Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Aug 23, 2006
  1. @AdrianBunk

    Linux 2.6.16.28-rc3

    AdrianBunk authored
  2. @AdrianBunk

    1394: fix for recently added firewire patch that breaks things on ppc

    Danny Tholen authored AdrianBunk committed
    Recently a patch was added for preliminary suspend/resume handling on
    !PPC_PMAC.  However, this broke both suspend and firewire on powerpc
    because it saves the pci state after the device has already been disabled.
    
    This moves the save state to before the pmac specific code.
    
    Signed-off-by: Danny Tholen <obiwan@mailmij.org>
    Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  3. @AdrianBunk

    Fix sctp privilege elevation (CVE-2006-3745)

    Sridhar Samudrala authored AdrianBunk committed
    sctp_make_abort_user() now takes the msg_len along with the msg
    so that we don't have to recalculate the bytes in iovec.
    It also uses memcpy_fromiovec() so that we don't go beyond the
    length allocated.
    
    It is good to have this fix even if verify_iovec() is fixed to
    return error on overflow.
    
    Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
    Acked-by: David Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  4. @jankara @AdrianBunk

    Fix possible UDF deadlock and memory corruption (CVE-2006-4145)

    jankara authored AdrianBunk committed
    UDF code is not really ready to handle extents larger that 1GB. This is
    the easy way to forbid creating those.
    
    Also truncation code did not count with the case when there are no
    extents in the file and we are extending the file.
    
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 22, 2006
  1. @AdrianBunk

    Linux 2.6.16.28-rc2

    AdrianBunk authored
Commits on Aug 18, 2006
  1. @olofj @AdrianBunk

    powerpc: Clear HID0 attention enable on PPC970 at boot time (CVE-2006…

    olofj authored AdrianBunk committed
    …-4093)
    
    Clear HID0[en_attn] at CPU init time on PPC970.  Closes CVE-2006-4093.
    
    Signed-off-by: Olof Johansson <olof@lixom.net>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @AdrianBunk

    cdrom: fix bad cgc.buflen assignment (CVE-2006-2935)

    Jens Axboe authored AdrianBunk committed
    The code really means to mask off the high bits, not assign 0xff.
    
    Reported by Marcus Meissner <meissner@suse.de>.
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  3. @AdrianBunk

    ide-io: increase timeout value to allow for slave wakeup

    Al Boldi authored AdrianBunk committed
    During an STR resume cycle, the ide master disk times-out when there is
    also a slave present (especially CD).  Increasing the timeout in ide-io
    from 10,000 to 100,000 fixes this problem.
    
    Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  4. @davem330 @AdrianBunk

    SPARC64: Fix quad-float multiply emulation.

    davem330 authored AdrianBunk committed
    Something is wrong with the 3-multiply (vs. 4-multiply) optimized
    version of _FP_MUL_MEAT_2_*(), so just use the slower version
    which actually computes correct values.
    
    Noticed by Rene Rebe
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  5. @breuerr @AdrianBunk

    SPARC32: Fix iommu_flush_iotlb end address

    breuerr authored AdrianBunk committed
    Fix the calculation of the end address when flushing iotlb entries to
    ram.  This bug has been a cause of esp dma errors, and it affects
    HyperSPARC systems much worse than SuperSPARC systems.
    
    Signed-off-by: Bob Breuer <breuerr@mc.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: William Lee Irwin III <wli@holomorphy.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 12, 2006
  1. @AdrianBunk

    Linux 2.6.16.28-rc1

    AdrianBunk authored
  2. @AdrianBunk

    update the i386 defconfig

    AdrianBunk authored
    The i386 defconfig wasn't updated for ages.
    
    Instead of running "make oldconfig" on the old defconfig and trying to
    give reasonable answers at all new options, this patch replaces it with
    the one I'm using in 2.6.16-rc1.
    
    This way, it's a .config that is confirmed to work on at least one
    computer in the world.  ;-)
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 11, 2006
  1. @AdrianBunk

    ieee1394: sbp2: enable auto spin-up for Maxtor disks

    Stefan Richter authored AdrianBunk committed
    At least Maxtor OneTouch III require a "start stop unit" command after
    auto spin-down before the next access can proceed.  This patch activates
    the responsible code in scsi_mod for all Maxtor SBP-2 disks.
    https://bugzilla.novell.com/show_bug.cgi?id=183011
    
    Maybe that should be done for all SBP-2 disks, but better be cautious.
    
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @AdrianBunk

    Fix broken suspend/resume in ohci1394

    Robert Hancock authored AdrianBunk committed
    I've been experimenting to track down the cause of suspend/resume problems
    on my Compaq Presario X1050 laptop:
    
    http://bugzilla.kernel.org/show_bug.cgi?id=6075
    
    Essentially the ACPI Embedded Controller and keyboard controller would
    get into a bizarre, confused state after resume.
    
    I found that unloading the ohci1394 module before suspend and reloading it
    after resume made the problem go away.  Diffing the dmesg output from
    resume, with and without the module loaded, I found that with the module
    loaded I was missing these:
    
    PM: Writing back config space on device 0000:02:00.0 at offset 1. (Was 2100080, writing 2100007)
    PM: Writing back config space on device 0000:02:00.0 at offset 3. (Was 0, writing 8008)
    PM: Writing back config space on device 0000:02:00.0 at offset 4. (Was 0, writing 90200000)
    PM: Writing back config space on device 0000:02:00.0 at offset 5. (Was 1, writing 2401)
    PM: Writing back config space on device 0000:02:00.0 at offset f. (Was 20000100, writing 2000010a)
    
    The default PCI driver performs the pci_restore_state when no driver is
    loaded for the device.  When the ohci1394 driver is loaded, it is supposed
    to do this, however it appears not to do so.
    
    I created the patch below and tested it, and it appears to resolve the
    suspend problems I was having with the module loaded.  I only added in the
    pci_save_state and pci_restore_state - however, though I know little of
    this hardware, surely the driver should really be doing more than this when
    suspending and resuming?  Currently it does almost nothing, what if there
    are commands in progress, etc?
    
    Signed-off-by: Robert Hancock <hancockr@shaw.ca>
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  3. @AdrianBunk

    fix debugfs inode leak

    Jens Axboe authored AdrianBunk committed
    Looking at the reiser4 crash, I found a leak in debugfs. In
    debugfs_mknod(), we create the inode before checking if the dentry
    already has one attached. We don't free it if that is the case.
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  4. @AdrianBunk

    Fix missing ret assignment in __bio_map_user() error path

    Jens Axboe authored AdrianBunk committed
    If get_user_pages() returns less pages than what we asked for, we
    jump to out_unmap which will return ERR_PTR(ret). But ret can contain
    a positive number just smaller than local_nr_pages, so be sure to set
    it to -EFAULT always.
    
    Problem found and diagnosed by Damien Le Moal <damien@sdl.hitachi.co.jp>
    
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 9, 2006
  1. @kernelslacker @AdrianBunk

    [AGPGART] Fix Nforce3 suspend on amd64.

    kernelslacker authored AdrianBunk committed
    kernel.org bugzilla #6206
    
    Based on patch from Serge Belyshev <belyshev@depni.sinp.msu.ru>
    
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @AdrianBunk

    SOUND_SSCAPE shouldn't depend on OBSOLETE_OSS_DRIVER

    AdrianBunk authored
    Due to a regression in the correcponding ALSA driver (ALSA #2234), the
    OSS driver should stay until it's fixed.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 8, 2006
  1. @AdrianBunk

    ieee80211: TKIP requires CRC32

    Chuck Ebbert authored AdrianBunk committed
    ieee80211_crypt_tkip will not work without CRC32.
    
      LD      .tmp_vmlinux1
    net/built-in.o: In function `ieee80211_tkip_encrypt':
    net/ieee80211/ieee80211_crypt_tkip.c:349: undefined reference to `crc32_le'
    
    Reported by Toralf Foerster <toralf.foerster@gmx.de>
    
    Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @y-goto @AdrianBunk

    memory hotplug: solve config broken: undefined reference to `online_p…

    y-goto authored AdrianBunk committed
    …age'
    
    Memory hotplug code of i386 adds memory to only highmem.  So, if
    CONFIG_HIGHMEM is not set, CONFIG_MEMORY_HOTPLUG shouldn't be set.
    Otherwise, it causes compile error.
    
    In addition, many architecture can't use memory hotplug feature yet.  So, I
    introduce CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG.
    
    Signed-off-by: Yasunori Goto <y-goto@jp.fujitsu.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  3. @AdrianBunk

    pdflush: handle resume wakeups

    Pavel Machek authored AdrianBunk committed
    2.6.16 needs this. It was merged into 2.6.18-rc1.
    
    pdflush is carefully designed to ensure that all wakeups have some
    corresponding work to do - if a woken-up pdflush thread discovers that
    it hasn't been given any work to do then this is considered an error.
    
    That all broke when swsusp came along - because a timer-delivered
    wakeup to a frozen pdflush thread will just get lost.  This causes the
    pdflush thread to get lost as well: the writeback timer is supposed to
    be re-armed by pdflush in process context, but pdflush doesn't execute
    the callout which does this.
    
    Fix that up by ignoring the return value from try_to_freeze(): jsut
    proceed, see if we have any work pending and only go back to sleep if
    that is not the case.
    
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Pavel Machek <pavel@suse.cz>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 7, 2006
  1. @AdrianBunk

    BLOCK: Fix bounce limit address check

    Andi Kleen authored AdrianBunk committed
    This fixes some OOMs on 64bit systems with <4GB of RAM when accessing
    the cdrom.
    
    Do a safer check for when to enable DMA. Currently we enable ISA DMA
    for cases that do not need it, resulting in OOM conditions when ZONE_DMA
    runs out of space.
    
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @AdrianBunk

    IB/mthca: restore missing PCI registers after reset

    Michael S. Tsirkin authored AdrianBunk committed
    mthca does not restore the following PCI-X/PCI Express registers after reset:
      PCI-X device: PCI-X command register
      PCI-X bridge: upstream and downstream split transaction registers
      PCI Express : PCI Express device control and link control registers
    
    This causes instability and/or bad performance on systems where one of
    these registers is set to a non-default value by BIOS.
    
    Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Aug 3, 2006
  1. @AdrianBunk

    fix the SND_FM801_TEA575X dependencies

    AdrianBunk authored
    CONFIG_SND_FM801=y, CONFIG_SND_FM801_TEA575X=m resulted in the following
    compile error:
    
    <--  snip  -->
    
    ...
      LD      vmlinux
    sound/built-in.o: In function 'snd_fm801_free':
    fm801.c:(.text+0x3c15b): undefined reference to 'snd_tea575x_exit'
    sound/built-in.o: In function 'snd_card_fm801_probe':
    fm801.c:(.text+0x3cfde): undefined reference to 'snd_tea575x_init'
    make: *** [vmlinux] Error 1
    
    <--  snip  -->
    
    This patch fixes kernel Bugzilla #6458.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  2. @AdrianBunk

    remove obsolete swsusp_encrypt

    Pavel Machek authored AdrianBunk committed
    Remove SWSUSP_ENCRYPT config option; it is no longer implemented.
    
    Signed-off-by: Pavel Machek <pavel@suse.cz>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
Commits on Jul 17, 2006
  1. @gregkh

    Linux 2.6.16.27

    gregkh authored
  2. @ian-abbott @gregkh

    [PATCH] USB serial ftdi_sio: Prevent userspace DoS (CVE-2006-2936)

    ian-abbott authored gregkh committed
    This patch limits the amount of outstanding 'write' data that can be
    queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or
    simple accidents) that use up all the system memory by writing lots of
    data to the serial port.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    [PATCH] IPV6 ADDRCONF: Fix default source address selection without C…

    YOSHIFUJI Hideaki authored gregkh committed
    …ONFIG_IPV6_PRIVACY
    
    We need to update hiscore.rule even if we don't enable CONFIG_IPV6_PRIVACY,
    because we have more less significant rule; longest match.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @steelman @gregkh

    [PATCH] IPV6: Fix source address selection.

    steelman authored gregkh committed
    Two additional labels (RFC 3484, sec. 10.3) for IPv6 addreses
    are defined to make a distinction between global unicast
    addresses and Unique Local Addresses (fc00::/7, RFC 4193) and
    Teredo (2001::/32, RFC 4380). It is necessary to avoid attempts
    of connection that would either fail (eg. fec0:: to 2001:feed::)
    or be sub-optimal (2001:0:: to 2001:feed::).
    
    Signed-off-by: $,1 aukasz Stelmach <stlman@poczta.fm>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Jul 15, 2006
  1. @gregkh

    Linux 2.6.16.25

    gregkh authored
  2. @gregkh

    [PATCH] Relax /proc fix a bit

    Linus Torvalds authored gregkh committed
    Relax /proc fix a bit
    
    Clearign all of i_mode was a bit draconian. We only really care about
    S_ISUID/ISGID, after all.
    
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    Linux 2.6.16.25

    gregkh authored
  4. @gregkh

    [PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

    Linus Torvalds authored gregkh committed
    Fix nasty /proc vulnerability
    
    We have a bad interaction with both the kernel and user space being able
    to change some of the /proc file status.  This fixes the most obvious
    part of it, but I expect we'll also make it harder for users to modify
    even their "own" files in /proc.
    
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Jul 6, 2006
  1. @gregkh

    Linux 2.6.16.24

    gregkh authored
  2. @gregkh

    fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)

    gregkh authored
    Based on a patch from Ernie Petrides
    
    During security research, Red Hat discovered a behavioral flaw in core
    dump handling. A local user could create a program that would cause a
    core file to be dumped into a directory they would not normally have
    permissions to write to. This could lead to a denial of service (disk
    consumption), or allow the local user to gain root privileges.
    
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.