- 17 Apr, 2006 11 commits
-
-
Stephen Rothwell authored
As noted further on the this file, some block devices have a / in their name, so fix the "block:..." symlink name the same as the /sys/block name. Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Nick Piggin authored
Rohit found an obscure bug causing buddy list corruption. page_is_buddy is using a non-atomic test (PagePrivate && page_count == 0) to determine whether or not a free page's buddy is itself free and in the buddy lists. Each of the conjuncts may be true at different times due to unrelated conditions, so the non-atomic page_is_buddy test may find each conjunct to be true even if they were not both true at the same time (ie. the page was not on the buddy lists). Signed-off-by:
Martin Bligh <mbligh@google.com> Signed-off-by:
Rohit Seth <rohitseth@google.com> Signed-off-by:
Nick Piggin <npiggin@suse.de> Signed-off-by:
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
-
Miklos Szeredi authored
During heavy parallel filesystem activity it was possible to Oops the kernel. The reason is that read_cache_pages() could skip pages which have already been inserted into the cache by another task. Occasionally this may result in zero pages actually being sent, while fuse_send_readpages() relies on at least one page being in the request. So check this corner case and just free the request instead of trying to send it. Reported and tested by Konstantin Isakov. Signed-off-by:
Miklos Szeredi <miklos@szeredi.hu> Signed-off-by:
-
Hirokazu Takata authored
This patch fixes a boot problem of the m32r SMP kernel 2.6.16-rc1-mm3 or later. In this patch, cpu_possible_map is statically initialized, and cpu_present_map is also copied from cpu_possible_map in smp_prepare_cpus(), because the m32r architecture has not supported CPU hotplug yet. Signed-off-by:
Hayato Fujiwara <fujiwara.hayato@renesas.com> Signed-off-by:
Hirokazu Takata <takata@linux-m32r.org> Signed-off-by:
-
Hirokazu Takata authored
Update {get,put}_user macros for m32r kernel. - Modify get_user to use __get_user_asm macro, instead of __get_user_x macro. - Remove arch/m32r/lib/{get,put}user.S. - Some cosmetic updates. I would like to thank NIIBE Yutaka for his reporting about the m32r kernel's security problem in {get,put}_user macros. There were no address checking for user space access in {get,put}_user macros. ;-) Signed-off-by: -
Patrick McHardy authored
[NETFILTER]: Fix fragmentation issues with bridge netfilter The conntrack code doesn't do re-fragmentation of defragmented packets anymore but relies on fragmentation in the IP layer. Purely bridged packets don't pass through the IP layer, so the bridge netfilter code needs to take care of fragmentation itself. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Stephen Hemminger authored
Sky2 driver will oops referencing bad memory if used on a dual port card. The problem is accessing past end of MIB counter space. Signed-off-by:
Stephen Hemminger <shemminger@osdl.org> Signed-off-by:
-
Randy Dunlap authored
Limit USB_STORAGE_ISD200 to whatever BLK_DEV_IDE and USB_STORAGE are set to (y, m) since isd200 calls ide_fix_driveid() in the BLK_DEV_IDE code. Signed-off-by:
Randy Dunlap <rdunlap@xenotime.net> Signed-off-by:
-
Mark Bellon authored
The MPBL0010 Telco clock driver (drivers/char/tlclk.c) uses 0222 (anyone can write) permissions on its writable sysfs entries. Alter the permissions to 0220 (owner and group can write). The use case for this driver is to configure the fail over behavior of the clock hardware. That should be done by the more privileged users. Signed-off-by:
Mark Bellon <mbellon@mvista.com> Acked-by:
Gross Mark <mark.gross@intel.com> Signed-off-by:
-
Laurent MEYER authored
*) When setting a sighandler using sigaction() call, if the flag SA_ONSTACK is set and no alternate stack is provided via sigaltstack(), the kernel still try to install the alternate stack. This behavior is the opposite of the one which is documented in Single Unix Specifications V3. *) Also when setting an alternate stack using sigaltstack() with the flag SS_DISABLE, the kernel try to install the alternate stack on signal delivery. These two use cases makes the process crash at signal delivery. This fixes it. Signed-off-by:
Laurent Meyer <meyerlau@fr.ibm.com> Signed-off-by:
Paul Mackerras <paulus@samba.org> Signed-off-by:
-
Stephen Rothwell authored
Since the powerpc 64k pages patch went in, systems that have SLBs (like Power4 iSeries) needed to have slb_initialize called to set up some variables for the SLB miss handler. This was not being called on the boot processor on iSeries, so on single cpu iSeries machines, we would get apparent memory curruption as soon as we entered user mode. This patch fixes that by calling slb_initialize on the boot cpu if the processor has an SLB. Signed-off-by:
-
- 12 Apr, 2006 3 commits
-
-
Greg Kroah-Hartman authored
-
Andi Kleen authored
Intel EM64T CPUs handle uncanonical return addresses differently from AMD CPUs. The exception is reported in the SYSRET, not the next instruction. Thgis leads to the kernel exception handler running on the user stack with the wrong GS because the kernel didn't expect exceptions on this instruction. This version of the patch has the teething problems that plagued an earlier version fixed. This is CVE-2006-0744 Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial patches. Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
Andi Kleen authored
Just call IRET always, no need for any special cases. Needed for the next bug fix. Signed-off-by:
-
- 11 Apr, 2006 4 commits
-
-
Greg Kroah-Hartman authored
-
Oleg Nesterov authored
made this BUG_ON() unsafe. This code runs under ->siglock, while switch_exec_pids() takes tasklist_lock. Signed-off-by:
Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by:
-
Greg Kroah-Hartman authored
-
David Howells authored
This fixes the problem of an oops occuring when a user attempts to add a key to a non-keyring key [CVE-2006-1522]. The problem is that __keyring_search_one() doesn't check that the keyring it's been given is actually a keyring. I've fixed this problem by: (1) declaring that caller of __keyring_search_one() must guarantee that the keyring is a keyring; and (2) making key_create_or_update() check that the keyring is a keyring, and return -ENOTDIR if it isn't. This can be tested by: keyctl add user b b `keyctl add user a a @s` Signed-off-by:David Howells <dhowells@redhat.com> Signed-off-by:
-
- 07 Apr, 2006 22 commits
-
-
Greg Kroah-Hartman authored
-
Vivek Goyal authored
A couple of /proc/vmcore data structures overflow with 32bit systems having memory more than 4G. This patch fixes those. Signed-off-by:
Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp> Signed-off-by:
Vivek Goyal <vgoyal@in.ibm.com> Signed-off-by:
-
NeilBrown authored
NFSd makes sure there is enough space to hold the maximum possible reply before accepting a request. The units for this maximum is (4byte) words. However in three places, particularly for read request, the number given is a number of bytes. This means too much space is reserved which is slightly wasteful. This is the sort of patch that could uncover a deeper bug, and it is not critical, so it would be best for it to spend a while in -mm before going in to mainline. (akpm: target 2.6.17-rc2, 2.6.16.3 (approx)) Discovered-by:
"Eivind Sarto" <ivan@kasenna.com> Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Jouni Malinen authored
Fixed encrypted of EAPOL frames from wlan#ap interface (hostapd). This was broken when moving to use new frame control field defines in net/ieee80211.h. hostapd uses Protected flag, not protocol version (which was cleared in this function anyway). This fixes WPA group key handshake and re-authentication. http://hostap.epitest.fi/bugz/show_bug.cgi?id=126Signed-off-by:
Jouni Malinen <jkmaline@cc.hut.fi>
-
Takashi Iwai authored
Added the default entry of ALC880 configuration table for CTL Travel Master U553W. This patch was already included in Linus' tree. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Adrian Bunk <bunk@stusta.de> Signed-off-by:
-
Adrian Bunk authored
CRYPTO is a helper variable, and to make it easier for users, it should therefore select'ed and not be listed in the dependencies. drivers/net/wireless/airo.c requires CONFIG_CRYPTO for compilations. Therefore, AIRO_CS also has to select CRYPTO. Signed-off-by:
-
Christoph Lameter authored
Fix NULL pointer dereference in node_read_numastat() zone_pcp() only returns valid values if the processor is online. Change node_read_numastat() to only scan online processors. Signed-off-by:
Christoph Lameter <clameter@sgi.com> Signed-off-by:
-
Adrian Bunk authored
This patch fixes a big array overun found by the Coverity checker. This was already fixed in Linus' tree. Signed-off-by:
-
Antonino A. Daplas authored
The monochrome->color expansion routine that handles bitmaps which have (widths % 8) != 0 (slow_imageblit) produces corrupt characters in big-endian. This is caused by a bogus bit test in slow_imageblit(). Fix. Signed-off-by:
Antonino Daplas <adaplas@pol.net> Acked-by:
Herbert Poetzl <herbert@13thfloor.at> Signed-off-by:
-
David S. Miller authored
Please apply to 2.6.{14,15,16} -stable, thanks a lot. From: Robert Olsson <robert.olsson@its.uu.se> [FIB_TRIE]: Fix leaf freeing. Seems like leaf (end-nodes) has been freed by __tnode_free_rcu and not by __leaf_free_rcu. This fixes the problem. Only tnode_free is now used which checks for appropriate node type. free_leaf can be removed. Signed-off-by:Robert Olsson <robert.olsson@its.uu.se> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Sergey Vlasov authored
If the change of personality does not lead to change of exec domain, __set_personality() returned without releasing the module reference acquired by lookup_exec_domain(). This patch was already included in Linus' tree. Signed-off-by:
Sergey Vlasov <vsu@altlinux.ru> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by:
-
Venkatesh Pallipadi authored
[CPUFREQ] Fix the p4-clockmod N60 errata workaround. Fix the code to disable freqs less than 2GHz in N60 errata. Signed-off-by:
Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
-
Kirill Korotaev authored
Wrong error path in dup_fd() - it should return NULL on error, not an address of already freed memory :/ Triggered by OpenVZ stress test suite. What is interesting is that it was causing different oopses in RCU like below: Call Trace: [<c013492c>] rcu_do_batch+0x2c/0x80 [<c0134bdd>] rcu_process_callbacks+0x3d/0x70 [<c0126cf3>] tasklet_action+0x73/0xe0 [<c01269aa>] __do_softirq+0x10a/0x130 [<c01058ff>] do_softirq+0x4f/0x60 ======================= [<c0113817>] smp_apic_timer_interrupt+0x77/0x110 [<c0103b54>] apic_timer_interrupt+0x1c/0x24 Code: Bad EIP value. <0>Kernel panic - not syncing: Fatal exception in interrupt Signed-Off-By:
Pavel Emelianov <xemul@sw.ru> Signed-Off-By:
Dmitry Mishin <dim@openvz.org> Signed-Off-By:
Kirill Korotaev <dev@openvz.org> Signed-Off-By:
-
Martin Josefsson authored
[NETFILTER]: {ip,nf}_conntrack_netlink: fix expectation notifier unregistration This patch fixes expectation notifier unregistration on module unload to use ip_conntrack_expect_unregister_notifier(). This bug causes a soft lockup at the first expectation created after a rmmod ; insmod of this module. Should go into -stable as well. Signed-off-by:Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by:
-
maximilian attems authored
The isicom driver uses request_firmware() and thus needs to select FW_LOADER. This patch was already included in Linus' tree. Signed-off-by:
maximilian attems <maks@sternwelten.at> Signed-off-by:
-
Dave Jones authored
[CPUFREQ] Mark longhaul driver as broken. This seems to work for a short period of time, but when used in conjunction with a userspace governor that changes the frequency regularly, it's only a matter of time before everything just locks up. Signed-off-by:
-
Takashi Iwai authored
Modules: Opti9xx drivers Fix compile errors without CONFIG_PNP. This patch was already included in Linus' tree. Signed-off-by:
-
Janos Farkas authored
For some time, the core pcmcia drivers seem not to think single character prod_ids are valid, thus preventing the "cleverly" named "D" "Link DWL-650 11Mbps WLAN Card" Before (as in 2.6.16): PRODID_1="" PRODID_2="Link DWL-650 11Mbps WLAN Card" PRODID_3="Version 01.02" PRODID_4="" MANFID=0156,0002 FUNCID=6 After (with the patch) PRODID_1="D" PRODID_2="Link DWL-650 11Mbps WLAN Card" PRODID_3="Version 01.02" PRODID_4="" MANFID=0156,0002 FUNCID=6 Signed-off-by:
Janos Farkas <chexum@gmail.com> Signed-off-by:
Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by:
-
Adrian Bunk authored
PCMCIA_SPECTRUM must select FW_LOADER. Reported by "Alexander E. Patrakov" <patrakov@ums.usu.ru>. This patch was already included in Linus' tree. Signed-off-by:
-
Stephen Rothwell authored
We used to assume that a DMA mapping request with a NULL dev was for ISA DMA. This assumption was broken at some point. Now we explicitly pass the detected ISA PCI device in the floppy setup. Signed-off-by:
-
Stefan Richter authored
sbp2util_mark_command_completed takes a lock which was already taken by sbp2scsi_complete_all_commands. This is a regression in Linux 2.6.15. Reported by Kristian Harms at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187394Signed-off-by:
Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by:
-
Horst Schirmeier authored
When trying to deconfigure a device via usb_set_configuration(dev, 0), 2.6.16-rc kernels after 55c52718 oops with "Unable to handle NULL pointer dereference at...". This is due to an unchecked dereference of cp in the power budget part. This patch was already included in Linus' tree. Signed-off-by:
Horst Schirmeier <horst@schirmeier.com> Acked-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
