- 16 Nov, 2007 40 commits
-
-
Roland Dreier authored
Upstream as 76d7cc03 Firmware commands are sent to the HCA by writing multiple words to a command register block. Access to this block of registers is serialized with a mutex. However, on large SGI systems, problems were seen with multiple CPUs issuing FW commands at the same time, because the writes to the register block may be reordered within the system interconnect and reach the HCA in a different order than they were issued (even with the mutex). Fix this by adding an mmiowb() before dropping the mutex. Tested-by:
Arthur Kepner <akepner@sgi.com> Signed-off-by:
Roland Dreier <rolandd@cisco.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Roland Dreier authored
Upstream as cbfb50e6 Commit 9ead190b ("IB/uverbs: Don't serialize with ib_uverbs_idr_mutex") rewrote how userspace objects are looked up in the uverbs module's idrs, and introduced a severe bug in the process: there is no checking that an operation is being performed by the right process any more. Fix this by adding the missing check of uobj->context in __idr_get_uobj(). Apparently everyone is being very careful to only touch their own objects, because this bug was introduced in June 2006 in 2.6.18, and has gone undetected until now. Signed-off-by:
-
Jean Delvare authored
Already in Linus' tree: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=889af3d5d9586db795a06c619e416b4baee11da8 A stupid bit shifting bug caused the VID value to be always exported even when the hardware is configured for something different. Signed-off-by:
Jean Delvare <khali@linux-fr.org> Signed-off-by:
Mark M. Hoffman <mhoffman@lightlink.com> Signed-off-by:
-
Jean Delvare authored
Already in Linus' tree: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b965d4b7f614522170af6a7e450be0333792ccd2 Missing parentheses in the definition of FAN_FROM_REG cause a division by zero for a specific register value. Signed-off-by:
Hans de Goede <j.w.r.degoede@hhs.nl> Signed-off-by:
-
Jean Delvare authored
Already in Linus' tree: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d58df9cd788e6fb4962e1c8d5ba7b8b95d639a44 The bank switching code assumes that the bank selector is set to 0 when the driver is loaded. This might not be the case. This is exactly the same bug as was fixed in the w83627ehf driver two months ago: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0956895aa6f8dc6a33210967252fd7787652537d In practice, this bug was causing the sensor thermal types to be improperly reported for my W83627THF the first time I was loading the w83627hf driver. From the driver history, I'd say that it has been broken since September 2005 (when we stopped resetting the chip by default at driver load.) Signed-off-by:
-
Jean Delvare authored
Already in Linus' tree: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c09c5184a26158da32801e89d5849d774605f0dd We need to read the fan clock dividers at initialization time, otherwise the code in store_fan_min() may use uninitialized values. That's pretty much the same bug and same fix as for the w83627ehf driver last month. Signed-off-by:
-
Dave Airlie authored
This is upstream as 54583bf4 Oops... Signed-off-by:
Dave Airlie <airlied@linux.ie> Signed-off-by:
-
Benjamin Herrenschmidt authored
Patch 4c2a54b0 in mailine. Current kernels have a non-working platinumfb due to some resource management issues. This fixes it. Signed-off-by:
Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by:
Paul Mackerras <paulus@samba.org> Signed-off-by:
-
Greg Kroah-Hartman authored
-
Marc Pignat authored
patch e0579d57 in mainline. The disconnect function can dereference the net_device structure when it is never allocated. This is the case when ejecting the device installer. Signed-off-by:
Marc Pignat <marc.pignat@hevs.ch> Acked-by:
Daniel Drake <dsd@gentoo.org> Signed-off-by:
John W. Linville <linville@tuxdriver.com> Signed-off-by:
-
Michael Wu authored
patch 98798f48 in mainline. The wrong pointer is passed to ieee80211_get_morefrag. Fix this. While we're at it, reorder things so they look better and the rts duration calculation is done with the right length. Thanks to Christoph Hellwig for finding the ieee80211_get_morefrag issue. Signed-off-by:
Michael Wu <flamingice@sourmilk.net> Signed-off-by:
-
Dan Williams authored
patch d20c678a in mainline ipw2100 wasn't sending WEXT scan events at all on scan completion. And like ipw2200, the driver aggressively auto-scans, requiring non-user-requested scan events to be batched together and sent at specific intervals instead of many times per seconds. Signed-off-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
-
John W. Linville authored
patch 3ba72b25 in mainline. skb->dev is not set until eth_type_trans is called... Signed-off-by:
-
Stephen Hemminger authored
patch ff35164e in mainline. Make sure PCI register for PHY power gets set correctly. Signed-off-by:
Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Stephen Hemminger authored
patch 295b54c4 in mainline. Make sure and not dump reserved areas of device space. Touching some of these causes machine check exceptions on boards like D-Link DGE-550SX. Coding note, used a complex switch statement rather than bitmap because it is easier to relate the block values to the documentation rather than looking at a encoded bitmask. Signed-off-by:
-
Stephen Hemminger authored
patch ab5adecb in mainline. The D-Link PCI-X board (and maybe others) can lie about status ring entries. It seems it will update the register for last status index before completing the DMA for the ring entry. To avoid reading stale data, zap the old entry and check. Signed-off-by:
Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Stephen Hemminger authored
patch 501fb72d in mainline. Change how PHY is managed on SysKonnect fibre based boards. Poll for PHY coming up 1 per second, but use interrupt to detect loss. Signed-off-by:
-
James Chapman authored
changeset 91781004 in mainline. [PPP]: L2TP: Fix oops in transmit and receive paths Changes made on 18-sep to fix skb handling in the pppol2tp driver broke the transmit and receive paths. Users are only running into this now because distros are now using 2.6.23 and I must have messed up when I tested the change. For receive, we now do our own calculation of how much to pull from the skb (variable length L2TP header) rather than using skb_transport_offset(). Also, if the skb isn't a data packet, it must be passed back to UDP with skb->data pointing to the UDP header. For transmit, make sure skb->sk is set up because ip_queue_xmit() needs it. Signed-off-by:
James Chapman <jchapman@katalix.com> Signed-off-by:
-
Michael Chan authored
patch 114342f2 in mainline. A performance regression was introduced by the following commit: commit ee6a99b5 Author: Michael Chan <mchan@broadcom.com> Date: Wed Jul 18 21:49:10 2007 -0700 [TG3]: Fix msi issue with kexec/kdump. In making that change, the PCI latency timer and cache line size registers were not restored after chip reset. On the 5705, the latency timer gets reset to 0 during chip reset and this causes very poor performance. Update version to 3.81.1 Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Ayaz Abdulla authored
patch 96fd4cd3 in mainline. Signed-off-by:
Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by:
Jeff Garzik <jgarzik@redhat.com> Signed-off-by:
-
Manfred Spraul authored
patch a7475906 in mainline. pci_enable_msi() replaces the INTx irq number in pci_dev->irq with the new MSI irq number. The forcedeth driver did not update the copy in netdevice->irq and parts of the driver used the stale copy. See bugzilla.kernel.org, bug 9047. The patch - updates netdevice->irq - replaces all accesses to netdevice->irq with pci_dev->irq. The patch is against 2.6.23.1. IMHO suitable for both 2.6.23 and 2.6.24 Signed-off-by:
Manfred Spraul <manfred@colorfullife.com> Signed-off-by:
-
Jan-Bernd Themann authored
based on 2c69448b in mainline. The current eHEA module compiled for 64K page kernels can not be loaded with insmod due to bad hypervisor call parameters. The patch is a subset of the follwing patch which has been applied for 2.6.24 upstream: http://www.spinics.net/lists/netdev/msg42814.htmlSigned-off-by:
Jan-Bernd Themann <themann@de.ibm.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Al Viro authored
patch 57077081 in mainline. wep->keytype[] is u8 Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Al Viro authored
based on patch 8362cd41 in mainline. domain->header.len is le16 and has just been assigned cpu_to_le16(arithmetical expression). And all fields of adapter->logmsg are __le32; not a single 16-bit among them... That's incremental to the previous one Signed-off-by:
-
Greg Kroah-Hartman authored
-
John W. Linville authored
patch 67a4cce4 in mainline. Some APs send management frames with junk padding after the last IE. We already account for a similar problem with some Apple Airport devices, but at least one device is known to send more than a single extra byte. The device in question is the Draytek Vigor2900: http://www.draytek.com.au/products/Vigor2900.php The junk in question looks like an IE that runs off the end of the frame. This cause us to return ParseFailed. Since the frame in question is an association response, this causes us to fail to associate with this AP. The return code from ieee802_11_parse_elems is superfluous. All callers still check for the presence of the specific IEs that interest them anyway. So, remove the return code so the parse never "fails". Acked-by:
-
John W. Linville authored
patch d114f399 in mainline. The previous IW_SCAN_THIS_ESSID patch left a hole allowing scan requests on interfaces in inappropriate modes. Signed-off-by:
-
Bill Moss authored
patch 107acb23 in mainline. This patch fixes the problem of associating with wpa_secured hidden AP. Please try out. The original author of this patch is Bill Moss <bmoss@clemson.edu> Signed-off-by:
Abhijeet Kolekar <abhijeet.kolekar@intel.com> Signed-off-by:
-
John W. Linville authored
patch cffdd30d in mainline. Some AP equipment "in the wild" services multiple SSIDs using the same BSSID. This patch changes the key of sta_bss_list to include the SSID as well as the BSSID and the channel so as to prevent one SSID from eclipsing another SSID with the same BSSID. Signed-off-by:
-
John W. Linville authored
patch 65c107ab in mainline. Some AP equipment "in the wild" uses the same BSSID on multiple channels (particularly "a" vs. "b/g"). This patch changes the key of sta_bss_list to include both the BSSID and the channel so as to prevent a BSSID on one channel from eclipsing the same BSSID on another channel. Signed-off-by:
-
Johannes Berg authored
patch 1dd84aa2 in mainline. There's no reason to warn about an invalid AID field when the association was denied. Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Acked-by:
-
Johannes Berg authored
patch e797aa1b in mainline. The commit 65b6a277 titled "ieee80211: Fix header->qos_ctl endian issue" *introduced* an endianness bug. Partially revert it. Signed-off-by:
-
Jozsef Kadlecsik authored
Upstream commits: 17311393 + bc34b841 merged together. Merge done by Patrick McHardy <kaber@trash.net> [NETFILTER]: nf_conntrack_tcp: fix connection reopening With your description I could reproduce the bug and actually you were completely right: the code above is incorrect. Somehow I was able to misread RFC1122 and mixed the roles :-(: When a connection is >>closed actively<<, it MUST linger in TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime). However, it MAY >>accept<< a new SYN from the remote TCP to reopen the connection directly from TIME-WAIT state, if it: [...] The fix is as follows: if the receiver initiated an active close, then the sender may reopen the connection - otherwise try to figure out if we hold a dead connection. Signed-off-by:
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Tested-by:
Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Patrick McHardy authored
[NETLINK]: Fix unicast timeouts [ Upstream commit: c3d8d1e3 ] Commit ed6dcf4a in the history.git tree broke netlink_unicast timeouts by moving the schedule_timeout() call to a new function that doesn't propagate the remaining timeout back to the caller. This means on each retry we start with the full timeout again. ipc/mqueue.c seems to actually want to wait indefinitely so this behaviour is retained. Signed-off-by:
-
Herbert Xu authored
[IPSEC]: Fix crypto_alloc_comp error checking [ Upstream commit: 4999f362 ] The function crypto_alloc_comp returns an errno instead of NULL to indicate error. So it needs to be tested with IS_ERR. This is based on a patch by Vicenç Beltran Querol. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Patrick McHardy authored
patch fffe470a in mainline. [VLAN]: Fix SET_VLAN_INGRESS_PRIORITY_CMD ioctl Based on report and patch by Doug Kehn <rdkehn@yahoo.com>: vconfig returns the following error when attempting to execute the set_ingress_map command: vconfig: socket or ioctl error for set_ingress_map: Operation not permitted In vlan.c, vlan_ioctl_handler for SET_VLAN_INGRESS_PRIORITY_CMD sets err = -EPERM and calls vlan_dev_set_ingress_priority. vlan_dev_set_ingress_priority is a void function so err remains at -EPERM and results in the vconfig error (even though the ingress map was set). Fix by setting err = 0 after the vlan_dev_set_ingress_priority call. Signed-off-by:
-
Patrick McHardy authored
patch d932e04a in mainline. [PATCH] [VLAN]: Don't synchronize addresses while the vlan device is down While the VLAN device is down, the unicast addresses are not configured on the underlying device, so we shouldn't attempt to sync them. Noticed by Dmitry Butskoy <buc@odusz.so-cdu.ru> Signed-off-by:
-
Radu Rendec authored
changeset 543821c6 in mainline. [PKT_SCHED] CLS_U32: Fix endianness problem with u32 classifier hash masks. While trying to implement u32 hashes in my shaping machine I ran into a possible bug in the u32 hash/bucket computing algorithm (net/sched/cls_u32.c). The problem occurs only with hash masks that extend over the octet boundary, on little endian machines (where htonl() actually does something). Let's say that I would like to use 0x3fc0 as the hash mask. This means 8 contiguous "1" bits starting at b6. With such a mask, the expected (and logical) behavior is to hash any address in, for instance, 192.168.0.0/26 in bucket 0, then any address in 192.168.0.64/26 in bucket 1, then 192.168.0.128/26 in bucket 2 and so on. This is exactly what would happen on a big endian machine, but on little endian machines, what would actually happen with current implementation is 0x3fc0 being reversed (into 0xc03f0000) by htonl() in the userspace tool and then applied to 192.168.x.x in the u32 classifier. When shifting right by 16 bits (rank of first "1" bit in the reversed mask) and applying the divisor mask (0xff for divisor 256), what would actually remain is 0x3f applied on the "168" octet of the address. One could say is this can be easily worked around by taking endianness into account in userspace and supplying an appropriate mask (0xfc03) that would be turned into contiguous "1" bits when reversed (0x03fc0000). But the actual problem is the network address (inside the packet) not being converted to host order, but used as a host-order value when computing the bucket. Let's say the network address is written as n31 n30 ... n0, with n0 being the least significant bit. When used directly (without any conversion) on a little endian machine, it becomes n7 ... n0 n8 ..n15 etc in the machine's registers. Thus bits n7 and n8 would no longer be adjacent and 192.168.64.0/26 and 192.168.128.0/26 would no longer be consecutive. The fix is to apply ntohl() on the hmask before computing fshift, and in u32_hash_fold() convert the packet data to host order before shifting down by fshift. With helpful feedback from Jamal Hadi Salim and Jarek Poplawski. Signed-off-by:
-
Evgeniy Polyakov authored
[PKT_SCHED]: Fix OOPS when removing devices from a teql queuing discipline [ Upstream commit: 4f9f8311 ] tecl_reset() is called from deactivate and qdisc is set to noop already, but subsequent teql_xmit does not know about it and dereference private data as teql qdisc and thus oopses. not catch it first :) Signed-off-by:
Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by:
-
David Miller authored
patch bf3c23d1 in mainline. [NET]: Fix error reporting in sys_socketpair(). If either of the two sock_alloc_fd() calls fail, we forget to update 'err' and thus we'll erroneously return zero in these cases. Based upon a report and patch from Rich Paul, and commentary from Chuck Ebbert. Signed-off-by:
-
