- 14 Dec, 2006 7 commits
-
-
Michal Miroslaw authored
Fix BUG I tripped on while testing failover and multipathing. BUG shows up on error path in multipath_ctr() when parse_priority_group() fails after returning at least once without error. The fix is to initialize m->ti early - just after alloc()ing it. BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000 0 printing eip: c027c3d2 *pde = 00000000 Oops: 0000 [#3] Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy CPU: 0 EIP: 0060:[<c027c3d2>] Not tainted VLI EFLAGS: 00010202 (2.6.17.3 #1) EIP is at dm_put_device+0xf/0x3b eax: 00000001 ebx: ee4fcac0 ecx: 00000000 edx: ee4fcac0 esi: ee4fc4e0 edi: ee4fc4e0 ebp: 00000000 esp: c5db3e78 ds: 007b es: 007b ss: 0068 Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90) Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480 f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000 00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000 Call Trace: <c02816bd> free_pgpaths+0x31/0x45 <c02816f6> free_priority_group+0x25/0x2e <c0281801> free_multipath+0x35/0x67 <c0281ffe> multipath_ctr+0x123/0x12d <c027c6ee> dm_table_add_target+0x11e/0x18b <c027e5b4> populate_table+0x8a/0xaf <c027e62b> table_load+0x52/0xf9 <c027ec23> ctl_ioctl+0xca/0xfc <c027e5d9> table_load+0x0/0xf9 <c0152146> do_ioctl+0x3e/0x43 <c0152360> vfs_ioctl+0x16c/0x178 <c01523b4> sys_ioctl+0x48/0x60 <c01029b3> syscall_call+0x7/0xb Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02 EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78 Signed-off-by:Michal Miroslaw <mirq-linux@rere.qmqm.pl> Acked-by:
Alasdair G Kergon <agk@redhat.com> Signed-off-by:
Adrian Bunk <bunk@stusta.de>
-
Jean Delvare authored
Fix uses of "&&" where "&" was obviously intended instead. Signed-off-by:
Jean Delvare <khali@linux-fr.org> Signed-off-by:
-
Joerg Ahrens authored
I am using a Xircom CEM33 pcmcia NIC which has occasional hardware problems. If the netdev watchdog detects a transmit timeout, do_reset is called which msleeps - this is illegal in atomic context. This patch schedules the timeout handling as a workqueue item. Signed-off-by: -
Alexey Kuznetsov authored
Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) = > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). = > Is the following case possible: a BH interrupts fib_release_info() while = > holding the write lock, and calls ip_check_fib_default() which calls = > read_lock(&fib_info_lock), and spin forever. Signed-off-by:
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by:
-
Hans Verkuil authored
The TUNER_LG_NTSC_TAPE is identical in all respects to the TUNER_PHILIPS_FM1236_MK3. So use the params struct for the Philips tuner. Also add this LG_NTSC_TAPE tuner to the switches where radio specific parameters are set so it behaves like a TUNER_PHILIPS_FM1236_MK3. This change fixes the radio support for this tuner (the wrong bandswitch byte was used). Thanks to Andy Walls <cwalls@radix.net> for finding this bug. Signed-off-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Signed-off-by:
-
Michael Krufky authored
In some cases when using VSB, the AGC status register has been known to falsely report "no signal" when in fact there is a carrier lock. The datasheet labels these status flags as QAM only, yet the lgdt330x module is using these flags for both QAM and VSB. This patch allows for the carrier recovery lock status register to be tested, even if the agc signal status register falsely reports no signal. Thanks to jcrews from #linuxtv in irc, for initially reporting this bug. Signed-off-by:
-
Herbert Xu authored
The SHA384 block size should be 128 bytes, not 96 bytes. This was spotted by Andrew Donofrio. This breaks HMAC which uses the block size during setup and the final calculation. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
- 13 Dec, 2006 1 commit
-
-
Adrian Bunk authored
-
- 09 Dec, 2006 4 commits
-
-
Adrian Bunk authored
-
Chuck Ebbert authored
Fix check for bad address; use macro instead of open-coding two checks. Taken from RHEL4 kernel update. From: Ernie Petrides <petrides@redhat.com> For background, the BAD_ADDR() macro should return TRUE if the address is TASK_SIZE, because that's the lowest address that is *not* valid for user-space mappings. The macro was correct in binfmt_aout.c but was wrong for the "equal to" case in binfmt_elf.c. There were two in-line validations of user-space addresses in binfmt_elf.c, which have been appropriately converted to use the corrected BAD_ADDR() macro in the patch you posted yesterday. Note that the size checks against TASK_SIZE are okay as coded. The additional changes that I propose are below. These are in the error paths for bad ELF entry addresses once load_elf_binary() has already committed to exec'ing the new image (following the tearing down of the task's original address space). The 1st hunk deals with the interp-side of the outer "if". There were two problems here. The printk() should be removed because this path can be triggered at will by a bogus interpreter image created and used by a malicious user. Further, the error code should not be ENOEXEC, because that causes the loop in search_binary_handler() to continue trying other exec handlers (twice, in fact). But it's too late for this to work correctly, because the user address space has already been torn down, and an exec() failure cannot be returned to the user code because the code no longer exists. The only recovery is to force a SIGSEGV, but it's best to terminate the search loop immediately. I somewhat arbitrarily chose EINVAL as a fallback error code, but any error returned by load_elf_interp() will override that (but this value will never be seen by user-space). The 2nd hunk deals with the non-interp-side of the outer "if". There were two problems here as well. The SIGSEGV needs to be forced, because a prior sigaction() syscall might have set the associated disposition to SIG_IGN. And the ENOEXEC should be changed to EINVAL as described above. Signed-off-by:
Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by:
-
David S. Miller authored
We grab a reference to the route's inetpeer entry but forget to release it in xfrm4_dst_destroy(). Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Patrick McHardy authored
Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
- 08 Dec, 2006 8 commits
-
-
Adrian Bunk authored
This patch reverts the quirk_via_irq changes in 2.6.16.17 that caused regressions for several people. Signed-off-by: -
Daniel Ritz authored
Signed-off-by:
Daniel Ritz <daniel.ritz@gmx.ch> Signed-off-by:
-
Daniel Ritz authored
- add the ICH6(R) LPC to the ICH6 ACPI quirks. currently only the ICH6-M is handled. [ PCI_DEVICE_ID_INTEL_ICH6_1 is the ICH6-M LPC, ICH6_0 is the ICH6(R) ] Signed-off-by:
-
Jean Delvare authored
Unhide the SMBus controller on the Asus PU-DLS board. This fixes bug #6763. Signed-off-by:
-
Bjorn Helgaas authored
Without this quirk, e100 can be pulling on a shared interrupt line when another device (eg. USB) loads, causing the interrupt to scream and get disabled. http://bugzilla.kernel.org/show_bug.cgi?id=5918Signed-off-by:
Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by:
-
Linus Torvalds authored
This is confirmed to fix a hang due to PCI resource conflicts with setting up the Cardbus bridge on old laptops with the 440MX chipsets. Original report by Alessio Sangalli, lspci debugging help by Pekka Enberg, and trial patch suggested by Daniel Ritz: "From the docs available i would _guess_ this thing is really similar to the 82443BX/82371AB combination. at least the SMBus base address register is hidden at the very same place (32bit at 0x90 in function 3 of the "south" brigde)" The dang thing is largely undocumented, but the patch was corroborated by Asit Mallick: "I am trying to find the register information. 440MX is an integration of 440BX north-bridge without AGP and PIIX4E (82371EB). PIIX4 quirk should cover the ACPI and SMBus related I/O registers." and verified to fix the problem by Alessio. Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
-
Brice Goglin authored
The nVidia CK804 PCI-E chipset supports the AER extended capability but sometimes fails to link it (with some BIOS or after a warm reboot). It makes the AER cap invisible to pci_find_ext_capability(). The patch adds a quirk to set the missing bit that controls the linking of the capability. By the way, it removes the corresponding code in the myri10ge driver. Signed-off-by:
Brice Goglin <brice@myri.com> Signed-off-by:
-
John W. Linville authored
The naming of the constant defined for PCI ID 1022:7450 does not seem to match the information at http://pciids.sourceforge.net/: http://pci-ids.ucw.cz/iii/?i=1022 There 1022:7450 is listed as "AMD-8131 PCI-X Bridge" while 1022:7451 is listed as "AMD-8131 PCI-X IOAPIC". Yet, the current definition for 0x7450 is PCI_DEVICE_ID_AMD_8131_APIC. It seems to me like that name should map to 0x7451, while a name like PCI_DEVICE_ID_AMD_8131_BRIDGE should map to 0x7450. Signed-off-by:
John W. Linville <linville@tuxdriver.com> Signed-off-by:
-
- 06 Dec, 2006 2 commits
-
-
Ralf Baechle authored
<linux/mempolicy.h> uses struct mm_struct and relies on a definition or declaration somehow magically being dragged in which may result in a build: CC mm/mempolicy.o In file included from mm/mempolicy.c:69: include/linux/mempolicy.h:150: warning: 'struct mm_struct' declared inside parameter list include/linux/mempolicy.h:150: warning: its scope is only this definition or declaration, which is probably not what you want include/linux/mempolicy.h:174: warning: 'struct mm_struct' declared inside parameter list mm/mempolicy.c:673: error: conflicting types for 'do_migrate_pages' include/linux/mempolicy.h:174: error: previous declaration of 'do_migrate_pages' was here mm/mempolicy.c:1696: error: conflicting types for 'mpol_rebind_mm' include/linux/mempolicy.h:150: error: previous declaration of 'mpol_rebind_mm' was here make[1]: *** [mm/mempolicy.o] Error 1 make: *** [mm] Error 2 $ Including <linux/sched.h> is a step into direction of include hell so fixed by adding a forward declaration of struct mm_struct instead. Signed-off-by:
Ralf Baechle <ralf@linux-mips.org> Signed-off-by:
-
Adrian Bunk authored
-
- 04 Dec, 2006 18 commits
-
-
Adrian Bunk authored
-
Chris Wright authored
Make sure to properly clamp maxnum to avoid overflow (CVE-2006-5751). Signed-off-by:
Chris Wright <chrisw@sous-sol.org> Acked-by:
Stephen Hemminger <shemminger@osdl.org> Acked-by:
-
Trond Myklebust authored
fcntl(F_SETSIG) no longer works on leases because lease_release_private_callback() gets called as the lease is copied in order to initialise it. The problem is that lease_alloc() performs an unnecessary initialisation, which sets the lease_manager_ops. Avoid the problem by allocating the target lease structure using locks_alloc_lock(). Signed-off-by:
Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by:
-
Jens Axboe authored
cciss needs to call disk_stat_add() for iostat to work. Signed-off-by:
Jens Axboe <jens.axboe@oracle.com> Signed-off-by:
-
Jens Axboe authored
cpqarray needs to call disk_stat_add() for iostat to work. Signed-off-by:
-
Michael De Backer authored
Configuration bits are not set properly for DMA on some chipset revisions. It has already been corrected for M5229 (rev c7) but not for M5229 (rev c8). This leads to the bug described at http://bugzilla.kernel.org/show_bug.cgi?id=5786 (lost interrupt + ide bus hangs). Signed-off-by:
Michael De Backer <micdb@skynet.be> Signed-off-by:
-
Fernando J. Pereda authored
There appears to be a typo in the EV56 config option. NORITAKE and PRIMO are be able to set a variation of either. Signed-off-by:
Daniel Drake <dsd@gentoo.org> Signed-off-by:
-
Jiri Slaby authored
port is dereferenced even if it is NULL. Dereference it _after_ the check if (!port)... Thanks Eric <ef87@yahoo.com> for reporting this. This fixes http://bugzilla.kernel.org/show_bug.cgi?id=7527Signed-off-by:Jiri Slaby <jirislaby@gmail.com> Signed-off-by:
-
Roberto Castagnola authored
MX300 does not have an EXTRA_BTN - it is a simple wheel mouse with an additional task-switcher button, which is reported as side button (and not task button). Signed-off-by:
Dmitry Torokhov <dtor@mail.ru> Signed-off-by:
-
Zbigniew Luszpinski authored
Signed-off-by:
-
Zhou Yingchao authored
An up() is called in kernel/stop_machine.c on failure, and also in the caller (unconditionally). Signed-off-by:
Zhou Yingchao <yingchao.zhou@gmail.com> Signed-off-by:
-
Al Viro authored
Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Al Viro authored
No need to revisit a chain we'd already finished with during the check for current hook. It's either instant loop (which we'd just detected) or a duplicate work. Signed-off-by:
-
Al Viro authored
We need that for iterator to work; existing check had been too weak. Signed-off-by:
-
Al Viro authored
We need to verify that a) we are not too close to the end of buffer to dereference b) next entry we'll be checking won't be _before_ our While we are at it, don't subtract unrelated pointers... Signed-off-by: -
Patrick McHardy authored
The tc actions increased the size of struct tc_police, which broke compatibility with old iproute binaries since both the act_police and the old NET_CLS_POLICE code check for an exact size match. Since the new members are not even used, the simple fix is to also accept the size of the old structure. Dumping is not affected since old userspace will receive a bigger structure, which is handled fine. Signed-off-by:
Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by:
-
Kim Nordlund authored
Not returning -EINVAL, because someone might want to use the value zero in some future gact_prob algorithm? Signed-off-by:
Kim Nordlund <kim.nordlund@nokia.com> Signed-off-by:
-
Dave Kleikamp authored
diRead and diWrite are representing the page number as an unsigned int. This causes file system corruption on volumes larger than 16TB. Signed-off-by:
Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by:
-
