1. 21 Nov, 2007 21 commits
    • Karsten Keil's avatar
      i4l: fix random freezes with AVM B1 drivers · d1eb63c3
      Karsten Keil authored
      patch 9713d9e6 in mainline.
      
      This fix the same issue which was debbuged for the C4 controller for the B1
      versions.
      
      The capilib_ function modify or traverse a linked list without locking.
      
      This patch extends the existing locking to the calls of these function to
      prevent access to a list which is in the middle of a modification.
      Signed-off-by: default avatarKarsten Keil <kkeil@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      d1eb63c3
    • Karsten Keil's avatar
      i4l: Fix random hard freeze with AVM c4 card · 0778a897
      Karsten Keil authored
      patch 1ccfd633 in mainline.
      
      The patch
      - Includes the call to capilib_data_b3_req in the spinlock. This routine
        in turn calls the offending mq_enqueue routine that triggered the
        freeze if not locked.  This should also fix other indicators of
        incosistent capilib_msgidqueue list, that trigger messages like:
        Oct  5 03:05:57 BERL0 kernel: kcapi: msgid 3019 ncci 0x30301 not on queue
        that we saw several times a day (usually several in a row).
      - Fixes all occurrences of c4_dispatch_tx to be called with active
        spinlock, there were some instances where no lock was active. Mostly
        these are in very infrequently called routines, so the additional
        performance penalty is minimal.
      Signed-off-by: default avatarKarsten Keil <kkeil@suse.de>
      Signed-off-by: default avatarRainer Brestan <rainer.brestan@frequentis.com>
      Signed-off-by: default avatarRalf Schlatterbeck <rsc@runtux.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      0778a897
    • Alan Stern's avatar
      USB: mutual exclusion for EHCI init and port resets · 0afc57fe
      Alan Stern authored
      patch 32fe0198 in mainline.
      
      This patch (as999) fixes a problem that sometimes shows up when host
      controller driver modules are loaded in the wrong order.  If ehci-hcd
      happens to initialize an EHCI controller while the companion OHCI or
      UHCI controller is in the middle of a port reset, the reset can fail
      and the companion may get very confused.  The patch adds an
      rw-semaphore and uses it to keep EHCI initialization and port resets
      mutually exclusive.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Acked-by: default avatarDavid Brownell <david-b@pacbell.net>
      Cc: David Miller <davem@davemloft.net>
      Cc: Dely L Sy <dely.l.sy@intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      0afc57fe
    • Jiri Kosina's avatar
      USB: usbserial - fix potential deadlock between write() and IRQ · 12a24531
      Jiri Kosina authored
      patch acd2a847 in mainline.
      
      USB: usbserial - fix potential deadlock between write() and IRQ
      
      usb_serial_generic_write() doesn't disable interrupts when taking port->lock,
      and could therefore deadlock with usb_serial_generic_read_bulk_callback()
      being called from interrupt, taking the same lock. Fix it.
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Acked-by: default avatarLarry Finger <larry.finger@lwfinger.net>
      Cc: Marcin Slusarz <marcin.slusarz@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      12a24531
    • Frank Seidel's avatar
      USB: kobil_sct: trivial backport to fix libct · 9c560a68
      Frank Seidel authored
      Backport of a patch by Alan Cox <alan@lxorguk.ukuu.org.uk> in the kernel tree
      with commit 94d0f7ea
      
      Original comments:
      	USB: kobil_sct: Rework driver
      
      	No hardware but this driver is currently totally broken so we can't make
      	it much worse. Remove all tbe broken invalid termios handling and replace
      	it with a proper set_termios method.
      
      Frank's comments:
      	Without this patch the userspace libct (to access the cardreader)
      	segfaults.
      Signed-off-by: default avatarFrank Seidel <fseidel@suse.de>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      9c560a68
    • HighPoint Linux Team's avatar
      hptiop: avoid buffer overflow when returning sense data · dd2ee9fb
      HighPoint Linux Team authored
      patch 0fec02c9 in mainline.
      
      avoid buffer overflow when returning sense data.
      
      With current adapter firmware the driver is working but future firmware
      updates may return sense data larger than 96 bytes, causing overflow on
      scp->sense_buffer and a kernel crash.
      
      This fix should be backported to earlier kernels.
      Signed-off-by: default avatarHighPoint Linux Team <linux@highpoint-tech.com>
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@steeleye.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Acked-by: default avatarMatthew Wilcox <willy@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      dd2ee9fb
    • Manfred Spraul's avatar
      forcedeth msi bugfix · 5120a468
      Manfred Spraul authored
      patch a7475906 in mainline.
      
      pci_enable_msi() replaces the INTx irq number in pci_dev->irq with the
      new MSI irq number.
      The forcedeth driver did not update the copy in netdevice->irq and
      parts of the driver used the stale copy.
      See bugzilla.kernel.org, bug 9047.
      
      The patch
      - updates netdevice->irq
      - replaces all accesses to netdevice->irq with pci_dev->irq.
      
      The patch is against 2.6.23.1. IMHO suitable for both 2.6.23 and 2.6.24
      Signed-off-by: default avatarManfred Spraul <manfred@colorfullife.com>
      Signed-off-by: default avatarJeff Garzik <jeff@garzik.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      5120a468
    • Takashi Iwai's avatar
      ALSA: hda-codec - Add array terminator for dmic in STAC codec · 05fa45df
      Takashi Iwai authored
      patch f6e9852a in mainline.
      
      [ALSA] hda-codec - Add array terminator for dmic in STAC codec
      
      Reported by Jan-Marek Glogowski.
      
      The dmic array is passed to snd_hda_parse_pin_def_config() and
      should be zero-terminated.
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      05fa45df
    • Takashi Iwai's avatar
      ALSA: hdsp - Fix zero division · 51303d21
      Takashi Iwai authored
      patch 2a3988f6 in mainline.
      
      Fix zero-division bug in the calculation dds offset.
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJaroslav Kysela <perex@perex.cz>
      Cc: Maarten Bressers <mbressers@gmail.com>
      Cc: gentoo kernel <kernel@gentoo.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      51303d21
    • Herbert Xu's avatar
      Fix crypto_alloc_comp() error checking. · 6c7ad737
      Herbert Xu authored
      [IPSEC]: Fix crypto_alloc_comp error checking
      
      [ Upstream commit: 4999f362 ]
      
      The function crypto_alloc_comp returns an errno instead of NULL
      to indicate error.  So it needs to be tested with IS_ERR.
      
      This is based on a patch by Vicenç Beltran Querol.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      6c7ad737
    • Radu Rendec's avatar
      Fix endianness bug in U32 classifier. · 3040f069
      Radu Rendec authored
      changeset 543821c6 in mainline.
      
      [PKT_SCHED] CLS_U32: Fix endianness problem with u32 classifier hash masks.
      
      While trying to implement u32 hashes in my shaping machine I ran into
      a possible bug in the u32 hash/bucket computing algorithm
      (net/sched/cls_u32.c).
      
      The problem occurs only with hash masks that extend over the octet
      boundary, on little endian machines (where htonl() actually does
      something).
      
      Let's say that I would like to use 0x3fc0 as the hash mask. This means
      8 contiguous "1" bits starting at b6. With such a mask, the expected
      (and logical) behavior is to hash any address in, for instance,
      192.168.0.0/26 in bucket 0, then any address in 192.168.0.64/26 in
      bucket 1, then 192.168.0.128/26 in bucket 2 and so on.
      
      This is exactly what would happen on a big endian machine, but on
      little endian machines, what would actually happen with current
      implementation is 0x3fc0 being reversed (into 0xc03f0000) by htonl()
      in the userspace tool and then applied to 192.168.x.x in the u32
      classifier. When shifting right by 16 bits (rank of first "1" bit in
      the reversed mask) and applying the divisor mask (0xff for divisor
      256), what would actually remain is 0x3f applied on the "168" octet of
      the address.
      
      One could say is this can be easily worked around by taking endianness
      into account in userspace and supplying an appropriate mask (0xfc03)
      that would be turned into contiguous "1" bits when reversed
      (0x03fc0000). But the actual problem is the network address (inside
      the packet) not being converted to host order, but used as a
      host-order value when computing the bucket.
      
      Let's say the network address is written as n31 n30 ... n0, with n0
      being the least significant bit. When used directly (without any
      conversion) on a little endian machine, it becomes n7 ... n0 n8 ..n15
      etc in the machine's registers. Thus bits n7 and n8 would no longer be
      adjacent and 192.168.64.0/26 and 192.168.128.0/26 would no longer be
      consecutive.
      
      The fix is to apply ntohl() on the hmask before computing fshift,
      and in u32_hash_fold() convert the packet data to host order before
      shifting down by fshift.
      
      With helpful feedback from Jamal Hadi Salim and Jarek Poplawski.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      3040f069
    • David Miller's avatar
      Fix error returns in sys_socketpair() · 2c41b3c3
      David Miller authored
      patch bf3c23d1 in mainline.
      
      [NET]: Fix error reporting in sys_socketpair().
      
      If either of the two sock_alloc_fd() calls fail, we
      forget to update 'err' and thus we'll erroneously
      return zero in these cases.
      
      Based upon a report and patch from Rich Paul, and
      commentary from Chuck Ebbert.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      2c41b3c3
    • Patrick McHardy's avatar
      Fix netlink timeouts. · d6eb5c86
      Patrick McHardy authored
      [NETLINK]: Fix unicast timeouts
      
      [ Upstream commit: c3d8d1e3 ]
      
      Commit ed6dcf4a in the history.git tree broke netlink_unicast timeouts
      by moving the schedule_timeout() call to a new function that doesn't
      propagate the remaining timeout back to the caller. This means on each
      retry we start with the full timeout again.
      
      ipc/mqueue.c seems to actually want to wait indefinitely so this
      behaviour is retained.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      d6eb5c86
    • Evgeniy Polyakov's avatar
      Fix TEQL oops. · 2d235412
      Evgeniy Polyakov authored
      [PKT_SCHED]: Fix OOPS when removing devices from a teql queuing discipline
      
      [ Upstream commit: 4f9f8311 ]
      
      tecl_reset() is called from deactivate and qdisc is set to noop already,
      but subsequent teql_xmit does not know about it and dereference private
      data as teql qdisc and thus oopses.
      not catch it first :)
      Signed-off-by: default avatarEvgeniy Polyakov <johnpol@2ka.mipt.ru>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      2d235412
    • Jozsef Kadlecsik's avatar
      NETFILTER: nf_conntrack_tcp: fix connection reopening · 5263c68d
      Jozsef Kadlecsik authored
      Upstream commits: 17311393 + bc34b841 merged together.  Merge done by
      Patrick McHardy <kaber@trash.net>
      
      [NETFILTER]: nf_conntrack_tcp: fix connection reopening
      
      With your description I could reproduce the bug and actually you were
      completely right: the code above is incorrect. Somehow I was able to
      misread RFC1122 and mixed the roles :-(:
      
         When a connection is >>closed actively<<, it MUST linger in
         TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime).
         However, it MAY >>accept<< a new SYN from the remote TCP to
         reopen the connection directly from TIME-WAIT state, if it:
         [...]
      
      The fix is as follows: if the receiver initiated an active close, then the
      sender may reopen the connection - otherwise try to figure out if we hold
      a dead connection.
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Tested-by: default avatarKrzysztof Piotr Oledzki <ole@ans.pl>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      5263c68d
    • Jan Kiszka's avatar
      fix param_sysfs_builtin name length check · 79d84e19
      Jan Kiszka authored
      patch 22800a28 in mainline.
      
      Commit faf8c714 caused a regression:
      parameter names longer than MAX_KBUILD_MODNAME will now be rejected,
      although we just need to keep the module name part that short.  This patch
      restores the old behaviour while still avoiding that memchr is called with
      its length parameter larger than the total string length.
      Signed-off-by: default avatarJan Kiszka <jan.kiszka@web.de>
      Cc: Dave Young <hidave.darkstar@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Cc: Chuck Ebbert <cebbert@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      79d84e19
    • Hugh Dickins's avatar
      fix tmpfs BUG and AOP_WRITEPAGE_ACTIVATE · fed52120
      Hugh Dickins authored
      patch 487e9bf2 in mainline.
      
      It's possible to provoke unionfs (not yet in mainline, though in mm and
      some distros) to hit shmem_writepage's BUG_ON(page_mapped(page)).  I expect
      it's possible to provoke the 2.6.23 ecryptfs in the same way (but the
      2.6.24 ecryptfs no longer calls lower level's ->writepage).
      
      This came to light with the recent find that AOP_WRITEPAGE_ACTIVATE could
      leak from tmpfs via write_cache_pages and unionfs to userspace.  There's
      already a fix (e4230030 - writeback: don't
      propagate AOP_WRITEPAGE_ACTIVATE) in the tree for that, and it's okay so
      far as it goes; but insufficient because it doesn't address the underlying
      issue, that shmem_writepage expects to be called only by vmscan (relying on
      backing_dev_info capabilities to prevent the normal writeback path from
      ever approaching it).
      
      That's an increasingly fragile assumption, and ramdisk_writepage (the other
      source of AOP_WRITEPAGE_ACTIVATEs) is already careful to check
      wbc->for_reclaim before returning it.  Make the same check in
      shmem_writepage, thereby sidestepping the page_mapped BUG also.
      Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
      Cc: Erez Zadok <ezk@cs.sunysb.edu>
      Reviewed-by: default avatarPekka Enberg <penberg@cs.helsinki.fi>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      fed52120
    • Andrew Morton's avatar
      writeback: don't propagate AOP_WRITEPAGE_ACTIVATE · b2e5acb6
      Andrew Morton authored
      patch e4230030 in mainline.
      
      This is a writeback-internal marker but we're propagating it all the way back
      to userspace!.
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      b2e5acb6
    • Dave Johnson's avatar
      x86: fix TSC clock source calibration error · e8b00d71
      Dave Johnson authored
      patch edaf420f in mainline.
      
      I ran into this problem on a system that was unable to obtain NTP sync
      because the clock was running very slow (over 10000ppm slow). ntpd had
      declared all of its peers 'reject' with 'peer_dist' reason.
      
      On investigation, the tsc_khz variable was significantly incorrect
      causing xtime to run slow.  After a reboot tsc_khz was correct so I
      did a reboot test to see how often the problem occurred:
      
      Test was done on a 2000 Mhz Xeon system.  Of 689 reboots, 8 of them
      had unacceptable tsc_khz values (>500ppm):
      
       range of tsc_khz  # of boots  % of boots
       ----------------  ----------  ----------
              < 1999750           0      0.000%
      1999750 - 1999800          21      3.048%
      1999800 - 1999850         166     24.128%
      1999850 - 1999900         241     35.029%
      1999900 - 1999950         211     30.669%
      1999950 - 2000000          42      6.105%
      2000000 - 2000000           0      0.000%
      2000050 - 2000100           0      0.000%
                         [...]
      2000100 - 2015000           1      0.145%  << BAD
      2015000 - 2030000           6      0.872%  << BAD
      2030000 - 2045000           1      0.145%  << BAD
      2045000 <                   0      0.000%
      
      The worst boot was 2032.577 Mhz, over 1.5% off!
      
      It appears that on rare occasions, mach_countup() is taking longer to
      complete than necessary.
      
      I suspect that this is caused by the CPU taking a periodic SMI
      interrupt right at the end of the 30ms calibration loop.  This would
      cause the loop to delay while the SMI BIOS hander runs. The resulting
      TSC value is beyond what it actually should be resulting in a higher
      tsc_khz.
      
      The below patch makes native_calculate_cpu_khz() take the best
      (shortest duration, lowest khz) run of it's 3 calibration loops.  If a
      SMI goes off causing a bad result (long duration, higher khz) it will
      be discarded.
      
      With the patch applied, 300 boots of the same system produce good
      results:
      
       range of tsc_khz  # of boots  % of boots
       ----------------  ----------  ----------
              < 1999750           0      0.000%
      1999750 - 1999800          30     10.000%
      1999800 - 1999850         166     55.333%
      1999850 - 1999900          89     29.667%
      1999900 - 1999950          15      5.000%
      1999950 <                   0      0.000%
      
      Problem was found and tested against 2.6.18.  Patch is against 2.6.22.
      Signed-off-by: default avatarDave Johnson <djohnson@sw.starentnetworks.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e8b00d71
    • David Miller's avatar
      Fix compat futex hangs. · 52c7418e
      David Miller authored
      [FUTEX]: Fix address computation in compat code.
      
      [ Upstream commit: 3c5fd9c7 ]
      
      compat_exit_robust_list() computes a pointer to the
      futex entry in userspace as follows:
      
      	(void __user *)entry + futex_offset
      
      'entry' is a 'struct robust_list __user *', and
      'futex_offset' is a 'compat_long_t' (typically a 's32').
      
      Things explode if the 32-bit sign bit is set in futex_offset.
      
      Type promotion sign extends futex_offset to a 64-bit value before
      adding it to 'entry'.
      
      This triggered a problem on sparc64 running 32-bit applications which
      would lock up a cpu looping forever in the fault handling for the
      userspace load in handle_futex_death().
      
      Compat userspace runs with address masking (wherein the cpu zeros out
      the top 32-bits of every effective address given to a memory operation
      instruction) so the sparc64 fault handler accounts for this by
      zero'ing out the top 32-bits of the fault address too.
      
      Since the kernel properly uses the compat_uptr interfaces, kernel side
      accesses to compat userspace work too since they will only use
      addresses with the top 32-bit clear.
      
      Because of this compat futex layer bug we get into the following loop
      when executing the get_user() load near the top of handle_futex_death():
      
      1) load from address '0xfffffffff7f16bd8', FAULT
      2) fault handler clears upper 32-bits, processes fault
         for address '0xf7f16bd8' which succeeds
      3) goto #1
      
      I want to thank Bernd Zeimetz, Josip Rodin, and Fabio Massimo Di Nitto
      for their tireless efforts helping me track down this bug.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      52c7418e
    • Christoph Lameter's avatar
      SLUB: Fix memory leak by not reusing cpu_slab · 06283bea
      Christoph Lameter authored
      backport of 05aa3450 from Linus's tree.
      
      SLUB: Fix memory leak by not reusing cpu_slab
      
      Fix the memory leak that may occur when we attempt to reuse a cpu_slab
      that was allocated while we reenabled interrupts in order to be able to
      grow a slab cache. The per cpu freelist may contain objects and in that
      situation we may overwrite the per cpu freelist pointer loosing objects.
      This only occurs if we find that the concurrently allocated slab fits
      our allocation needs.
      
      If we simply always deactivate the slab then the freelist will be properly
      reintegrated and the memory leak will go away.
      Signed-off-by: default avatarChristoph Lameter <clameter@sgi.com>
      Cc: Hugh Dickins <hugh@veritas.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      06283bea
  2. 16 Nov, 2007 3 commits
  3. 05 Nov, 2007 10 commits
  4. 02 Nov, 2007 6 commits