1. 14 Dec, 2006 19 commits
    • Adrian Bunk's avatar
      [ALSA] fix some memory leaks · e2cde312
      Adrian Bunk authored
      This patch fixes two memory leaks spotted by the Coverity checker.
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      e2cde312
    • Adrian Bunk's avatar
      [ALSA] sound/core/: fix 3 off-by-one errors · 2b126698
      Adrian Bunk authored
      This patch fixes three off-by-one errors found by the Coverity checker.
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      2b126698
    • Peer Chen's avatar
      IDE: Add the support of nvidia PATA controllers of MCP67 to amd74xx.c · bbd75502
      Peer Chen authored
      Add support for PATA controllers of MCP67 to amd74xx.c.
      Signed-off-by: default avatarPeer Chen <pchen@nvidia.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      bbd75502
    • Peer Chen's avatar
      pci_ids.h: Add NVIDIA PCI ID · d84a90e3
      Peer Chen authored
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      d84a90e3
    • Randy Dunlap's avatar
      amd74xx.c: add some NVIDIA chipset IDs · 88c9c162
      Randy Dunlap authored
      Add some nVidia chipset ID's support.
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      88c9c162
    • Andrew Chew's avatar
      sata_nv/amd74xx: Add MCP61 support · 2633840d
      Andrew Chew authored
      Added MCP61 support to sata_nv and amd74xx.
      Signed-off-by: default avatarJeff Garzik <jeff@garzik.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      2633840d
    • Jeff Garzik's avatar
      [libata] sata_nv: add PCI IDs · 74e7ab11
      Jeff Garzik authored
      Based on a patch contributed by Andrew Chew @ NVIDIA.
      Signed-off-by: default avatarJeff Garzik <jeff@garzik.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      74e7ab11
    • Mark McLoughlin's avatar
      dm snapshot: fix metadata writing when suspending · 87b79cef
      Mark McLoughlin authored
      When suspending a device-mapper device, dm_suspend() sleeps until all
      necessary I/O is completed.  This state is triggered by a callback from
      persistent_commit().  But some I/O can still be issued *after* the callback
      (to prepare the next metadata area for use if the current one is full).  This
      patch delays the callback until after that I/O is complete.
      Signed-off-by: default avatarMark McLoughlin <markmc@redhat.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      87b79cef
    • Daniel Kobras's avatar
      dm: Fix deadlock under high i/o load in raid1 setup. · 970d548a
      Daniel Kobras authored
      On an nForce4-equipped machine with two SATA disk in raid1 setup using dmraid,
      we experienced frequent deadlock of the system under high i/o load.  'cat
      /dev/zero > ~/zero' was the most reliable way to reproduce them: Randomly
      after a few GB, 'cp' would be left in 'D' state along with kjournald and
      kmirrord.  The functions cp and kjournald were blocked in did vary, but
      kmirrord's wchan always pointed to 'mempool_alloc()'.  We've seen this pattern
      on 2.6.15 and 2.6.17 kernels.  http://lkml.org/lkml/2005/4/20/142 indicates
      that this problem has been around even before.
      
      So much for the facts, here's my interpretation: mempool_alloc() first tries
      to atomically allocate the requested memory, or falls back to hand out
      preallocated chunks from the mempool.  If both fail, it puts the calling
      process (kmirrord in this case) on a private waitqueue until somebody refills
      the pool.  Where the only 'somebody' is kmirrord itself, so we have a
      deadlock.
      
      I worked around this problem by falling back to a (blocking) kmalloc when
      before kmirrord would have ended up on the waitqueue.  This defeats part of
      the benefits of using the mempool, but at least keeps the system running.  And
      it could be done with a two-line change.  Note that mempool_alloc() clears the
      GFP_NOIO flag internally, and only uses it to decide whether to wait or return
      an error if immediate allocation fails, so the attached patch doesn't change
      behaviour in the non-deadlocking case.  Path is against current git
      (2.6.18-rc4), but should apply to earlier versions as well.  I've tested on
      2.6.15, where this patch makes the difference between random lockup and a
      stable system.
      Signed-off-by: default avatarDaniel Kobras <kobras@linux.de>
      Acked-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      970d548a
    • Neil Brown's avatar
      dm: mirror sector offset fix · b48a29e3
      Neil Brown authored
      The device-mapper core does not perform any remapping of bios before passing
      them to the targets.  If a particular mapping begins part-way into a device,
      targets obtain the sector relative to the start of the mapping by subtracting
      ti->begin.
      
      The dm-raid1 target didn't do this everywhere: this patch fixes it, taking
      care to subtract ti->begin exactly once for each bio.
      Signed-off-by: default avatarNeil Brown <neilb@suse.de>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      b48a29e3
    • Jeff Mahoney's avatar
      dm: add module ref counting · 2d22e81c
      Jeff Mahoney authored
      The reference counting on dm-mod is zero if no mapped devices are open.  This
      is incorrect, and can lead to an oops if the module is unloaded while mapped
      devices exist.
      
      This patch claims a reference to the module whenever a device is created, and
      drops it again when the device is freed.
      
      Devices must be removed before dm-mod is unloaded.
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      2d22e81c
    • Alasdair G Kergon's avatar
      dm snapshot: unify chunk_size · 9d1b6de8
      Alasdair G Kergon authored
      Persistent snapshots currently store a private copy of the chunk size.
      Userspace also supplies the chunk size when loading a snapshot.  Ensure
      consistency by only storing the chunk_size in one place instead of two.
      
      Currently the two sizes will differ if the chunk size supplied by userspace
      does not match the chunk size an existing snapshot actually uses.  Amongst
      other problems, this causes an incorrect 'percentage full' to be reported.
      
      The patch ensures consistency by only storing the chunk_size in one place,
      removing it from struct pstore.  Some initialisation is delayed until the
      correct chunk_size is known.  If read_header() discovers that the wrong chun
      size was supplied, the 'area' buffer (which the header already got read into
      is reinitialised to the correct size.
      Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      9d1b6de8
    • Michal Miroslaw's avatar
      dm: BUG/OOPS fix · 9f822c56
      Michal Miroslaw authored
      Fix BUG I tripped on while testing failover and multipathing.
      
      BUG shows up on error path in multipath_ctr() when parse_priority_group()
      fails after returning at least once without error.  The fix is to
      initialize m->ti early - just after alloc()ing it.
      
      BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000
      0
       printing eip:
      c027c3d2
      *pde = 00000000
      Oops: 0000 [#3]
      Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy
      CPU:    0
      EIP:    0060:[<c027c3d2>]    Not tainted VLI
      EFLAGS: 00010202   (2.6.17.3 #1)
      EIP is at dm_put_device+0xf/0x3b
      eax: 00000001   ebx: ee4fcac0   ecx: 00000000   edx: ee4fcac0
      esi: ee4fc4e0   edi: ee4fc4e0   ebp: 00000000   esp: c5db3e78
      ds: 007b   es: 007b   ss: 0068
      Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90)
      Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480
             f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000
             00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000
      Call Trace:
       <c02816bd> free_pgpaths+0x31/0x45  <c02816f6> free_priority_group+0x25/0x2e
       <c0281801> free_multipath+0x35/0x67  <c0281ffe> multipath_ctr+0x123/0x12d
       <c027c6ee> dm_table_add_target+0x11e/0x18b  <c027e5b4> populate_table+0x8a/0xaf
       <c027e62b> table_load+0x52/0xf9  <c027ec23> ctl_ioctl+0xca/0xfc
       <c027e5d9> table_load+0x0/0xf9  <c0152146> do_ioctl+0x3e/0x43
       <c0152360> vfs_ioctl+0x16c/0x178  <c01523b4> sys_ioctl+0x48/0x60
       <c01029b3> syscall_call+0x7/0xb
      Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e
       5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6
       fb ff ff 8b 03 8b 53 04 89 50 04 89 02
      EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78
      Signed-off-by: default avatarMichal Miroslaw <mirq-linux@rere.qmqm.pl>
      Acked-by: default avatarAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      9f822c56
    • Jean Delvare's avatar
      [SCSI] gdth: Fix && typos · b089ea69
      Jean Delvare authored
      Fix uses of "&&" where "&" was obviously intended instead.
      Signed-off-by: default avatarJean Delvare <khali@linux-fr.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      b089ea69
    • Joerg Ahrens's avatar
      xirc2ps_cs: Cannot reset card in atomic context · 2d3ecb5f
      Joerg Ahrens authored
      I am using a Xircom CEM33 pcmcia NIC which has occasional hardware problems.
      If the netdev watchdog detects a transmit timeout, do_reset is called which
      msleeps - this is illegal in atomic context.
      
      This patch schedules the timeout handling as a workqueue item.
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      2d3ecb5f
    • Alexey Kuznetsov's avatar
      [IPV4]: severe locking bug in fib_semantics.c · 2a9d7dbf
      Alexey Kuznetsov authored
      Found in 2.4 by Yixin Pan <yxpan@hotmail.com>.
      
      > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) =
      > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock).  =
      > Is the following case possible: a BH interrupts fib_release_info() while =
      > holding the write lock, and calls ip_check_fib_default() which calls =
      > read_lock(&fib_info_lock), and spin forever.
      Signed-off-by: default avatarAlexey Kuznetsov <kuznet@ms2.inr.ac.ru>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      2a9d7dbf
    • Hans Verkuil's avatar
      V4L: Fix broken TUNER_LG_NTSC_TAPE radio support · 594834bc
      Hans Verkuil authored
      The TUNER_LG_NTSC_TAPE is identical in all respects to the
      TUNER_PHILIPS_FM1236_MK3. So use the params struct for the Philips
      tuner.
      Also add this LG_NTSC_TAPE tuner to the switches where radio specific
      parameters are set so it behaves like a TUNER_PHILIPS_FM1236_MK3. This
      change fixes the radio support for this tuner (the wrong bandswitch byte
      was used).
      
      Thanks to Andy Walls <cwalls@radix.net> for finding this bug.
      Signed-off-by: default avatarHans Verkuil <hverkuil@xs4all.nl>
      Signed-off-by: default avatarMichael Krufky <mkrufky@linuxtv.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      594834bc
    • Michael Krufky's avatar
      DVB: lgdt330x: fix signal / lock status detection bug · 5cc74eb8
      Michael Krufky authored
      In some cases when using VSB, the AGC status register has been known to
      falsely report "no signal" when in fact there is a carrier lock.  The
      datasheet labels these status flags as QAM only, yet the lgdt330x
      module is using these flags for both QAM and VSB.
      
      This patch allows for the carrier recovery lock status register to be
      tested, even if the agc signal status register falsely reports no signal.
      
      Thanks to jcrews from #linuxtv in irc, for initially reporting this bug.
      Signed-off-by: default avatarMichael Krufky <mkrufky@linuxtv.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      5cc74eb8
    • Herbert Xu's avatar
      [CRYPTO] sha512: Fix sha384 block size · 5f486864
      Herbert Xu authored
      The SHA384 block size should be 128 bytes, not 96 bytes.  This was
      spotted by Andrew Donofrio.
      
      This breaks HMAC which uses the block size during setup and the final
      calculation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      5f486864
  2. 13 Dec, 2006 1 commit
  3. 09 Dec, 2006 4 commits
    • Adrian Bunk's avatar
      Linux 2.6.16.36-rc1 · 567e8e58
      Adrian Bunk authored
      567e8e58
    • Chuck Ebbert's avatar
      binfmt_elf: fix checks for bad address · 40618f2d
      Chuck Ebbert authored
      Fix check for bad address; use macro instead of open-coding two checks.
      
      Taken from RHEL4 kernel update.
      
      From: Ernie Petrides <petrides@redhat.com>
      
        For background, the BAD_ADDR() macro should return TRUE if the address is
        TASK_SIZE, because that's the lowest address that is *not* valid for
        user-space mappings.  The macro was correct in binfmt_aout.c but was wrong
        for the "equal to" case in binfmt_elf.c.  There were two in-line validations
        of user-space addresses in binfmt_elf.c, which have been appropriately
        converted to use the corrected BAD_ADDR() macro in the patch you posted
        yesterday.  Note that the size checks against TASK_SIZE are okay as coded.
      
        The additional changes that I propose are below.  These are in the error
        paths for bad ELF entry addresses once load_elf_binary() has already
        committed to exec'ing the new image (following the tearing down of the
        task's original address space).
      
        The 1st hunk deals with the interp-side of the outer "if".  There were two
        problems here.  The printk() should be removed because this path can be
        triggered at will by a bogus interpreter image created and used by a
        malicious user.  Further, the error code should not be ENOEXEC, because that
        causes the loop in search_binary_handler() to continue trying other exec
        handlers (twice, in fact).  But it's too late for this to work correctly,
        because the user address space has already been torn down, and an exec()
        failure cannot be returned to the user code because the code no longer
        exists.  The only recovery is to force a SIGSEGV, but it's best to terminate
        the search loop immediately.  I somewhat arbitrarily chose EINVAL as a
        fallback error code, but any error returned by load_elf_interp() will
        override that (but this value will never be seen by user-space).
      
        The 2nd hunk deals with the non-interp-side of the outer "if".  There were
        two problems here as well.  The SIGSEGV needs to be forced, because a prior
        sigaction() syscall might have set the associated disposition to SIG_IGN.
        And the ENOEXEC should be changed to EINVAL as described above.
      Signed-off-by: default avatarChuck Ebbert <76306.1226@compuserve.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      40618f2d
    • David S. Miller's avatar
      [IPSEC]: Fix inetpeer leak in ipv4 xfrm dst entries. · 888d358e
      David S. Miller authored
      We grab a reference to the route's inetpeer entry but
      forget to release it in xfrm4_dst_destroy().
      
      Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      888d358e
    • Patrick McHardy's avatar
      [XFRM]: Use output device disable_xfrm for forwarded packets · 6a24340c
      Patrick McHardy authored
      Currently the behaviour of disable_xfrm is inconsistent between
      locally generated and forwarded packets. For locally generated
      packets disable_xfrm disables the policy lookup if it is set on
      the output device, for forwarded traffic however it looks at the
      input device. This makes it impossible to disable xfrm on all
      devices but a dummy device and use normal routing to direct
      traffic to that device.
      
      Always use the output device when checking disable_xfrm.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      6a24340c
  4. 08 Dec, 2006 8 commits
  5. 06 Dec, 2006 2 commits
    • Ralf Baechle's avatar
      Fix mempolicy.h build error · 4a740b27
      Ralf Baechle authored
      <linux/mempolicy.h> uses struct mm_struct and relies on a definition or
      declaration somehow magically being dragged in which may result in a
      build:
      
        CC      mm/mempolicy.o
      In file included from mm/mempolicy.c:69:
      include/linux/mempolicy.h:150: warning: 'struct mm_struct' declared inside parameter list
      include/linux/mempolicy.h:150: warning: its scope is only this definition or declaration, which is probably not what you want
      include/linux/mempolicy.h:174: warning: 'struct mm_struct' declared inside parameter list
      mm/mempolicy.c:673: error: conflicting types for 'do_migrate_pages'
      include/linux/mempolicy.h:174: error: previous declaration of 'do_migrate_pages' was here
      mm/mempolicy.c:1696: error: conflicting types for 'mpol_rebind_mm'
      include/linux/mempolicy.h:150: error: previous declaration of 'mpol_rebind_mm' was here
      make[1]: *** [mm/mempolicy.o] Error 1
      make: *** [mm] Error 2
      $
      
      Including <linux/sched.h> is a step into direction of include hell so
      fixed by adding a forward declaration of struct mm_struct instead.
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      4a740b27
    • Adrian Bunk's avatar
      Linux 2.6.16.35 · 0c95cdfa
      Adrian Bunk authored
      0c95cdfa
  6. 04 Dec, 2006 6 commits