1. 19 Apr, 2004 11 commits
    • Stephen Hemminger's avatar
      [PATCH] Mixed PCI/ISA device name conflicts · 66dbee35
      Stephen Hemminger authored
      In systems with mixed network cards, and all drivers compiled into
      the kernel; the PCI device (eth0) will get probed first, before the ISA.
      
      The problem is that the ISA device can mistakenly try to probe
      for eth0.  The problem is that the ISA driver will not detect the failure
      until it goes to call register_netdevice, and not all drivers have
      perfect error unwind code.
      
      This patch short circuits the device probe, so it won't bother
      looking for devices that already are registered.
      66dbee35
    • Chris Wright's avatar
      [PATCH] e1000: fix probable security hole · bf31652c
      Chris Wright authored
      * Ken Ashcraft (ken@coverity.com) wrote:
      > [BUG]
      > /home/kash/linux/linux-2.6.5/drivers/net/e1000/e1000_ethtool.c:1494:e1000_ethtool_ioctl: ERROR:TAINT: 1487:1494:Passing unbounded user value "(regs).len" as arg 2 to function "copy_to_user", which uses it unsafely in model [SOURCE_MODEL=(lib,copy_from_user,user,taintscalar)] [SINK_MODEL=(lib,copy_to_user,user,trustingsink)]    [PATH=]
      > 	}
      > 	case ETHTOOL_GREGS: {
      > 		struct ethtool_regs regs = {ETHTOOL_GREGS};
      > 		uint32_t regs_buff[E1000_REGS_LEN];
      >
      > Start --->
      > 		if(copy_from_user(&regs, addr, sizeof(regs)))
      > 			return -EFAULT;
      > 		e1000_ethtool_gregs(adapter, &regs, regs_buff);
      > 		if(copy_to_user(addr, &regs, sizeof(regs)))
      > 			return -EFAULT;
      >
      > 		addr += offsetof(struct ethtool_regs, data);
      > Error --->
      > 		if(copy_to_user(addr, regs_buff, regs.len))
      > 			return -EFAULT;
      >
      > 		return 0;
      
      Looks like a bug.  Possible patch below zeros the buffer (since it's not
      filled completely by e1000_ethtool_gregs()), and truncates len.
      bf31652c
    • Adrian Bunk's avatar
      [PATCH] fix warning in drivers/net/tulip/timer.c · 27de7466
      Adrian Bunk authored
      I get the following warning in 2.6.5-mm6 and 2.6.6-rc1:
      
      <--  snip  -->
      
      ...
        CC      drivers/net/tulip/timer.o
      drivers/net/tulip/timer.c: In function `comet_timer':
      drivers/net/tulip/timer.c:156: warning: unused variable `ioaddr'
      ...
      
      <--  snip  -->
      
      
      Since the
         [netdrvr tulip] add MII support for Comet chips
      patch has removed the only use of this variable, the fix is simple:
      27de7466
    • Jeff Garzik's avatar
      [netdrvr r8169] remove driver-local DMA_xxBIT_MASK definitions · 35fd5c4b
      Jeff Garzik authored
      They are now upstream, we don't need driver-local ones anymore.
      35fd5c4b
    • Jeff Garzik's avatar
      96f2c4a4
    • Jeff Garzik's avatar
      [hamradio baycom] Remove bogus check in interrupt handler · 62424348
      Jeff Garzik authored
      Tangentially noticed by Stanford checker.
      62424348
    • Chris Wright's avatar
      [PATCH] remove redundant check in de2104x ->get_regs() · 395ac660
      Chris Wright authored
      Trivial patchlet...ethtool core already caps regs.len at a max of
      ->get_regs_len():
      
      	reglen = ops->get_regs_len(dev);
      	if (regs.len > reglen)
      		regs.len = reglen;
      
      So doing the same in the in de2104x driver ->get_regs() is redundant.
      Patch below simply removes it to clarify the guarantee of the API.
      395ac660
    • Chris Wright's avatar
      [PATCH] wan sdla: fix probable security hole · 98cd917c
      Chris Wright authored
      > [BUG] minor
      > /home/kash/linux/linux-2.6.5/drivers/net/wan/sdla.c:1206:sdla_xfer:
      > ERROR:TAINT: 1201:1206:Passing unbounded user value "(mem).len" as arg 0
      > to function "kmalloc", which uses it unsafely in model
      > [SOURCE_MODEL=(lib,copy_from_user,user,taintscalar)]
      > [SINK_MODEL=(lib,kmalloc,user,trustingsink)]  [MINOR]  [PATH=] [Also
      > used at, line 1219 in argument 0 to function "kmalloc"]
      > static int sdla_xfer(struct net_device *dev, struct sdla_mem *info, int
      > read)
      > {
      > 	struct sdla_mem mem;
      > 	char	*temp;
      >
      > Start --->
      > 	if(copy_from_user(&mem, info, sizeof(mem)))
      > 		return -EFAULT;
      >
      > 	if (read)
      > 	{
      > Error --->
      > 		temp = kmalloc(mem.len, GFP_KERNEL);
      > 		if (!temp)
      > 			return(-ENOMEM);
      > 		sdla_read(dev, mem.addr, temp, mem.len);
      
      Hrm, I believe you could use this to read 128k of kernel memory.
      sdla_read() takes len as a short, whereas mem.len is an int.  So,
      if mem.len == 0x20000, the allocation could still succeed.  When cast
      to short, len will be 0x0, causing the read loop to copy nothing into
      the buffer.  At least it's protected by a capable() check.  I don't
      know what proper upper bound is for this hardware, or how much it's
      used/cared about.  Simple memset() is trivial fix.
      98cd917c
    • Jeff Garzik's avatar
      [wireless orinoco] Remove bogus !dev check · 3ce12aab
      Jeff Garzik authored
      Caught by Stanford checker.
      3ce12aab
    • Andrew Morton's avatar
      [PATCH] 3c509 oops fix · e059aa85
      Andrew Morton authored
      If __ISAPNP__ and CONFIG_X86_PC9800 are not set, we forget to link the device
      into the global chain and el3_init_module dereferences NULL.
      e059aa85
    • Olaf Hering's avatar
      [PATCH] mace register_netdev printk · 0847467e
      Olaf Hering authored
      small cosmetic fix for powermac mace network driver.
      
      eth%d: MACE at 00:05:02:f4:1b:1d, chip revision 25.64
      vs.
      eth0: MACE at 00:05:02:f4:1b:1d, chip revision 25.64
      0847467e
  2. 18 Apr, 2004 21 commits
    • Linus Torvalds's avatar
      Merge bk://bk.arm.linux.org.uk/linux-2.6-rmk · d5b1f484
      Linus Torvalds authored
      into ppc970.osdl.org:/home/torvalds/v2.6/linux
      d5b1f484
    • Russell King's avatar
      [ARM] Clean up ARM includes · 53bfadf7
      Russell King authored
      This removes a number of unnecessary includes from the ARM specific
      files throughout the kernel.  Most notably asm/pgalloc.h is
      needlessly included in several places.  There were some places
      including it as a means to get at the cache flushing functions,
      so this has been corrected.
      53bfadf7
    • Benjamin Herrenschmidt's avatar
      [PATCH] Fix typo in previous patch · a5d43dcf
      Benjamin Herrenschmidt authored
      This is my brown paper bag day, I sent you the wrong patch for
      fixing the deadlock in rtas.c, here's one to apply on top of current
      bk that fixes build.
      a5d43dcf
    • Linus Torvalds's avatar
      3fd2eaad
    • Geert Uytterhoeven's avatar
      [PATCH] Amiga Zorro8390 Ethernet KERN_* · 29f9b4d8
      Geert Uytterhoeven authored
      Amiga Zorro8390 Ethernet: Add KERN_* prefixes to printk() messages
      29f9b4d8
    • Geert Uytterhoeven's avatar
      [PATCH] Amiga Hydra Ethernet KERN_* · 0243dbb6
      Geert Uytterhoeven authored
      Amiga Hydra Ethernet: Add KERN_* prefixes to printk() messages
      0243dbb6
    • Geert Uytterhoeven's avatar
      [PATCH] Amiga Ariadne Ethernet KERN_* · d79459da
      Geert Uytterhoeven authored
      Amiga Ariadne Ethernet: Add KERN_* prefixes to printk() messages
      d79459da
    • Geert Uytterhoeven's avatar
      [PATCH] Amiga A2065 Ethernet debug · c934f504
      Geert Uytterhoeven authored
      Amiga A2065 Ethernet: Add missing variable in debug code
      c934f504
    • Andrew Morton's avatar
      [PATCH] fix visws build · 2b2f6d9a
      Andrew Morton authored
      From: Andrey Panin <pazke@donpac.ru>
      
      this small patch fixes visws build error in 2.6.5.
      2b2f6d9a
    • Andrew Morton's avatar
      [PATCH] Fix laptop mode writeback triggered by hdparm -y. · 247aea28
      Andrew Morton authored
      From: Bart Samwel <bart@samwel.tk>
      
      Currently, an `hdparm -Y' can trigger a sync in laptop mode.  We should
      only count fs-originated requests as being "disk activity".
      247aea28
    • Andrew Morton's avatar
      [PATCH] set_anon_super locking fix · 4e79ee42
      Andrew Morton authored
      Take the idr's lock while removing an element on the error path.  Spotted by
      Nathan Lynch <nathanl@austin.ibm.com>.
      4e79ee42
    • Andrew Morton's avatar
      [PATCH] Print warning for common symbols in modules · 8eeff89b
      Andrew Morton authored
      From: Rusty Russell <rusty@rustcorp.com.au>
      
      People still build modules wrong, particularly without -fno-common.  The
      resulting modules don't load, but we should at least warn about it.
      8eeff89b
    • Andrew Morton's avatar
      [PATCH] jbd: journal_dirty_metadata locking speedup · 2c941f77
      Andrew Morton authored
      Reduce the locking coverage of the oft-used j_list_lock: the per-bh
      jbd_lock_bh_state() gives us sufficient locking of buffer_head and
      journal_head internals.
      2c941f77
    • Andrew Morton's avatar
      [PATCH] rmap: nonlinear truncation · dd9fd0e0
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      The earlier changes introducing PageAnon left truncated pages mapped into
      nonlinear vmas unswappable.  Once we go to object-based rmap, it's
      impossible to find where file page is mapped once page->mapping cleared:
      switching them to anonymous is odd, and breaks strict commit accounting.
      
      So now handle truncation of nonlinear vmas correctly.  And factor in
      Daniel's cluster filesystem needs while we're there: when invalidating
      local cache, we do want to unmap shared pages from all mms, but we do not
      want to discard private COWed modifications of those pages (which
      truncation discards to satisfy the SIGBUS semantics demanded by specs).
      
      Drew from Daniel's patch (LKML 2 Mar 04), but didn't always follow it;
      fewer name changes, but still some - "unmap" rather than "invalidate".
      zap_page_range is not exported, safe to give it and all the too-many layers
      an extra zap_details arg, in normal cases just NULL.
      
      Given details, zap_pte_range checks page mapping or index to skip anon or
      untruncated pages.  I didn't realize before implementing, that in nonlinear
      case, it should set a file pte when truncating - otherwise linear pages
      might appear in place of SIGBUS.  I suspect this implies that ->populate
      functions ought to set file ptes beyond EOF instead of failing, but haven't
      changed them as yet.
      
      To avoid making yet another copy of that ugly linear pgidx test, added
      inline function linear_page_index (to pagemap.h to get PAGE_CACHE_SIZE,
      though as usual things don't really work if it differs from PAGE_SIZE). 
      Ooh, I thought I'd removed ___add_to_page_cache last time, do so now.
      
      unmap_page_range static, shift its hugepage check up into sole caller
      unmap_vmas.  Killed "killme" debug from unmap_vmas, not seen it trigger.
      unmap_mapping_range is exported without restriction: I'm one of those who
      believe it should be generally available.  But I'm wrongly placed to decide
      that, probably just sob quietly to myself if _GPL added later.
      dd9fd0e0
    • Andrew Morton's avatar
      [PATCH] rmap: swap_unplug page · 3df9aaf3
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      Good example of "swapper_space considered harmful": swap_unplug_io_fn was
      originally designed for calling via swapper_space.backing_dev_info; but
      that way it loses track of which device is to be unplugged, so had to
      unplug all swap devices.  But now sync_page tests SwapCache anyway, can
      call swap_unplug_io_fn with page, which leads direct to the device.
      
      Reverted -mc4's CONFIG_SWAP=n fix, just add another NOTHING for it.
      Reverted -mc3's editorial adjustments to swap_backing_dev_info and
      swapper_space initializations: they document the few fields which are
      actually used now, as comment above them says (sound of slapped wrist).
      3df9aaf3
    • Andrew Morton's avatar
      [PATCH] rmap: flush_dcache revisited · c4d92e6b
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      One of the callers of flush_dcache_page is do_generic_mapping_read, where
      file is read without i_sem and without page lock: concurrent truncation may
      at any moment remove page from cache, NULLing ->mapping, making
      flush_dcache_page liable to oops.  Put result of page_mapping in a local
      variable and apply mapping_mapped to that (if we were to check for NULL
      within mapping_mapped, it's unclear whether to say yes or no).
      
      parisc and arm do have other locking unsafety in their i_mmap(_shared)
      searching, but that's a larger issue to be dealt with down the line.
      c4d92e6b
    • Andrew Morton's avatar
      [PATCH] Oprofilefs cant handle > 99 cpus · 1896ae13
      Andrew Morton authored
      From: Anton Blanchard <anton@samba.org>
      
      Oprofilefs cant handle > 99 cpus. This should fix it.
      1896ae13
    • Andrew Morton's avatar
      [PATCH] Fix unix module · 17ee20ae
      Andrew Morton authored
      From: Rusty Russell <rusty@rustcorp.com.au>
      
      # lsmod
      Module                  Size  Used by
      1                      26060  6
      #
      
      The compiler #define's unix to 1: we use -DKBUILD_MODNAME=unix.  We used to
      #undef unix at the top of af_unix.c, but now the name is inserted by
      modpost, that doesn't help.
      
      #undef unix in modpost.c's generated C file.
      17ee20ae
    • Andrew Morton's avatar
      [PATCH] ppc64: Fix CPU hot unplug deadlock · 26214e32
      Andrew Morton authored
      From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      
      My RTAS locking fixes incorrectly added a spinlock around the function used
      to stop a CPU, that function never returns, thus the lock becomes stale.
      The correct fix is to disable interrupts instead (the RTAS params beeing
      per-CPU, this should be safe enough)
      26214e32
    • Linus Torvalds's avatar
      Allow non-LFS sendfile to work on LFS files. · f5e277c5
      Linus Torvalds authored
      But obviously only if we're not passing in any offset pointer.
      
      This is how 2.4.x worked, and vsftpd relies on it.
      
      Bug reported by Chris < chris@scary.beasts.org>
      f5e277c5
    • Linus Torvalds's avatar
      Merge master.kernel.org:/home/davem/BK/net-2.6 · a9eb9eb7
      Linus Torvalds authored
      into ppc970.osdl.org:/home/torvalds/v2.6/linux
      a9eb9eb7
  3. 17 Apr, 2004 8 commits