Skip to content
Commits on Sep 10, 2005
  1. Linux 2.6.13.1

    Chris Wright committed Sep 9, 2005
  2. [PATCH] raw_sendmsg DoS (CAN-2005-2492)

    Fix unchecked __get_user that could be tricked into generating a
    memory read on an arbitrary address.  The result of the read is not
    returned directly but you may be able to divine some information about
    it, or use the read to cause a crash on some architectures by reading
    hardware state.  CAN-2005-2492.
    
    Fix from Al Viro, ack from Dave Miller.
    
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Al Viro committed with Chris Wright Aug 31, 2005
  3. @dwmw2

    [PATCH] 32bit sendmsg() flaw (CAN-2005-2490)

    When we copy 32bit ->msg_control contents to kernel, we walk the same
    userland data twice without sanity checks on the second pass.
    
    Second version of this patch: the original broke with 64-bit arches
    running 32-bit-compat-mode executables doing sendmsg() syscalls with
    unaligned CMSG data areas
    
    Another thing is that we use kmalloc() to allocate and sock_kfree_s()
    to free afterwards; less serious, but also needs fixing.
    
    Patch by Al Viro, David Miller, David Woodhouse
    (sparc64 clean compile fix from David Miller)
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: David Woodhouse <dwmw2@infradead.org>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dwmw2 committed with Chris Wright Sep 6, 2005
  4. [PATCH] Reassembly trim not clearing CHECKSUM_HW

    [IPV4]: Reassembly trim not clearing CHECKSUM_HW
    
    This was found by inspection while looking for checksum problems
    with the skge driver that sets CHECKSUM_HW. It did not fix the
    problem, but it looks like it is needed.
    
    If IP reassembly is trimming an overlapping fragment, it
    should reset (or adjust) the hardware checksum flag on the skb.
    
    Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Stephen Hemminger committed with Chris Wright Sep 6, 2005
  5. @davem330

    [PATCH] Use SA_SHIRQ in sparc specific code.

    Based upon a report from Jason Wever.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    davem330 committed with Chris Wright Sep 6, 2005
  6. @herbertx

    [PATCH] Fix boundary check in standard multi-block cipher processors

    [CRYPTO] Fix boundary check in standard multi-block cipher processors
    
    Fixes Bug 5194 (IPSec related Oops in 2.6.13).
    
    The boundary check in the standard multi-block cipher processors are
    broken when nbytes is not a multiple of bsize.  In those cases it will
    always process an extra block.
    
    This patch corrects the check so that it processes at most nbytes of data.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    herbertx committed with Chris Wright Sep 9, 2005
  7. @herbertx

    [PATCH] 2.6.13 breaks libpcap (and tcpdump)

    [NET]: 2.6.13 breaks libpcap (and tcpdump)
    
    Patrick McHardy says:
    
      Never mind, I got it, we never fall through to the second switch
      statement anymore. I think we could simply break when load_pointer
      returns NULL. The switch statement will fall through to the default
      case and return 0 for all cases but 0 > k >= SKF_AD_OFF.
    
    Here's a patch to do just that.
    
    I left BPF_MSH alone because it's really a hack to calculate the IP
    header length, which makes no sense when applied to the special data.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    herbertx committed with Chris Wright Sep 5, 2005
  8. [PATCH] x86: pci_assign_unassigned_resources() update

    I had some time to think about PCI assign issues in 2.6.13-rc series.
    
    The major problem here is that we call pci_assign_unassigned_resources()
    way too early - at subsys_initcall level. Therefore we give no chances
    to ACPI and PnP routines (called at fs_initcall level) to reserve their
    respective resources properly, as the comments in drivers/pnp/system.c
    and drivers/acpi/motherboard.c suggest:
    
     /**
      * Reserve motherboard resources after PCI claim BARs,
      * but before PCI assign resources for uninitialized PCI devices
      */
    
    So I moved the pci_assign_unassigned_resources() call to
    pcibios_assign_resources() (fs_initcall), which should hopefully fix a
    lot of problems and make PCIBIOS_MIN_IO tweaks unnecessary.
    
    Other changes:
    - remove resource assignment code from pcibios_assign_resources(), since
      it duplicates pci_assign_unassigned_resources() functionality and
      actually does nothing in 2.6.13;
    - modify ROM assignment code as per Ben's suggestion: try to use firmware
      settings by default (if PCI_ASSIGN_ROMS is not set);
    - set CARDBUS_IO_SIZE back to 4K as it's a wonderful stress test for
      various setups.
    
    Confirmed by Tero Roponen <teanropo@cc.jyu.fi> (who had problems with
    the 4kB CardBus IO size previously).
    
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Ivan Kokshaysky committed with Chris Wright Sep 5, 2005
  9. @ozbenh

    [PATCH] Fix PCI ROM mapping

    This fixes a problem with pci_map_rom() which doesn't properly
    update the ROM BAR value with the address thas allocated for it by the
    PCI code. This problem, among other, breaks boot on Mac laptops.
    
    It'ss a new version based on Linus latest one with better error
    checking.
    
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ozbenh committed with Chris Wright Sep 4, 2005
  10. [PATCH] aacraid: 2.6.13 aacraid bad BUG_ON fix

    This was noticed by Doug Bazamic and the fix found by Mark Salyzyn at
    Adaptec.
    
    There was an error in the BUG_ON() statement that validated the
    calculated fib size which can cause the driver to panic.
    
    Signed-off-by: Mark Haverkamp <markh@osdl.org>
    Acked-by: James Bottomley <James.Bottomley@SteelEye.com>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Mark Haverkamp committed with Chris Wright Sep 1, 2005
  11. [PATCH] Kconfig: saa7134-dvb must select tda1004x

    I wish I had seen this before 2.6.13 was released... I guess this only
    goes to show that there haven't been any testers using saa7134-hybrid
    dvb/v4l boards that depend on the tda1004x module, during the 2.6.13-rc
    series :-(
    
    Please apply this to 2.6.14, and also to 2.6.13.1 -stable.  Without this
    patch, users will have to EXPLICITLY select tda1004x in Kconfig.  This
    SHOULD be done automatically when saa7134-dvb is selected.  This patch
    corrects this problem.
    
    saa7134-dvb must select tda1004x
    
    Signed-off-by: Michael Krufky <mkrufky@m1k.net>
    Signed-off-by: Chris Wright <chrisw@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Michael Krufky committed with Chris Wright Aug 30, 2005
Commits on Aug 28, 2005
  1. Linux v2.6.13

    Linus Torvalds committed Aug 28, 2005
  2. [PATCH] zfcp: bugfix and compile fixes

    Bugfix (usage of uninitialized pointer in zfcp_port_dequeue) and compile
    fixes for the zfcp device driver.
    
    Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Acked-by: James Bottomley <James.Bottomley@steeleye.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Heiko Carstens committed with Linus Torvalds Aug 28, 2005
  3. [PATCH] zfcp: fix compilation due to rports changes

    struct zfcp_port::scsi_id was removed by commit
      3859f6a
    
    Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Alexey Dobriyan committed with Linus Torvalds Aug 28, 2005
  4. Merge refs/heads/upstream-fixes from master.kernel.org:/pub/scm/linux…

    …/kernel/git/jgarzik/netdev-2.6
    Linus Torvalds committed Aug 27, 2005
  5. @paulusmack

    [PATCH] Remove race between con_open and con_close

    [ Same race and same patch also by Steven Rostedt <rostedt@goodmis.org> ]
    
    I have a laptop (G3 powerbook) which will pretty reliably hit a race
    between con_open and con_close late in the boot process and oops in
    vt_ioctl due to tty->driver_data being NULL.
    
    What happens is this: process A opens /dev/tty6; it comes into
    con_open() (drivers/char/vt.c) and assign a non-NULL value to
    tty->driver_data.  Then process A closes that and concurrently process
    B opens /dev/tty6.  Process A gets through con_close() and clears
    tty->driver_data, since tty->count == 1.  However, before process A
    can decrement tty->count, we switch to process B (e.g. at the
    down(&tty_sem) call at drivers/char/tty_io.c line 1626).
    
    So process B gets to run and comes into con_open with tty->count == 2,
    as tty->count is incremented (in init_dev) before con_open is called.
    Because tty->count != 1, we don't set tty->driver_data.  Then when the
    process tries to do anything with that fd, it oopses.
    
    The simple and effective fix for this is to test tty->driver_data
    rather than tty->count in con_open.  The testing and setting of
    tty->driver_data is serialized with respect to the clearing of
    tty->driver_data in con_close by the console_sem.  We can't get a
    situation where con_open sees tty->driver_data != NULL and then
    con_close on a different fd clears tty->driver_data, because
    tty->count is incremented before con_open is called.  Thus this patch
    eliminates the race, and in fact with this patch my laptop doesn't
    oops.
    
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    [ Same patch
    Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
      in http://marc.theaimsgroup.com/?l=linux-kernel&m=112450820432121&w=2 ]
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    paulusmack committed with Linus Torvalds Aug 28, 2005
Commits on Aug 27, 2005
  1. [PATCH] zfcp: add rports to enable scsi_add_device to work again

    This patch fixes a severe problem with 2.6.13-rc7.
    
    Due to recent SCSI changes it is not possible to add any LUNs to the zfcp
    device driver anymore.  With registration of remote ports this is fixed.
    
    Signed-off-by: Andreas Herrmann <aherrman@de.ibm.com>
    Acked-by: James Bottomley <jejb@steeleye.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Andreas Herrmann committed with Linus Torvalds Aug 27, 2005
  2. [PATCH] sg.c: fix a memory leak in devices seq_file implementation

    I know that scsi procfs is legacy code but this is a fix for a memory leak.
    
    While reading through sg.c I realized that the implementation of
    /proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
    pointer returned by the next() iterator method.  Since next() might return
    NULL or an error this is wrong.  This patch fixes it through using the
    seq_files private field for holding the reference to the iterator object.
    
    Here is a small bash script to trigger the leak. Use slabtop to watch
    the size-32 usage grow and grow.
    
    #!/bin/sh
    
    while true; do
    	cat /proc/scsi/sg/devices > /dev/null
    done
    
    Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de>
    Acked-by: James Bottomley <James.Bottomley@steeleye.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Jan Blunck committed with Linus Torvalds Aug 27, 2005
  3. [PATCH] fix for race problem in DVB USB drivers (dibusb)

    Fixed race between submitting streaming URBs in the driver and starting
    the actual transfer in hardware (demodulator and USB controller) which
    sometimes lead to garbled data transfers. URBs are now submitted first,
    then the transfer is enabled. Dibusb devices and clones are now fully
    functional again.
    
    Signed-off-by: Patrick Boettcher <pb@linuxtv.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Patrick Boettcher committed with Linus Torvalds Aug 27, 2005
  4. [PATCH] Fix capifs bug in initialization error path.

    This fixes a bug in the capifs initialization code, where the
    filesystem is not unregistered if kern_mount() fails.
    
    Signed-off-by: James Morris <jmorris@namei.org>
    Signed-off-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    James Morris committed with Linus Torvalds Aug 27, 2005
  5. @ebiederm

    [PATCH] acpi_shutdown: Only prepare for power off on power_off

    When acpi_sleep_prepare was moved into a shutdown method we
    started calling it for all shutdowns.
    
    It appears this triggers some systems to power off on reboot.
    
    Avoid this by only calling acpi_sleep_prepare if we are going to power
    off the system.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    ebiederm committed with Linus Torvalds Aug 27, 2005
  6. [PATCH] mmaper_kern.c fixes [buffer overruns]

     - copy_from_user() can fail; ->write() must check its return value.
    
     - severe buffer overruns both in ->read() and ->write() - lseek to the
       end (i.e.  to mmapper_size) and
    
    	if (count + *ppos > mmapper_size)
    		count = count + *ppos - mmapper_size;
    
       will do absolutely nothing.  Then it will call
    
    	copy_to_user(buf,&v_buf[*ppos],count);
    
       with obvious results (similar for ->write()).
    
       Fixed by turning read to simple_read_from_buffer() and by doing
       normal limiting of count in ->write().
    
     - gratitious lock_kernel() in ->mmap() - it's useless there.
    
     - lots of gratuitous includes.
    
    Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Al Viro committed with Linus Torvalds Aug 27, 2005
  7. @ralfbaechle

    [PATCH] Fix 6pack setting of MAC address

    Don't check type of sax25_family; dev_set_mac_address has already done
    that before and anyway, the type to check against would have been
    ARPHRD_AX25.  We only got away because AF_AX25 and ARPHRD_AX25 both happen
    to be defined to the same value.
    
    Don't check sax25_ndigis either; it's value is insignificant for the
    purpose of setting the MAC address and the check has shown to break
    some application software for no good reason.
    
    Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
    Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
    ralfbaechle committed with Jeff Garzik Aug 24, 2005
  8. @ralfbaechle

    [PATCH] 6pack Timer initialization

    I dropped the timer initialization bits by accident when sending the
    p-persistence fix.  This patch gets the driver to work again on halfduplex
    links.
    
    Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
    Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
    ralfbaechle committed with Jeff Garzik Aug 25, 2005
  9. [PATCH] Fix oops in sysfs_hash_and_remove_file()

    The problem arises if an entity in sysfs is created and removed without
    ever having been made completely visible.  In SCSI this is triggered by
    removing a device while it's initialising.
    
    The problem appears to be that because it was never made visible in sysfs,
    the sysfs dentry has a null d_inode which oopses when a reference is made
    to it.  The solution is simply to check d_inode and assume the object was
    never made visible (and thus doesn't need deleting) if it's NULL.
    
    (akpm: possibly a stopgap for 2.6.13 scsi problems.  May not be the
    long-term fix)
    
    Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
    Cc: Greg KH <greg@kroah.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    James Bottomley committed with Linus Torvalds Aug 26, 2005
  10. [PATCH] md: clear the 'recovery' flags when starting an md array.

    It's possible for this to still have flags in it and a previous instance
    has been stopped, and that confused the new array using the same mddev.
    
    Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    NeilBrown committed with Linus Torvalds Aug 26, 2005
  11. [PATCH] md: create a MODULE_ALIAS for md corresponding to its block m…

    …ajor number.
    
    I just discovered this is needed for module auto-loading.
    
    Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    NeilBrown committed with Linus Torvalds Aug 26, 2005
  12. [PATCH] IB: fix use-after-free in user verbs cleanup

    Fix a use-after-free bug in userspace verbs cleanup: we can't touch
    mr->device after we free mr by calling ib_dereg_mr().
    
    Signed-off-by: Roland Dreier <rolandd@cisco.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Roland Dreier committed with Linus Torvalds Aug 26, 2005
  13. [PATCH] arm: fix IXP4xx flash resource range

    We are currently reserving one byte more than actually needed by the flash
    device and overlapping into the next I/O expansion bus window.  This a)
    causes us to allocate an extra page of VM due to ARM ioremap() alignment
    code and b) could cause problems if another driver tries to request the
    next expansion bus window.
    
    Signed-off-by: Deepak Saxena <dsaxena@plexity.net>
    Cc: Russell King <rmk@arm.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Deepak Saxena committed with Linus Torvalds Aug 26, 2005
  14. [PATCH] x86_64: Tell VM about holes in nodes

    Some nodes can have large holes on x86-64.
    
    This fixes problems with the VM allowing too many dirty pages because it
    overestimates the number of available RAM in a node.  In extreme cases you
    can end up with all RAM filled with dirty pages which can lead to deadlocks
    and other nasty behaviour.
    
    This patch just tells the VM about the known holes from e820.  Reserved
    (like the kernel text or mem_map) is still not taken into account, but that
    should be only a few percent error now.
    
    Small detail is that the flat setup uses the NUMA free_area_init_node() now
    too because it offers more flexibility.
    
    (akpm: lotsa thanks to Martin for working this problem out)
    
    Cc: Martin Bligh <mbligh@mbligh.org>
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Andi Kleen committed with Linus Torvalds Aug 26, 2005
  15. [PATCH] I2C hwmon: kfree fixes

    This patch fixes several instances of hwmon drivers kfree'ing the "wrong"
    pointer; the existing code works somewhat by accident.
    
    (akpm: plucked from Greg's queue based on lkml discussion.  Finishes off the
    patch from Jon Corbet)
    
    Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Mark M. Hoffman committed with Linus Torvalds Aug 26, 2005
  16. @antonblanchard

    [PATCH] ppc64: Fix issue with gcc 4.0 compiled kernels

    I recently had a BUG_ON() go off spuriously on a gcc 4.0 compiled kernel.
    It turns out gcc-4.0 was removing a sign extension while earlier gcc
    versions would not.  Thinking this to be a compiler bug, I submitted a
    report:
    
    http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23422
    
    It turns out we need to cast the input in order to tell gcc to sign extend
    it.
    
    Thanks to Andrew Pinski for his help on this bug.
    
    Signed-off-by: Anton Blanchard <anton@samba.org>
    Cc: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    antonblanchard committed with Linus Torvalds Aug 26, 2005
Commits on Aug 26, 2005
  1. [PATCH] completely disable cpu_exclusive sched domain

    At the suggestion of Nick Piggin and Dinakar, totally disable
    the facility to allow cpu_exclusive cpusets to define dynamic
    sched domains in Linux 2.6.13, in order to avoid problems
    first reported by John Hawkes (corrupt sched data structures
    and kernel oops).
    
    This has been built for ppc64, i386, ia64, x86_64, sparc, alpha.
    It has been built, booted and tested for cpuset functionality
    on an SN2 (ia64).
    
    Dinakar or Nick - could you verify that it for sure does avoid
    the problems Hawkes reported.  Hawkes is out of town, and I don't
    have the recipe to reproduce what he found.
    
    Signed-off-by: Paul Jackson <pj@sgi.com>
    Acked-by: Nick Piggin <npiggin@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Paul Jackson committed with Linus Torvalds Aug 25, 2005
  2. [PATCH] undo partial cpu_exclusive sched domain disabling

    The partial disabling of Dinakar's new facility to allow
    cpu_exclusive cpusets to define dynamic sched domains
    doesn't go far enough.  At the suggestion of Nick Piggin
    and Dinakar, let us instead totally disable this facility
    for 2.6.13, in order to avoid problems first reported
    by John Hawkes (corrupt sched data structures and kernel oops).
    
    This patch removes the partial disabling code in 2.6.13-rc7,
    in anticipation of the next patch, which will totally disable
    it instead.
    
    Signed-off-by: Paul Jackson <pj@sgi.com>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Paul Jackson committed with Linus Torvalds Aug 25, 2005
  3. Merge HEAD from master.kernel.org:/pub/scm/linux/kernel/git/davem/net…

    …-2.6.git
    Linus Torvalds committed Aug 26, 2005
Something went wrong with that request. Please try again.