmail.com> Signed-off-by:
Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by:
-
Adrian Bunk authored
PCMCIA_SPECTRUM must select FW_LOADER. Reported by "Alexander E. Patrakov" <patrakov@ums.usu.ru>. This patch was already included in Linus' tree. Signed-off-by:
-
Stephen Rothwell authored
We used to assume that a DMA mapping request with a NULL dev was for ISA DMA. This assumption was broken at some point. Now we explicitly pass the detected ISA PCI device in the floppy setup. Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Stefan Richter authored
sbp2util_mark_command_completed takes a lock which was already taken by sbp2scsi_complete_all_commands. This is a regression in Linux 2.6.15. Reported by Kristian Harms at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187394Signed-off-by:
Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by:
-
Horst Schirmeier authored
When trying to deconfigure a device via usb_set_configuration(dev, 0), 2.6.16-rc kernels after 55c52718 oops with "Unable to handle NULL pointer dereference at...". This is due to an unchecked dereference of cp in the power budget part. This patch was already included in Linus' tree. Signed-off-by:
Horst Schirmeier <horst@schirmeier.com> Acked-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
Clemens Ladisch authored
This patch replaces the split ISO raw_mask calculation code in the iso_stream_init() function that computed incorrect numbers of high speed transactions for both input and output transfers. In the output case, it added a superfluous start-split transaction for all maxmimum packet sizes that are a multiple of 188. In the input case, it forgot to add complete-split transactions for all microframes covered by the full speed transaction, and the additional complete-split transaction needed for the case when full speed data starts arriving near the end of a microframe. These changes don't affect the lack of full speed bandwidth, but at least it removes the MMF errors that the HC raised with some input streams. Signed-off-by:
Clemens Ladisch <clemens@ladisch.de> Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Signed-off-by:
-
Greg Kroah-Hartman authored
No one should be writing a PAGE_SIZE worth of data to a normal sysfs file, so properly terminate the buffer. Thanks to Al Viro for pointing out my stupidity here. CVE-2006-1055 has been assigned for this. Signed-off-by: -
Eugene Teo authored
Don't read from free'd memory after calling netif_rx(). docopy is used as a boolean (0 and 1) so unsigned int is sufficient. Coverity bug #928 Signed-off-by:
Eugene Teo <eugene.teo@eugeneteo.net> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by:
-
Andrew Morton authored
tlclk calls register_chrdev() and permits register_chrdev() to allocate the major, but it promptly forgets what that major was. So if there's no hardware present you still get "telco_clock" appearing in /proc/devices and, I assume, an oops reading /proc/devices if tlclk was a module. Fix. Mark, I'd suggest that that we not call register_chrdev() until _after_ we've established that the hardware is present. Cc: Mark Gross <mgross@linux.intel.com> Signed-off-by:
-
- 28 Mar, 2006 17 commits
-
-
Greg Kroah-Hartman authored
-
Andrew Morton authored
Fix bug identified by Linus Torvalds <torvalds@osdl.org>: the `out' instruction depends upon the state of memory_data[], so we need to tell gcc that before executing it. (The opcode, not gcc). Fixes http://bugzilla.kernel.org/show_bug.cgi?id=5553 Thanks to Antonio Ospite <ospite@studenti.unina.it> for testing. Cc: Dave Jones <davej@codemonkey.org.uk> Signed-off-by:
-
Andrey Panin authored
Attached patch fixes invalid pointer arithmetic in DMI code to make onboard device discovery working again. akpm: bug has been present since dmi_find_device() was added in 2.6.14. Affects ipmi only (I think) - the symptoms weren't described. akpm: changed to use pointer arithmetic rather than open-coded sizeof. Signed-off-by:
Andrey Panin <pazke@donpac.ru> Cc: Corey Minyard <minyard@acm.org> Signed-off-by:
-
Patrick McHardy authored
free_hba() sets hba[i] to NULL, the dereference afterwards results in this crash. Setting busy_initializing to 0 actually looks unnecessary, but I'm not entirely sure, which is why I left it in. cciss: controller appears to be disabled Unable to handle kernel NULL pointer dereference at virtual address 00000370 printing eip: c1114d53 *pde = 00000000 Oops: 0002 [#1] Modules linked in: CPU: 0 EIP: 0060:[<c1114d53>] Not tainted VLI EFLAGS: 00010286 (2.6.16 #1) EIP is at cciss_init_one+0x4e9/0x4fe eax: 00000000 ebx: c132cd60 ecx: c13154e4 edx: c27d3c00 esi: 00000000 edi: c2748800 ebp: c2536ee4 esp: c2536eb8 ds: 007b es: 007b ss: 0068 Process swapper (pid: 1, threadinfo=c2536000 task=c2535a30) Stack: <0>00000000 00000000 00000000 c13fdba0 c2536ee8 c13159c0 c2536f38 f7c74740 c132cd60 c132cd60 ffffffed c2536ef0 c10c1d51 c2748800 c2536f04 c10c1d85 c132cd60 c2748800 c132cd8c c2536f14 c10c1db8 c2748848 00000000 c2536f28 Call Trace: [<c10031d5>] show_stack_log_lvl+0xa8/0xb0 [<c1003305>] show_registers+0x102/0x16a [<c10034a2>] die+0xc1/0x13c [<c1288160>] do_page_fault+0x38a/0x525 [<c1002e9b>] error_code+0x4f/0x54 [<c10c1d51>] pci_call_probe+0xd/0x10 [<c10c1d85>] __pci_device_probe+0x31/0x43 [<c10c1db8>] pci_device_probe+0x21/0x34 [<c110a654>] driver_probe_device+0x44/0x99 [<c110a73f>] __driver_attach+0x39/0x5d [<c1109e1c>] bus_for_each_dev+0x35/0x5a [<c110a777>] driver_attach+0x14/0x16 [<c110a220>] bus_add_driver+0x5c/0x8f [<c110ab22>] driver_register+0x73/0x78 [<c10c1f6d>] __pci_register_driver+0x5f/0x71 [<c13bf935>] cciss_init+0x1a/0x1c [<c13aa718>] do_initcalls+0x4c/0x96 [<c13aa77e>] do_basic_setup+0x1c/0x1e [<c10002b1>] init+0x35/0x118 [<c1000cf5>] kernel_thread_helper+0x5/0xb Code: 04 b5 e0 de 40 c1 8d 50 04 8b 40 34 e8 3f b7 f9 ff 8b 04 b5 e0 de 40 c1 e8 aa f3 ff ff 89 f0 e8 e8 fa ff ff 8b 04 b5 e0 de 40 c1 <c7> 80 70 03 00 00 00 00 00 00 83 c8 ff 8d 65 f4 5b 5e 5f 5d c3 <0>Kernel panic - not syncing: Attempted to kill init! Signed-off-by:Chris Wright <chrisw@sous-sol.org> Signed-off-by:
-
Neil Brown authored
Both R1BIO_Barrier and R1BIO_Returned are 4 !!!! This means that barrier requests don't get returned (i.e. b_endio called) because it looks like they already have been. Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Anton Blanchard authored
We have noticed lockups during boot when stress testing kexec on ppc64. Two cpus would deadlock in scheduler code trying to grab already taken spinlocks. The double_rq_lock code uses the address of the runqueue to order the taking of multiple locks. This address is a per cpu variable: if (rq1 < rq2) { spin_lock(&rq1->lock); spin_lock(&rq2->lock); } else { spin_lock(&rq2->lock); spin_lock(&rq1->lock); } On the other hand, the code in wake_sleeping_dependent uses the cpu id order to grab locks: for_each_cpu_mask(i, sibling_map) spin_lock(&cpu_rq(i)->lock); This means we rely on the address of per cpu data increasing as cpu ids increase. While this will be true for the generic percpu implementation it may not be true for arch specific implementations. One way to solve this is to always take runqueues in cpu id order. To do this we add a cpu variable to the runqueue and check it in the double runqueue locking functions. Signed-off-by:Anton Blanchard <anton@samba.org> Acked-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Neil Horman authored
Fix a duplicate block device line printed after the "Block device" header in /proc/devices. Signed-off-by:
Neil Horman <nhorman@tuxdriver.com> Signed-off-by:
-
Joe Korty authored
Git patch 52dfa9a64cfb3dd01fa1ee1150d589481e54e28e [PATCH] move rtc_interrupt() prototype to rtc.h broke strace(1) builds. The below moves the kernel-only additions lower, under the already provided #ifdef __KERNEL__ statement. Signed-off-by:
-
Alasdair G Kergon authored
The code that handles bios that span table target boundaries by breaking them up into smaller bios will not split an individual struct bio_vec into more than two pieces. Sometimes more than that are required. This patch adds a loop to break the second piece up into as many pieces as are necessary. Cc: "Abhishek Gupta" <abhishekgupt@gmail.com> Cc: Dan Smith <danms@us.ibm.com> Signed-off-by:
Alasdair G Kergon <agk@redhat.com> Signed-off-by:
-
Latchesar Ionkov authored
If a file is not found in v9fs_vfs_lookup, the function creates negative dentry, but doesn't assign any dentry ops. This leaves the negative entry in the cache (there is no d_delete to mark it for removal). If the file is created outside of the mounted v9fs filesystem, the file shows up in the directory with weird permissions. This patch assigns the default v9fs dentry ops to the negative dentry. Signed-off-by:
Latchesar Ionkov <lucho@ionkov.net> Signed-off-by:
Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by:
-
Antonino A. Daplas authored
The console cursor can be called in atomic context. Change memory allocation to use the GFP_ATOMIC flag in i810fb_cursor(). Signed-off-by:
-
David S. Miller authored
The user can pass us arbitrary garbage so we should ensure the string they give us is null terminated before we pass it on to dev_get_by_index() et al. Found by Solar Designer. Signed-off-by:
-
Nathan Scott authored
[XFS] Check that a page has dirty buffers before finding it acceptable for rewrite clustering. This prevents writing excessive amounts of clean data when doing random rewrites of a cached file. Signed-off-by:
David Chinner <dgc@sgi.com> Signed-off-by:
Nathan Scott <nathans@sgi.com> Signed-off-by:
-
Greg Kroah-Hartman authored
As pointed out by Oliver Neukum. Cc: Maneesh Soni <maneesh@in.ibm.com> Cc: Oliver Neukum <oliver@neukum.org> Signed-off-by: -
Andrew Morton authored
Doing (int < NR_CPUS) doesn't dtrt if it's negative.. Signed-off-by:
-
Jeff Moyer authored
The fw_realloc_buffer routine does not handle an increase in buffer size of more than 4k. It's not clear to me why it expects that it will only get an extra 4k of data. The attached patch modifies fw_realloc_buffer to vmalloc as much memory as is requested, instead of what we previously had + 4k. I've tested this on my laptop, which would crash occaisionally on boot without the patch. With the patch, it hasn't crashed, but I can't be certain that this code path is exercised. Signed-off-by:
Jeff Moyer <jmoyer@redhat.com> Signed-off-by:
-
Greg Kroah-Hartman authored
When calling sysfs_remove_dir() don't allow any further sysfs functions to work for this kobject anymore. This fixes a nasty USB cdc-acm oops on disconnect. Many thanks to Bob Copeland and Paul Fulghum for taking the time to track this down. Cc: Bob Copeland <email@bobcopeland.com> Cc: Paul Fulghum <paulkf@microgate.com> Cc: Maneesh Soni <maneesh@in.ibm.com> Signed-off-by:
-
