Permalink
Commits on Aug 22, 2006
  1. Linux 2.6.16.28-rc2

    AdrianBunk committed Aug 22, 2006
Commits on Aug 18, 2006
  1. powerpc: Clear HID0 attention enable on PPC970 at boot time (CVE-2006…

    …-4093)
    
    Clear HID0[en_attn] at CPU init time on PPC970.  Closes CVE-2006-4093.
    
    Signed-off-by: Olof Johansson <olof@lixom.net>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    olofj committed with AdrianBunk Aug 18, 2006
  2. cdrom: fix bad cgc.buflen assignment (CVE-2006-2935)

    The code really means to mask off the high bits, not assign 0xff.
    
    Reported by Marcus Meissner <meissner@suse.de>.
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Jens Axboe committed with AdrianBunk Aug 18, 2006
  3. ide-io: increase timeout value to allow for slave wakeup

    During an STR resume cycle, the ide master disk times-out when there is
    also a slave present (especially CD).  Increasing the timeout in ide-io
    from 10,000 to 100,000 fixes this problem.
    
    Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Al Boldi committed with AdrianBunk Aug 18, 2006
  4. SPARC64: Fix quad-float multiply emulation.

    Something is wrong with the 3-multiply (vs. 4-multiply) optimized
    version of _FP_MUL_MEAT_2_*(), so just use the slower version
    which actually computes correct values.
    
    Noticed by Rene Rebe
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    davem330 committed with AdrianBunk Aug 18, 2006
  5. SPARC32: Fix iommu_flush_iotlb end address

    Fix the calculation of the end address when flushing iotlb entries to
    ram.  This bug has been a cause of esp dma errors, and it affects
    HyperSPARC systems much worse than SuperSPARC systems.
    
    Signed-off-by: Bob Breuer <breuerr@mc.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: William Lee Irwin III <wli@holomorphy.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    breuerr committed with AdrianBunk Aug 18, 2006
Commits on Aug 12, 2006
  1. Linux 2.6.16.28-rc1

    AdrianBunk committed Aug 12, 2006
  2. update the i386 defconfig

    The i386 defconfig wasn't updated for ages.
    
    Instead of running "make oldconfig" on the old defconfig and trying to
    give reasonable answers at all new options, this patch replaces it with
    the one I'm using in 2.6.16-rc1.
    
    This way, it's a .config that is confirmed to work on at least one
    computer in the world.  ;-)
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    AdrianBunk committed Aug 12, 2006
Commits on Aug 11, 2006
  1. ieee1394: sbp2: enable auto spin-up for Maxtor disks

    At least Maxtor OneTouch III require a "start stop unit" command after
    auto spin-down before the next access can proceed.  This patch activates
    the responsible code in scsi_mod for all Maxtor SBP-2 disks.
    https://bugzilla.novell.com/show_bug.cgi?id=183011
    
    Maybe that should be done for all SBP-2 disks, but better be cautious.
    
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Stefan Richter committed with AdrianBunk Aug 11, 2006
  2. Fix broken suspend/resume in ohci1394

    I've been experimenting to track down the cause of suspend/resume problems
    on my Compaq Presario X1050 laptop:
    
    http://bugzilla.kernel.org/show_bug.cgi?id=6075
    
    Essentially the ACPI Embedded Controller and keyboard controller would
    get into a bizarre, confused state after resume.
    
    I found that unloading the ohci1394 module before suspend and reloading it
    after resume made the problem go away.  Diffing the dmesg output from
    resume, with and without the module loaded, I found that with the module
    loaded I was missing these:
    
    PM: Writing back config space on device 0000:02:00.0 at offset 1. (Was 2100080, writing 2100007)
    PM: Writing back config space on device 0000:02:00.0 at offset 3. (Was 0, writing 8008)
    PM: Writing back config space on device 0000:02:00.0 at offset 4. (Was 0, writing 90200000)
    PM: Writing back config space on device 0000:02:00.0 at offset 5. (Was 1, writing 2401)
    PM: Writing back config space on device 0000:02:00.0 at offset f. (Was 20000100, writing 2000010a)
    
    The default PCI driver performs the pci_restore_state when no driver is
    loaded for the device.  When the ohci1394 driver is loaded, it is supposed
    to do this, however it appears not to do so.
    
    I created the patch below and tested it, and it appears to resolve the
    suspend problems I was having with the module loaded.  I only added in the
    pci_save_state and pci_restore_state - however, though I know little of
    this hardware, surely the driver should really be doing more than this when
    suspending and resuming?  Currently it does almost nothing, what if there
    are commands in progress, etc?
    
    Signed-off-by: Robert Hancock <hancockr@shaw.ca>
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Robert Hancock committed with AdrianBunk Aug 11, 2006
  3. fix debugfs inode leak

    Looking at the reiser4 crash, I found a leak in debugfs. In
    debugfs_mknod(), we create the inode before checking if the dentry
    already has one attached. We don't free it if that is the case.
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Jens Axboe committed with AdrianBunk Aug 11, 2006
  4. Fix missing ret assignment in __bio_map_user() error path

    If get_user_pages() returns less pages than what we asked for, we
    jump to out_unmap which will return ERR_PTR(ret). But ret can contain
    a positive number just smaller than local_nr_pages, so be sure to set
    it to -EFAULT always.
    
    Problem found and diagnosed by Damien Le Moal <damien@sdl.hitachi.co.jp>
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Jens Axboe committed with AdrianBunk Aug 11, 2006
Commits on Aug 9, 2006
  1. [AGPGART] Fix Nforce3 suspend on amd64.

    kernel.org bugzilla #6206
    
    Based on patch from Serge Belyshev <belyshev@depni.sinp.msu.ru>
    
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Dave Jones committed with AdrianBunk Aug 9, 2006
  2. SOUND_SSCAPE shouldn't depend on OBSOLETE_OSS_DRIVER

    Due to a regression in the correcponding ALSA driver (ALSA #2234), the
    OSS driver should stay until it's fixed.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    AdrianBunk committed Aug 9, 2006
Commits on Aug 8, 2006
  1. ieee80211: TKIP requires CRC32

    ieee80211_crypt_tkip will not work without CRC32.
    
      LD      .tmp_vmlinux1
    net/built-in.o: In function `ieee80211_tkip_encrypt':
    net/ieee80211/ieee80211_crypt_tkip.c:349: undefined reference to `crc32_le'
    
    Reported by Toralf Foerster <toralf.foerster@gmx.de>
    
    Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Chuck Ebbert committed with AdrianBunk Aug 8, 2006
  2. memory hotplug: solve config broken: undefined reference to `online_p…

    …age'
    
    Memory hotplug code of i386 adds memory to only highmem.  So, if
    CONFIG_HIGHMEM is not set, CONFIG_MEMORY_HOTPLUG shouldn't be set.
    Otherwise, it causes compile error.
    
    In addition, many architecture can't use memory hotplug feature yet.  So, I
    introduce CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG.
    
    Signed-off-by: Yasunori Goto <y-goto@jp.fujitsu.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    y-goto committed with AdrianBunk Aug 8, 2006
  3. pdflush: handle resume wakeups

    2.6.16 needs this. It was merged into 2.6.18-rc1.
    
    pdflush is carefully designed to ensure that all wakeups have some
    corresponding work to do - if a woken-up pdflush thread discovers that
    it hasn't been given any work to do then this is considered an error.
    
    That all broke when swsusp came along - because a timer-delivered
    wakeup to a frozen pdflush thread will just get lost.  This causes the
    pdflush thread to get lost as well: the writeback timer is supposed to
    be re-armed by pdflush in process context, but pdflush doesn't execute
    the callout which does this.
    
    Fix that up by ignoring the return value from try_to_freeze(): jsut
    proceed, see if we have any work pending and only go back to sleep if
    that is not the case.
    
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Pavel Machek <pavel@suse.cz>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Pavel Machek committed with AdrianBunk Aug 8, 2006
Commits on Aug 7, 2006
  1. BLOCK: Fix bounce limit address check

    This fixes some OOMs on 64bit systems with <4GB of RAM when accessing
    the cdrom.
    
    Do a safer check for when to enable DMA. Currently we enable ISA DMA
    for cases that do not need it, resulting in OOM conditions when ZONE_DMA
    runs out of space.
    
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Andi Kleen committed with AdrianBunk Aug 7, 2006
  2. IB/mthca: restore missing PCI registers after reset

    mthca does not restore the following PCI-X/PCI Express registers after reset:
      PCI-X device: PCI-X command register
      PCI-X bridge: upstream and downstream split transaction registers
      PCI Express : PCI Express device control and link control registers
    
    This causes instability and/or bad performance on systems where one of
    these registers is set to a non-default value by BIOS.
    
    Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Michael S. Tsirkin committed with AdrianBunk Aug 7, 2006
Commits on Aug 3, 2006
  1. fix the SND_FM801_TEA575X dependencies

    CONFIG_SND_FM801=y, CONFIG_SND_FM801_TEA575X=m resulted in the following
    compile error:
    
    <--  snip  -->
    
    ...
      LD      vmlinux
    sound/built-in.o: In function 'snd_fm801_free':
    fm801.c:(.text+0x3c15b): undefined reference to 'snd_tea575x_exit'
    sound/built-in.o: In function 'snd_card_fm801_probe':
    fm801.c:(.text+0x3cfde): undefined reference to 'snd_tea575x_init'
    make: *** [vmlinux] Error 1
    
    <--  snip  -->
    
    This patch fixes kernel Bugzilla #6458.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    AdrianBunk committed Aug 3, 2006
  2. remove obsolete swsusp_encrypt

    Remove SWSUSP_ENCRYPT config option; it is no longer implemented.
    
    Signed-off-by: Pavel Machek <pavel@suse.cz>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Pavel Machek committed with AdrianBunk Aug 3, 2006
Commits on Jul 17, 2006
  1. Linux 2.6.16.27

    gregkh committed Jul 17, 2006
  2. [PATCH] USB serial ftdi_sio: Prevent userspace DoS (CVE-2006-2936)

    This patch limits the amount of outstanding 'write' data that can be
    queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or
    simple accidents) that use up all the system memory by writing lots of
    data to the serial port.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ian-abbott committed with gregkh Jun 26, 2006
  3. [PATCH] IPV6 ADDRCONF: Fix default source address selection without C…

    …ONFIG_IPV6_PRIVACY
    
    We need to update hiscore.rule even if we don't enable CONFIG_IPV6_PRIVACY,
    because we have more less significant rule; longest match.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    YOSHIFUJI Hideaki committed with gregkh Jun 22, 2006
  4. [PATCH] IPV6: Fix source address selection.

    Two additional labels (RFC 3484, sec. 10.3) for IPv6 addreses
    are defined to make a distinction between global unicast
    addresses and Unique Local Addresses (fc00::/7, RFC 4193) and
    Teredo (2001::/32, RFC 4380). It is necessary to avoid attempts
    of connection that would either fail (eg. fec0:: to 2001:feed::)
    or be sub-optimal (2001:0:: to 2001:feed::).
    
    Signed-off-by: $,1 aukasz Stelmach <stlman@poczta.fm>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    steelman committed with gregkh Jun 22, 2006
Commits on Jul 15, 2006
  1. Linux 2.6.16.25

    gregkh committed Jul 15, 2006
  2. [PATCH] Relax /proc fix a bit

    Relax /proc fix a bit
    
    Clearign all of i_mode was a bit draconian. We only really care about
    S_ISUID/ISGID, after all.
    
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Linus Torvalds committed with gregkh Jul 15, 2006
  3. Linux 2.6.16.25

    gregkh committed Jul 15, 2006
  4. [PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

    Fix nasty /proc vulnerability
    
    We have a bad interaction with both the kernel and user space being able
    to change some of the /proc file status.  This fixes the most obvious
    part of it, but I expect we'll also make it harder for users to modify
    even their "own" files in /proc.
    
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Linus Torvalds committed with gregkh Jul 14, 2006
Commits on Jul 6, 2006
  1. Linux 2.6.16.24

    gregkh committed Jul 6, 2006
  2. fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)

    Based on a patch from Ernie Petrides
    
    During security research, Red Hat discovered a behavioral flaw in core
    dump handling. A local user could create a program that would cause a
    core file to be dumped into a directory they would not normally have
    permissions to write to. This could lead to a denial of service (disk
    consumption), or allow the local user to gain root privileges.
    
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    gregkh committed Jul 6, 2006
Commits on Jun 30, 2006
  1. Linux 2.6.16.23

    gregkh committed Jun 30, 2006
  2. [PATCH] revert PARPORT_SERIAL should depend on SERIAL_8250_PCI patch

    Should have not been applied to 2.6.16
    
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    chriswright committed with gregkh Jun 30, 2006
  3. [PATCH] NETFILTER: SCTP conntrack: fix crash triggered by packet with…

    …out chunks [CVE-2006-2934]
    
    When a packet without any chunks is received, the newconntrack variable
    in sctp_packet contains an out of bounds value that is used to look up an
    pointer from the array of timeouts, which is then dereferenced, resulting
    in a crash. Make sure at least a single chunk is present.
    
    Problem noticed by George A. Theall <theall@tenablesecurity.com>
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    kaber committed with gregkh Jun 30, 2006
Commits on Jun 22, 2006
  1. Linux 2.6.16.22

    chriswright committed Jun 22, 2006