- 25 Jul, 2006 30 commits
-
-
Takashi Iwai authored
Fix 64bit address of MPU401 MMIO port on au88x0 chip. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Herbert Xu authored
This bug was unknowingly fixed the GSO patches (or rather, its effect was unknown at the time). Thanks to Marco Berizzi's persistence which is documented in the thread "ipsec tunnel asymmetrical mtu", we now know that it can have highly non-obvious symptoms. What happens is that uninitialised uso_size fields can cause packets to be incorrectly identified as UFO, which means that it does not get fragmented even if it's over the MTU. The fix is simple enough. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Andrew Morton authored
The recent generic_file_write() deadlock fix caused generic_file_buffered_write() to loop inifinitely when presented with a zero-length iovec segment. Fix. Note that this fix deliberately avoids calling ->prepare_write(), ->commit_write() etc with a zero-length write. This is because I don't trust all filesystems to get that right. This is a cautious approach, for 2.6.17.x. For 2.6.18 we should just go ahead and call ->prepare_write() and ->commit_write() with the zero length and fix any broken filesystems. So I'll make that change once this code is stabilised and backported into 2.6.17.x. The reason for preferring to call ->prepare_write() and ->commit_write() with the zero-length segment: a zero-length segment _should_ be sufficiently uncommon that this is the correct way of handling it. We don't want to optimise for poorly-written userspace at the expense of well-written userspace. Cc: "Vladimir V. Saveliev" <vs@namesys.com> Cc: Neil Brown <neilb@suse.de> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Greg KH <greg@kroah.com> Cc: <stable@kernel.org> Cc: walt <wa1ter@myrealbox.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
-
Vladimir V. Saveliev authored
generic_file_buffered_write() prefaults in user pages in order to avoid deadlock on copying from the same page as write goes to. However, it looks like there is a problem when write is vectored: fault_in_pages_readable brings in current segment or its part (maxlen). OTOH, filemap_copy_from_user_iovec is called to copy number of bytes (bytes) which may exceed current segment, so filemap_copy_from_user_iovec switches to the next segment which is not brought in yet. Pagefault is generated. That causes the deadlock if pagefault is for the same page write goes to: page being written is locked and not uptodate, pagefault will deadlock trying to lock locked page. [akpm@osdl.org: somewhat rewritten] Cc: Neil Brown <neilb@suse.de> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: <stable@kernel.org> Signed-off-by:
-
Ian Abbott authored
This patch limits the amount of outstanding 'write' data that can be queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or simple accidents) that use up all the system memory by writing lots of data to the serial port. The original patch was by Guillaume Autran, who in turn based it on the same mechanism implemented in the 'visor' driver. I (Ian Abbott) re-targeted the patch to the latest sources, fixed a couple of errors, renamed his new structure members, and updated the implementations of the 'write_room' and 'chars_in_buffer' methods to take account of the number of outstanding 'write' bytes. It seems to work fine, though at low baud rates it is still possible to queue up an amount of data that takes an age to shift (a job for another day!). Signed-off-by:
Ian Abbott <abbotti@mev.co.uk> Signed-off-by:
-
Jens Axboe authored
Several issues noticed/fixed: - We cannot reliably block in link_pipe() while holding both input and output mutexes. So do preparatory checks before locking down both mutexes and doing the link. - The ipipe->nrbufs vs i check was bad, because we could have dropped the ipipe lock in-between. This causes us to potentially look at unknown buffers if we were racing with someone else reading this pipe. Signed-off-by:
Jens Axboe <axboe@suse.de> Signed-off-by:
-
Jens Axboe authored
The code really means to mask off the high bits, not assign 0xff. Signed-off-by:
-
Randy Dunlap authored
[CPUFREQ] Fix powernow-k8 SMP kernel on UP hardware bug. Fix powernow-k8 doesn't load bug. Reference: https://launchpad.net/distros/ubuntu/+source/linux-source-2.6.15/+bug/35145Signed-off-by:
Ben Collins <bcollins@ubuntu.com> Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
-
Dave Jones authored
[CPUFREQ] Make powernow-k7 work on SMP kernels. Even though powernow-k7 doesn't work in SMP environments, it can work on an SMP configured kernel if there's only one CPU present, however recalibrate_cpu_khz was returning -EINVAL on such kernels, so we failed to init the cpufreq driver. Signed-off-by:
-
Michael Krufky authored
This patch adds support for the new revision of the DViCO FusionHDTV DVB-T Lite, based on the zl10353 demod instead of mt352. Both mt352 and zl10353 revisions of this card have the same PCI subsystem ID. Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Acked-by:
Chris Pascoe <c.pascoe@itee.uq.edu.au> Acked-by:
Manu Abraham <manu@linuxtv.org> Signed-off-by:
-
Andrew de Quincey authored
This patch prevents the stradis driver from breaking all other saa7146 devices by removing the autodetection based on PCI subsystem ID 0000:0000 (no eeprom). Users that want to use the stradis driver will have to manually insert the module, or specify it in modprobe.conf Signed-off-by:
Andrew de Quincey <adq_dvb@lidskialf.net> Signed-off-by:
-
Oliver Endriss authored
Backport the budget driver DISEQC instability fix. Signed-off-by:
Oliver Endriss <o.endriss@gmx.de> Signed-off-by:
-
Andrew de Quincey authored
Backport the DISEQC regression fix to 2.6.17.x Signed-off-by:
-
Andrew de Quincey authored
Backport fix to artec USB DVB devices Signed-off-by:
-
Thomas Graf authored
"return -err" and blindly inheriting the error code in the netlink failure exception handler causes errors codes to be returned as positive value therefore making them being ignored by the caller. May lead to sending out incomplete netlink messages. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
-
Thomas Graf authored
Return ENOENT if action module is unavailable Signed-off-by:
-
Thomas Graf authored
The TCA_ACT_KIND attribute is used without checking its availability when dumping actions therefore leading to a value of 0x4 being dereferenced. The use of strcmp() in tc_lookup_action_n() isn't safe when fed with string from an attribute without enforcing proper NUL termination. Both bugs can be triggered with malformed netlink message and don't require any privileges. Signed-off-by:
-
Michael Krufky authored
This Kconfig description is incorrect, due to a previous merge a while back. CONFIG_SAA711X builds module saa7115, which is the newer v4l2 module, and is not obsoleted. Signed-off-by:
-
Willy Tarreau authored
The function pointers which were checked were for their get_* counterparts. Typically a copy-paste typo. Signed-off-by:
Willy Tarreau <w@1wt.eu> Acked-by:
Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Francois Romieu authored
via-velocity: the link is not correctly detected when the device starts The patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=6711Signed-off-by:
Roy Marples <uberlord@gentoo.org> Signed-off-by:
Francois Romieu <romieu@fr.zoreil.com> Signed-off-by:
-
Bob Moore authored
As detailed at http://bugs.gentoo.org/131534 : 2.6.16 converted many ACPI debug messages into error or warning messages. One extraneous message was incorrectly converted, resulting in logs being flooded by "Handle is NULL and Pathname is relative" messages on some systems. This patch (part of a larger ACPICA commit) converts the message back to debug level. Signed-off-by:
Daniel Drake <dsd@gentoo.org> Signed-off-by:
-
Andrew Morton authored
Suppress the "setup_irq: irq handler mismatch" coming out of pnp_check_irq(): failures are expected here. Cc: Santiago Garcia Mantinan <manty@manty.net> Signed-off-by:
-
Andrew de Quincey authored
The original driver had a restriction that if a card as an saa7113 chip, then it cannot have a CI interface. This is not the case. Signed-off-by:
-
Andrew de Quincey authored
These cards do not need the tda10021 configuration change when data is streamed through a CAM module. This disables it for these ones. Signed-off-by:
-
Andrew de Quincey authored
The budget-av needs this GPIO set low for most cards to work. Signed-off-by:
-
Yasunori Goto authored
Memory hotplug code of i386 adds memory to only highmem. So, if CONFIG_HIGHMEM is not set, CONFIG_MEMORY_HOTPLUG shouldn't be set. Otherwise, it causes compile error. In addition, many architecture can't use memory hotplug feature yet. So, I introduce CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG. Signed-off-by:
Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by:
-
Andi Kleen authored
This fixes some OOMs on 64bit systems with <4GB of RAM when accessing the cdrom. Do a safer check for when to enable DMA. Currently we enable ISA DMA for cases that do not need it, resulting in OOM conditions when ZONE_DMA runs out of space. Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
Piotr Kaczuba authored
It turned out that the following change is needed when the speaker is compiled as a module. Signed-off-by:
-
Michael S. Tsirkin authored
mthca does not restore the following PCI-X/PCI Express registers after reset: PCI-X device: PCI-X command register PCI-X bridge: upstream and downstream split transaction registers PCI Express : PCI Express device control and link control registers This causes instability and/or bad performance on systems where one of these registers is set to a non-default value by BIOS. Signed-off-by:
Michael S. Tsirkin <mst@mellanox.co.il> Signed-off-by:
-
Mandy Kirkconnell authored
Fix nused counter. It's currently getting set to -1 rather than getting decremented by 1. Since nused never reaches 0, the "if (!free->hdr.nused)" check in xfs_dir2_leafn_remove() fails every time and xfs_dir2_shrink_inode() doesn't get called when it should. This causes extra blocks to be left on an empty directory and the directory in unable to be converted back to inline extent mode. Signed-off-by:
Mandy Kirkconnell <alkirkco@sgi.com> Signed-off-by:
Nathan Scott <nathans@sgi.com> Signed-off-by:
-
- 15 Jul, 2006 4 commits
-
-
Greg Kroah-Hartman authored
-
Linus Torvalds authored
Relax /proc fix a bit Clearign all of i_mode was a bit draconian. We only really care about S_ISUID/ISGID, after all. Signed-off-by:
-
Greg Kroah-Hartman authored
-
Linus Torvalds authored
Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by:
-
- 06 Jul, 2006 2 commits
-
-
Greg Kroah-Hartman authored
-
Greg Kroah-Hartman authored
Based on a patch from Ernie Petrides During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. Signed-off-by:
-
- 30 Jun, 2006 4 commits
-
-
Chris Wright authored
-
Patrick McHardy authored
When a packet without any chunks is received, the newconntrack variable in sctp_packet contains an out of bounds value that is used to look up an pointer from the array of timeouts, which is then dereferenced, resulting in a crash. Make sure at least a single chunk is present. Problem noticed by George A. Theall <theall@tenablesecurity.com> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Chris Wright authored
-
Richard Purdie authored
Input: return correct size when reading modalias attribute Signed-off-by:
Richard Purdie <rpurdie@rpsys.net> Signed-off-by:
Dmitry Torokhov <dtor@mail.ru> Signed-off-by:
-
