- 23 May, 2006 20 commits
-
-
Patrick McHardy authored
When parsing unknown sequence extensions the "son"-pointer points behind the last known extension for this type, don't try to interpret it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
The condition "> H323_ERROR_STOP" can never be true since H323_ERROR_STOP is positive and is the highest possible return code, while real errors are negative, fix the checks. Also only abort on real errors in some spots that were just interpreting any return value != 0 as error. Fixes crashes caused by use of stale data after a parsing error occured: BUG: unable to handle kernel paging request at virtual address bfffffff printing eip: c01aa0f8 *pde = 1a801067 *pte = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: ip_nat_h323 ip_conntrack_h323 nfsd exportfs sch_sfq sch_red cls_fw sch_hfsc xt_length ipt_owner xt_MARK iptable_mangle nfs lockd sunrpc pppoe pppoxx CPU: 0 EIP: 0060:[<c01aa0f8>] Not tainted VLI EFLAGS: 00210646 (2.6.17-rc4 #8) EIP is at memmove+0x19/0x22 eax: d77264e9 ebx: d77264e9 ecx: e88d9b17 edx: d77264e9 esi: bfffffff edi: bfffffff ebp: de6a7680 esp: c0349db8 ds: 007b es: 007b ss: 0068 Process asterisk (pid: 3765, threadinfo=c0349000 task=da068540) Stack: <0>00000006 c0349e5e d77264e3 e09a2b4e e09a38a0 d7726052 d7726124 00000491 00000006 00000006 00000006 00000491 de6a7680 d772601e d7726032 c0349f74 e09a2dc2 00000006 c0349e5e 00000006 00000000 d76dda28 00000491 c0349f74 Call Trace: [<e09a2b4e>] mangle_contents+0x62/0xfe [ip_nat] [<e09a2dc2>] ip_nat_mangle_tcp_packet+0xa1/0x191 [ip_nat] [<e0a2712d>] set_addr+0x74/0x14c [ip_nat_h323] [<e0ad531e>] process_setup+0x11b/0x29e [ip_conntrack_h323] [<e0ad534f>] process_setup+0x14c/0x29e [ip_conntrack_h323] [<e0ad57bd>] process_q931+0x3c/0x142 [ip_conntrack_h323] [<e0ad5dff>] q931_help+0xe0/0x144 [ip_conntrack_h323] ... Found by the PROTOS c07-h2250v4 testsuite. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mauro Carvalho Chehab authored
Those functions don't exist on PPC64 architecture. Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
-
Jean Delvare authored
reference to .init.text: from .text between 'dvb_bt8xx_probe' (at offset 0x122c) and 'dvb_bt8xx_remove' reference to .init.text: from .text between 'dvb_bt8xx_probe' (at offset 0x1267) and 'dvb_bt8xx_remove' Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
-
Manu Abraham authored
Ref: Bugzilla 6179, 6589 Signed-off-by: Manu Abraham <manu@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
-
Adrian Bunk authored
If CONFIG_VIDEO_DEV=m and CONFIG_VIDEO_V4L1_COMPAT=y, v4l1-compat should be built as a module (currently, it isn't built at all leading to problems with modules using it). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC64]: Respect gfp_t argument to dma_alloc_coherent().
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NETFILTER]: SNMP NAT: fix memory corruption [IRDA]: fixup type of ->lsap_state [IRDA]: fix 16/32 bit confusion [NET]: Fix "ntohl(ntohs" bugs [BNX2]: Use kmalloc instead of array [BNX2]: Fix bug in bnx2_nvram_write() [TG3]: Add some missing rx error counters
-
Jens Axboe authored
While executing barrrier sequence, the bar_rq which carries actual write was accounted as normal IO on completion, while it wasn't on queueing. This caused gendisk->in_flight to be decremented by 1 after each barrier thus messed up statistics. This patch makes bar_rq not accounted as normal IO. As the containing barrier request as a whole is accounted, part of it shouldn't be. Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jens Axboe <axboe@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David Woodhouse authored
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Paul Mackerras <paulus@samba.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David Woodhouse authored
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Paul Mackerras <paulus@samba.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David Woodhouse authored
Syscall number 224 was absent from the table, which I believe means that the SPU can cause an oops by attempting to use it. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Paul Mackerras <paulus@samba.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Florin Malita authored
If the skb allocation fails, the current error path calls dev_kfree_skb_irq() with a NULL argument. Also, 'err' is not being used. Coverity CID: 275. Signed-off-by: Florin Malita <fmalita@gmail.com> Cc: "John W. Linville" <linville@tuxdriver.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Pavel Machek authored
Writing cr0 to cr2 register can't be right. This fixes the typo. I wonder how it could survive so long. Signed-off-by: Pavel Machek <pavel@suse.cz> Cc: Zachary Amsden <zach@vmware.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Tobias Powalowski authored
We still don't have the tty layer licensing compatibility quite right. tty_insert_flip_char() used to be inlined in include/linux/tty_flip.h. It is now out-of-lined and hence needs EXPORT_SYMBOL() to be back-compatible. One known offender is the Intel Modem driver. Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
NeilBrown authored
Else a subsequent bio_clone might make a mess. Signed-off-by: Neil Brown <neilb@suse.de> Cc: "Don Dupuis" <dondster@gmail.com> Acked-by: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
NeilBrown authored
This loop that sets up the hash_table has problems. Careful examination will show that the last time through, everything but the first line is pointless. This is because all it does is change 'cur' and 'size' and neither of these are used after the loop. This should ring warning bells... That last time through the loop, size += conf->strip_zone[cur].size can index off the end of the strip_zone array. Depending on what it finds there, it might exit the loop cleanly, or it might spin going further and further beyond the array until it hits an unmapped address. This patch rearranges the code so that the last, pointless, iteration of the loop never happens. i.e. the one statement of the last loop that is needed is moved the the end of the previous loop - or to before the loop starts - and the loop counter starts from 1 instead of 0. Cc: "Don Dupuis" <dondster@gmail.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
NeilBrown authored
Both cause the 'entries' count in the export cache to be non-zero at module removal time, so unregistering that cache fails and results in an oops. 1/ exp_pseudoroot (used for NFSv4 only) leaks a reference to an export entry. 2/ sunrpc_cache_update doesn't increment the entries count when it adds an entry. Thanks to "david m. richter" <richterd@citi.umich.edu> for triggering the problem and finding one of the bugs. Cc: "david m. richter" <richterd@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
These flags are needed by userspace - move them outside __KERNEL__ (Pointed out by dwmw2) Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David S. Miller authored
Using asm-generic/dma-mapping.h does not work because pushing the call down to pci_alloc_coherent() causes the gfp_t argument of dma_alloc_coherent() to be ignored. Fix this by implementing things directly, and adding a gfp_t argument we can use in the internal call down to the PCI DMA implementation of pci_alloc_coherent(). This fixes massive memory corruption when using the sound driver layer, which passes things like __GFP_COMP down into these routines and (correctly) expects that to work. Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 22 May, 2006 11 commits
-
-
Patrick McHardy authored
Fix memory corruption caused by snmp_trap_decode: - When snmp_trap_decode fails before the id and address are allocated, the pointers contain random memory, but are freed by the caller (snmp_parse_mangle). - When snmp_trap_decode fails after allocating just the ID, it tries to free both address and ID, but the address pointer still contains random memory. The caller frees both ID and random memory again. - When snmp_trap_decode fails after allocating both, it frees both, and the callers frees both again. The corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. Found by multiple testcases of the trap-app and trap-enc groups of the PROTOS c06-snmpv1 testsuite. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexey Dobriyan authored
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexey Dobriyan authored
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexey Dobriyan authored
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Use kmalloc() instead of a local array in bnx2_nvram_write(). Update version to 1.4.40. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Fix a bug in bnx2_nvram_write() caused by a counter variable not correctly incremented by 4. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Add some missing rx error counters for 5705 and newer chips. Update version to 3.58. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andrew Morton authored
FATAL: modpost: GPL-incompatible module sunsu uses the GPL-only symbol tty_insert_flip_string_flags Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
This reverts commit 5ce74abe (and its dependent commit 8a5bc075), because of audio underruns. Reported by Rene Herman <rene.herman@keyaccess.nl>, who also pinpointed the exact cause of the underruns: "Audio underruns galore, with only ogg123 and firefox (browsing the GIT tree online is also a nice trigger by the way). If I back it out, everything is fine for me again." Cc: Rene Herman <rene.herman@keyaccess.nl> Cc: Mike Galbraith <efault@gmx.de> Acked-by: Con Kolivas <kernel@kolivas.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/mchehab/v4l-dvb: (33 commits) V4L/DVB (3965): Fix CONFIG_VIDEO_VIVI=y build bug V4L/DVB (3964): Bt8xx/bttv-cards.c: fix off-by-one errors V4L/DVB (3914): Vivi build fix V4L/DVB (3912): Sparc32 vivi fix V4L/DVB (3832): Get_dvb_firmware: download nxt2002 firmware from new driver location V4L/DVB (3829): Fix frequency values in the ranges structures of the LG TDVS H06xF tuners V4L/DVB (3826): Saa7134: Missing 'break' in Terratec Cinergy 400 TV initialization V4L/DVB (3825): Remove broken 'fast firmware load' from cx25840. V4L/DVB (3819): Cxusb-bluebird: bug-fix: power down corrupts frontend V4L/DVB (3813): Add support for TCL M2523_5N_E tuner. V4L/DVB (3804): Tweak bandselect setup fox cx24123 V4L/DVB (3803): Various correctness fixes to tuning. V4L/DVB (3797): Always wait for diseqc queue to become ready before transmitting a diseqc message V4L/DVB (3796): Add several debug messages to cx24123 code V4L/DVB (3795): Fix for CX24123 & low symbol rates V4L/DVB (3792): Kbuild: DVB_BT8XX must select DVB_ZL10353 V4L/DVB (3790): Use after free in drivers/media/video/em28xx/em28xx-video.c V4L/DVB (3788): Fix compilation with V4L1_COMPAT V4L/DVB (3782): Removed uneeded stuff from pwc Makefile V4L/DVB (3775): Add VIVI Kconfig stuff ...
-
- 21 May, 2006 9 commits
-
-
Andrew Morton authored
WARNING: sound/oss/ad1848.o - Section mismatch: reference to .init.data:ad1848_isapnp_list from .text between 'ad1848_init_generic' (at offset 0x46f0) and 'kmalloc' WARNING: sound/oss/ad1848.o - Section mismatch: reference to .init.data:ad1848_isapnp_list from .text between 'ad1848_init_generic' (at offset 0x46f8) and 'kmalloc' WARNING: sound/oss/ad1848.o - Section mismatch: reference to .init.data:ad1848_isapnp_list from .text between 'ad1848_init_generic' (at offset 0x4818) and 'kmalloc' Also, sound/oss/ad1848.c: In function `ad1848_init': sound/oss/ad1848.c:2029: warning: cast to pointer from integer of different size sound/oss/ad1848.c: In function `ad1848_unload': sound/oss/ad1848.c:2178: warning: cast to pointer from integer of different size sound/oss/ad1848.c: In function `adintr': sound/oss/ad1848.c:2207: warning: cast from pointer to integer of different size Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
WARNING: sound/oss/nm256_audio.o - Section mismatch: reference to .init.text:nm256_peek_for_sig from .text between 'nm256_install' (at offset 0x3ba4) and 'nm256_probe' WARNING: sound/oss/nm256_audio.o - Section mismatch: reference to .init.text:nm256_peek_for_sig from .text between 'nm256_install' (at offset 0x3bac) and 'nm256_probe' WARNING: sound/oss/nm256_audio.o - Section mismatch: reference to .init.text: from .text between 'nm256_install' (at offset 0x3dcc) and 'nm256_probe' WARNING: sound/oss/nm256_audio.o - Section mismatch: reference to .init.text: from .text between 'nm256_install' (at offset 0x3dd0) and 'nm256_probe' Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
sound/isa/es18xx.c: In function `snd_es18xx_identify': sound/isa/es18xx.c:1606: warning: implicit declaration of function `udelay' Cc: Jaroslav Kysela <perex@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
WARNING: sound/drivers/mpu401/snd-mpu401.o - Section mismatch: reference to .init.text: from .text between 'snd_mpu401_pnp_probe' (at offset 0x1f7) and 'snd_mpu401_pnp_remove' Cc: Jaroslav Kysela <perex@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_fix_offsets' (at offset 0x1b88) and 'i810_alloc_agp_mem' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_fix_offsets' (at offset 0x1b8f) and 'i810_alloc_agp_mem' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_fix_offsets' (at offset 0x1ba3) and 'i810_alloc_agp_mem' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_fix_offsets' (at offset 0x1bb5) and 'i810_alloc_agp_mem' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_fix_offsets' (at offset 0x1bc6) and 'i810_alloc_agp_mem' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_init_defaults' (at offset 0x1dd8) and 'i810_init_device' WARNING: drivers/video/i810/i810fb.o - Section mismatch: reference to .init.data: from .text between 'i810_init_defaults' (at offset 0x1dfb) and 'i810_init_device' Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andrew Morton authored
WARNING: drivers/pcmcia/pd6729.o - Section mismatch: reference to .init.text: from .text between 'pd6729_pci_probe' (at offset 0x9a8) and 'pd6729_pci_remove' Cc: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bob Picco authored
Andy added code to buddy allocator which does not require the zone's endpoints to be aligned to MAX_ORDER. An issue is that the buddy allocator requires the node_mem_map's endpoints to be MAX_ORDER aligned. Otherwise __page_find_buddy could compute a buddy not in node_mem_map for partial MAX_ORDER regions at zone's endpoints. page_is_buddy will detect that these pages at endpoints are not PG_buddy (they were zeroed out by bootmem allocator and not part of zone). Of course the negative here is we could waste a little memory but the positive is eliminating all the old checks for zone boundary conditions. SPARSEMEM won't encounter this issue because of MAX_ORDER size constraint when SPARSEMEM is configured. ia64 VIRTUAL_MEM_MAP doesn't need the logic either because the holes and endpoints are handled differently. This leaves checking alloc_remap and other arches which privately allocate for node_mem_map. Signed-off-by: Bob Picco <bob.picco@hp.com> Acked-by: Mel Gorman <mel@csn.ul.ie> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Kroah-Hartman authored
People don't like released kernels yelling at them, no matter how real the error might be. So only report it if CONFIG_KOBJECT_DEBUG is enabled. Sent on request of Andrew Morton. (akpm: should bring this back post-2.6.17) Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Alessandro Zummo authored
Appropriately use -ENOIOCTLCMD and -ENOTTY when the ioctl is not implemented by a driver. (akpm: we're not allowed to return -ENOIOCTLCMD to userspace. This patch does the right thing). Signed-off-by: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-