- 09 Dec, 2011 6 commits
-
-
Trond Myklebust authored
commit 24ca9a84 upstream. By returning '0' instead of 'EAGAIN' when the tests in xs_nospace() fail to find evidence of socket congestion, we are making the RPC engine believe that the message was incorrectly sent and so it disconnects the socket instead of just retrying. The bug appears to have been introduced by commit 5e3771ce (SUNRPC: Ensure that xs_nospace return values are propagated). Reported-by:
Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by:
Trond Myklebust <Trond.Myklebust@netapp.com> Tested-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Tim Blechmann authored
commit a2987855 upstream. commit 6175ddf0 optimized the mem*io functions that have been used to send commands to the device. these optimizations somehow corrupted the communication with the lx6464es, that resulted the device to be unusable with kernels after 2.6.33. this patch emulates the memcpy_*_io functions via a loop to avoid these problems. Signed-off-by:
Tim Blechmann <tim@klingt.org> LKML-Reference: <4ECB5257.4040600@ladisch.de> Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
-
Will Deacon authored
commit 11ed0ba1 upstream. This patch implements a workaround for PL310 erratum 769419. On revisions of the PL310 prior to r3p2, the Store Buffer does not automatically drain. This can cause normal, non-cacheable writes to be retained when the memory system is idle, leading to suboptimal I/O performance for drivers using coherent DMA. This patch adds an optional wmb() call to the cpu_idle loop. On systems with an outer cache, this causes an explicit flush of the store buffer. Acked-by:
Catalin Marinas <catalin.marinas@arm.com> Tested-by:
Marc Zyngier <marc.zyngier@arm.com> Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by:
-
Bjorn Helgaas authored
commit 4cac2eb1 upstream. Previously we claimed device ID 0x7450, regardless of the vendor, which is clearly wrong. Now we'll claim that device ID only for AMD. I suspect this was just a typo in the original code, but it's possible this change will break shpchp on non-7450 AMD bridges. If so, we'll have to fix them as we find them. Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638863Reported-by:
Ralf Jung <ralfjung-e@gmx.de> Cc: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com> Signed-off-by:
Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by:
-
Tyler Hicks authored
commit 0f751e64 upstream. From mhalcrow's original commit message: Characters with ASCII values greater than the size of filename_rev_map[] are valid filename characters. ecryptfs_decode_from_filename() will access kernel memory beyond that array, and ecryptfs_parse_tag_70_packet() will then decrypt those characters. The attacker, using the FNEK of the crafted file, can then re-encrypt the characters to reveal the kernel memory past the end of the filename_rev_map[] array. I expect low security impact since this array is statically allocated in the text area, and the amount of memory past the array that is accessible is limited by the largest possible ASCII filename character. This patch solves the issue reported by mhalcrow but with an implementation suggested by Linus to simply extend the length of filename_rev_map[] to 256. Characters greater than 0x7A are mapped to 0x00, which is how invalid characters less than 0x7A were previously being handled. Signed-off-by:
Tyler Hicks <tyhicks@canonical.com> Reported-by:
Michael Halcrow <mhalcrow@google.com> Signed-off-by:
-
Jeffrey (Sheng-Hui) Chu authored
commit cc6bcf7d upstream. The wrong bits were put on the wire, fix that. This fixes kernel bug #42562. Signed-off-by:
Sheng-Hui J. Chu <jeffchu@broadcom.com> Signed-off-by:
Jean Delvare <khali@linux-fr.org> Signed-off-by:
-
- 26 Nov, 2011 26 commits
-
-
Greg Kroah-Hartman authored
-
Alan Cox authored
commit 0587102c upstream Again basically cut and paste Convert the main driver set to use the hooks for GICOUNT Signed-off-by:
Alan Cox <alan@linux.intel.com> Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com>
-
Alan Cox authored
commit d281da7f upstream Dan Rosenberg noted that various drivers return the struct with uncleared fields. Instead of spending forever trying to stomp all the drivers that get it wrong (and every new driver) do the job in one place. This first patch adds the needed operations and hooks them up, including the needed USB midlayer and serial core plumbing. Signed-off-by:
-
sordna authored
commit 0d145d7d upstream. The following patch contains additional affected webcam models, on top of the patches commited to linux-next 2394d67e and 5b253d88Signed-off-by:
sordna <sordna@gmail.com> Cc: Oliver Neukum <oliver@neukum.org> Signed-off-by:
-
Josh Boyer authored
commit 60c71ca9 upstream. We've had another report of the "chipmunk" sound on a Logitech C600 webcam. This patch resolves the issue. Signed-off-by:
Josh Boyer <jwboyer@redhat.com> Signed-off-by:
-
Alan Stern authored
commit 2f640bf4 upstream. The 8020i protocol (also 8070i and QIC-157) uses 12-byte commands; shorter commands must be padded. Simon Detheridge reports that his 3-TB USB disk drive claims to use the 8020i protocol (which is normally meant for ATAPI devices like CD drives), and because of its large size, the disk drive requires the use of 16-byte commands. However the usb_stor_pad12_command() routine in usb-storage always sets the command length to 12, making the drive impossible to use. Since the SFF-8020i specification allows for 16-byte commands in future extensions, we may as well accept them. This patch (as1490) changes usb_stor_pad12_command() to leave commands larger than 12 bytes alone rather than truncating them. Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Tested-by:
Simon Detheridge <simon@widgit.com> CC: Matthew Dharm <mdharm-usb@one-eyed-alien.net> Signed-off-by:
-
Andrew Worsley authored
commit b1ffb4c8 upstream. Fix for ftdi_set_termios() glitching output ftdi_set_termios() is constantly setting the baud rate, data bits and parity unnecessarily on every call, . When called while characters are being transmitted can cause the FTDI chip to corrupt the serial port bit stream output by stalling the output half a bit during the output of a character. Simple fix by skipping this setting if the baud rate/data bits/parity are unchanged. Signed-off-by:
Andrew Worsley <amworsley@gmail.com> Signed-off-by:
-
wangyanqing authored
commit 0c165955 upstream. I get report from customer that his usb-serial converter doesn't work well,it sometimes work, but sometimes it doesn't. The usb-serial converter's id: vendor_id product_id 0x4348 0x5523 Then I search the usb-serial codes, and there are two drivers announce support this device, pl2303 and ch341, commit 026dfaf1 cause it. Through many times to test, ch341 works well with this device, and pl2303 doesn't work quite often(it just work quite little). ch341 works well with this device, so we doesn't need pl2303 to support.I try to revert 026dfaf1 first, but it failed. So I prepare this patch by hand to revert it. Signed-off-by:
Wang YanQing <Udknight@gmail.com> Signed-off-by:
-
Michal Marek authored
commit 8417da6f upstream. Starting with 4.4, gcc will happily accept -Wno-<anything> in the cc-option test and complain later when compiling a file that has some other warning. This rather unexpected behavior is intentional as per http://gcc.gnu.org/PR28322, so work around it by testing for support of the opposite option (without the no-). Introduce a new Makefile function cc-disable-warning that does this and update two uses of cc-option in the toplevel Makefile. Reported-and-tested-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
Michal Marek <mmarek@suse.cz> Signed-off-by:
-
Shan Wei authored
commit a9cf73ea upstream. At this point, skb->data points to skb_transport_header. So, headroom check is wrong. For some case:bridge(UFO is on) + eth device(UFO is off), there is no enough headroom for IPv6 frag head. But headroom check is always false. This will bring about data be moved to there prior to skb->head, when adding IPv6 frag header to skb. Signed-off-by:
Shan Wei <shanwei@cn.fujitsu.com> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Mitsuo Hayasaka authored
commit f5252e00 upstream The /proc/vmallocinfo shows information about vmalloc allocations in vmlist that is a linklist of vm_struct. It, however, may access pages field of vm_struct where a page was not allocated. This results in a null pointer access and leads to a kernel panic. Why this happen: In __vmalloc_node() called from vmalloc(), newly allocated vm_struct is added to vmlist at __get_vm_area_node() and then, some fields of vm_struct such as nr_pages and pages are set at __vmalloc_area_node(). In other words, it is added to vmlist before it is fully initialized. At the same time, when the /proc/vmallocinfo is read, it accesses the pages field of vm_struct according to the nr_pages field at show_numa_info(). Thus, a null pointer access happens. Patch: This patch adds newly allocated vm_struct to the vmlist *after* it is fully initialized. So, it can avoid accessing the pages field with unallocated page when show_numa_info() is called. Signed-off-by:
Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: David Rientjes <rientjes@google.com> Cc: Namhyung Kim <namhyung@gmail.com> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Signed-off-by:
-
Ian Campbell authored
commit 9bab0b7f upstream This adds a mechanism to resume selected IRQs during syscore_resume instead of dpm_resume_noirq. Under Xen we need to resume IRQs associated with IPIs early enough that the resched IPI is unmasked and we can therefore schedule ourselves out of the stop_machine where the suspend/resume takes place. This issue was introduced by 676dc3cf "xen: Use IRQF_FORCE_RESUME". Back ported to 2.6.32 (which lacks syscore support) by calling the relavant resume function directly from sysdev_resume). v2: Fixed non-x86 build errors. Signed-off-by:
Ian Campbell <ian.campbell@citrix.com> Cc: Rafael J. Wysocki <rjw@sisk.pl> Cc: Jeremy Fitzhardinge <Jeremy.Fitzhardinge@citrix.com> Cc: xen-devel <xen-devel@lists.xensource.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Link: http://lkml.kernel.org/r/1318713254.11016.52.camel@dagon.hellion.org.ukSigned-off-by:
Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
-
Chris Wilson authored
commit 7dcd2499 upstream ... and do the same for pread. Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by:
-
Chris Wilson authored
commit ce9d419d upstream. Move the access control up from the fast paths, which are no longer universally taken first, up into the caller. This then duplicates some sanity checking along the slow paths, but is much simpler. Tracked as CVE-2010-2962. Reported-by:
Kees Cook <kees@ubuntu.com> Signed-off-by:
-
Herton Ronaldo Krzesinski authored
This reverts commit fdb1e4e9. It was wrong included in 2.6.32 stable (was intended for 2.6.38+ in the original commit changelog in Linus tree), and causes a regression on 2.6.32 (https://launchpad.net/bugs/875300). Signed-off-by:
Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Signed-off-by:
-
Mauro Carvalho Chehab authored
commit 55fe25b4 upstream. This example file uses the old V4L1 API. It also doesn't use libv4l. So, it is completely obsolete. A good example already exists at v4l-utils (v4l2grab.c): http://git.linuxtv.org/v4l-utils.gitReviewed-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by:
-
NeilBrown authored
commit 9a3f530f upstream. When the number of failed devices exceeds the allowed number we must abort any active parity operations (checks or updates) as they are no longer meaningful, and can lead to a BUG_ON in handle_parity_checks6. This bug was introduce by commit 6c0069c0 in 2.6.29. Reported-by:
Manish Katiyar <mkatiyar@gmail.com> Tested-by:
Dan Williams <dan.j.williams@intel.com> Signed-off-by:
NeilBrown <neilb@suse.de> Signed-off-by:
-
Axel Lin authored
commit 5927f947 upstream. Reported-by:
Chris Paulson-Ellis <chris@edesix.com> Signed-off-by:
Axel Lin <axel.lin@gmail.com> Signed-off-by:
Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by:
-
Dave Jones authored
commit af0e5d56 upstream. Disable the new -Wunused-but-set-variable that was added in gcc 4.6.0 It produces more false positives than useful warnings. This can still be enabled using W=1 [gregkh - No it can not for 2.6.32, but we don't care] Signed-off-by:
Dave Jones <davej@redhat.com> Acked-by:
Sam Ravnborg <sam@ravnborg.org> Tested-by:
-
Dan Carpenter authored
commit bc5b8a90 upstream. On a corrupted file system the ->len field could be wrong leading to a buffer overflow. Reported-and-acked-by:
Clement LECIGNE <clement.lecigne@netasq.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
Dan Carpenter authored
commit 528f7ce6 upstream. In enter_state() we use "state" as an offset for the pm_states[] array. The pm_states[] array only has PM_SUSPEND_MAX elements so this test is off by one. Signed-off-by:
Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by:
-
Peter Wippich authored
commit bf514081 upstream. On writes in MODE_RAW the mtd_oob_ops struct is not sufficiently initialized which may cause nandwrite to fail. With this patch it is possible to write raw nand/oob data without additional ECC (either for testing or when some sectors need different oob layout e.g. bootloader) like nandwrite -n -r -o /dev/mtd0 <myfile> Signed-off-by:
Peter Wippich <pewi@gw-instruments.de> Tested-by:
Ricard Wanderlof <ricardw@axis.com> Signed-off-by:
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by:
-
Johannes Berg authored
commit c30bc947 upstream. L2TP for example uses NLA_MSECS like this: policy: [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, }, code: if (info->attrs[L2TP_ATTR_RECV_TIMEOUT]) cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]); As nla_get_msecs() is essentially nla_get_u64() plus the conversion to a HZ-based value, this will not properly reject attributes from userspace that aren't long enough and might overrun the message. Add NLA_MSECS to the attribute minlen array to check the size properly. Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
NeilBrown authored
commit dc6f55e9 upstream. The sunrpc layer keeps a cache of recently used credentials and 'unx_match' is used to find the credential which matches the current process. However unx_match allows a match when the cached credential has extra groups at the end of uc_gids list which are not in the process group list. So if a process with a list of (say) 4 group accesses a file and gains access because of the last group in the list, then another process with the same uid and gid, and a gid list being the first tree of the gids of the original process tries to access the file, it will be granted access even though it shouldn't as the wrong rpc credential will be used. Signed-off-by:
-
Bart Van Assche authored
commit 3308511c upstream. Make sure that SCSI device removal via scsi_remove_host() does finish all pending SCSI commands. Currently that's not the case and hence removal of a SCSI host during I/O can cause a deadlock. See also "blkdev_issue_discard() hangs forever if underlying storage device is removed" (http://bugzilla.kernel.org/show_bug.cgi?id=40472). See also http://lkml.org/lkml/2011/8/27/6. Signed-off-by:
Bart Van Assche <bvanassche@acm.org> Signed-off-by:
James Bottomley <JBottomley@Parallels.com> Signed-off-by:
-
Petr Uzel authored
commit c68bf8ee upstream. The call to complete() in st_scsi_execute_end() wakes up sleeping thread in write_behind_check(), which frees the st_request, thus invalidating the pointer to the associated bio structure, which is then passed to the blk_rq_unmap_user(). Fix by storing pointer to bio structure into temporary local variable. This bug is present since at least linux-2.6.32. Signed-off-by:
Petr Uzel <petr.uzel@suse.cz> Reported-by:
Juergen Groß <juergen.gross@ts.fujitsu.com> Reviewed-by:
Jan Kara <jack@suse.cz> Acked-by:
Kai Mäkisara <kai.makisara@kolumbus.fi> Signed-off-by:
-
- 09 Nov, 2011 4 commits
-
-
Greg Kroah-Hartman authored
-
Greg Kroah-Hartman authored
This reverts commit 1badd98e. It breaks the build on powerpc systems: arch/powerpc/sysdev/mpic.c: In function 'irq_choose_cpu': arch/powerpc/sysdev/mpic.c:574: error: passing argument 1 of '__cpus_equal' from incompatible pointer type Reported-by:
Jiri Slaby <jslaby@suse.cz> Cc: Jiajun Wu <b06378@freescale.com> Cc: Li Yang <leoli@freescale.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by:
-
Greg Kroah-Hartman authored
This reverts commit d85b1ce7. It breaks the build and probably shouldn't be in the 2.6.32 kernel Reported-by:
Stefan Bader <stefan.bader@canonical.com> Cc: Chris Paulson-Ellis <chris@edesix.com> Cc: Axel Lin <axel.lin@gmail.com> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by:
-
Greg Kroah-Hartman authored
This reverts commit 0f12a6ad. It causes too many build errors and needs to be done properly. Reported-by:
Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Rafael J. Wysocki <rjw@sisk.pl> Cc: Jeremy Fitzhardinge <Jeremy.Fitzhardinge@citrix.com> Cc: xen-devel <xen-devel@lists.xensource.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
-
- 07 Nov, 2011 4 commits
-
-
Greg Kroah-Hartman authored
-
Artur Zimmer authored
commit ce7e9065 upstream. Here is a patch for a new PID (zeitcontrol-device mifare-reader FT232BL(like FT232BM but lead free)). Signed-off-by:
Artur Zimmer <artur128@3dzimmer.de> Signed-off-by:
-
Florian Echtler authored
commit 2f1def26 upstream. A new device ID pair is added for Sierra Wireless MC8305. Signed-off-by:
Florian Echtler <floe@butterbrot.org> Signed-off-by:
-
Theodore Ts'o authored
commit 1cd9f097 upstream. This doesn't make much sense, and it exposes a bug in the kernel where attempts to create a new file in an append-only directory using O_CREAT will fail (but still leave a zero-length file). This was discovered when xfstests #79 was generalized so it could run on all file systems. Signed-off-by:
"Theodore Ts'o" <tytso@mit.edu> Signed-off-by:
-
