Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Apr 12, 2006
  1. @gregkh

    Linux 2.6.16.5

    gregkh authored
  2. @gregkh

    [PATCH] x86_64: When user could have changed RIP always force IRET (C…

    Andi Kleen authored gregkh committed
    …VE-2006-0744)
    
    Intel EM64T CPUs handle uncanonical return addresses differently from
    AMD CPUs.
    
    The exception is reported in the SYSRET, not the next instruction.
    Thgis leads to the kernel exception handler running on the user stack
    with the wrong GS because the kernel didn't expect exceptions on this
    instruction.
    
    This version of the patch has the teething problems that plagued an
    earlier version fixed.
    
    This is CVE-2006-0744
    
    Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
    patches.
    
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    [PATCH] x86_64: Clean up execve

    Andi Kleen authored gregkh committed
    Just call IRET always, no need for any special cases.
    
    Needed for the next bug fix.
    
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Apr 11, 2006
  1. @gregkh

    Linux 2.6.16.4

    gregkh authored
  2. @gregkh

    [PATCH] RCU signal handling

    Oleg Nesterov authored gregkh committed
    made this BUG_ON() unsafe. This code runs under ->siglock,
    while switch_exec_pids() takes tasklist_lock.
    
    Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    Linux 2.6.16.3

    gregkh authored
  4. @gregkh

    [PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522]

    David Howells authored gregkh committed
    This fixes the problem of an oops occuring when a user attempts to add a
    key to a non-keyring key [CVE-2006-1522].
    
    The problem is that __keyring_search_one() doesn't check that the
    keyring it's been given is actually a keyring.
    
    I've fixed this problem by:
    
     (1) declaring that caller of __keyring_search_one() must guarantee that
         the keyring is a keyring; and
    
     (2) making key_create_or_update() check that the keyring is a keyring,
         and return -ENOTDIR if it isn't.
    
    This can be tested by:
    
    	keyctl add user b b `keyctl add user a a @s`
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Apr 7, 2006
  1. @gregkh

    Linux 2.6.16.2

    gregkh authored
  2. @gregkh

    [PATCH] kdump proc vmcore size oveflow fix

    Vivek Goyal authored gregkh committed
    A couple of /proc/vmcore data structures overflow with 32bit systems having
    memory more than 4G.  This patch fixes those.
    
    Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
    Signed-off-by: Vivek Goyal <vgoyal@in.ibm.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @neilbrown @gregkh

    [PATCH] knfsd: Correct reserved reply space for read requests.

    neilbrown authored gregkh committed
    NFSd makes sure there is enough space to hold the maximum possible reply
    before accepting a request.  The units for this maximum is (4byte) words.
    However in three places, particularly for read request, the number given is
    a number of bytes.
    
    This means too much space is reserved which is slightly wasteful.
    
    This is the sort of patch that could uncover a deeper bug, and it is not
    critical, so it would be best for it to spend a while in -mm before going
    in to mainline.
    
    (akpm: target 2.6.17-rc2, 2.6.16.3 (approx))
    
    Discovered-by: "Eivind  Sarto" <ivan@kasenna.com>
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @gregkh

    [PATCH] hostap: Fix EAPOL frame encryption

    Jouni Malinen authored gregkh committed
    Fixed encrypted of EAPOL frames from wlan#ap interface (hostapd). This
    was broken when moving to use new frame control field defines in
    net/ieee80211.h. hostapd uses Protected flag, not protocol version
    (which was cleared in this function anyway). This fixes WPA group key
    handshake and re-authentication.
    http://hostap.epitest.fi/bugz/show_bug.cgi?id=126
    
    Signed-off-by: Jouni Malinen <jkmaline@cc.hut.fi>
  5. @tiwai @gregkh

    [PATCH] Add default entry for CTL Travel Master U553W

    tiwai authored gregkh committed
    Added the default entry of ALC880 configuration table for
    CTL Travel Master U553W.
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @AdrianBunk @gregkh

    [PATCH] AIRO{,_CS} <-> CRYPTO fixes

    AdrianBunk authored gregkh committed
    CRYPTO is a helper variable, and to make it easier for users, it should
    therefore select'ed and not be listed in the dependencies.
    
    drivers/net/wireless/airo.c requires CONFIG_CRYPTO for compilations.
    
    Therefore, AIRO_CS also has to select CRYPTO.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    [PATCH] Fix NULL pointer dereference in node_read_numastat()

    Christoph Lameter authored gregkh committed
    Fix NULL pointer dereference in node_read_numastat()
    
    zone_pcp() only returns valid values if the processor is online.
    
    Change node_read_numastat() to only scan online processors.
    
    Signed-off-by: Christoph Lameter <clameter@sgi.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @AdrianBunk @gregkh

    [PATCH] drivers/net/wireless/ipw2200.c: fix an array overun

    AdrianBunk authored gregkh committed
    This patch fixes a big array overun found by the Coverity checker.
    
    This was already fixed in Linus' tree.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    [PATCH] fbcon: Fix big-endian bogosity in slow_imageblit()

    Antonino A. Daplas authored gregkh committed
    The monochrome->color expansion routine that handles bitmaps which have
    (widths % 8) != 0 (slow_imageblit) produces corrupt characters in big-endian.
    This is caused by a bogus bit test in slow_imageblit().
    
    Fix.
    
    Signed-off-by: Antonino Daplas <adaplas@pol.net>
    Acked-by: Herbert Poetzl <herbert@13thfloor.at>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @davem330 @gregkh

    [PATCH] fib_trie.c node freeing fix

    davem330 authored gregkh committed
    Please apply to 2.6.{14,15,16} -stable, thanks a lot.
    
    From: Robert Olsson <robert.olsson@its.uu.se>
    
    [FIB_TRIE]: Fix leaf freeing.
    
    Seems like leaf (end-nodes) has been freed by __tnode_free_rcu and not
    by __leaf_free_rcu. This fixes the problem. Only tnode_free is now
    used which checks for appropriate node type. free_leaf can be removed.
    
    Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @sigprof @gregkh

    [PATCH] Fix module refcount leak in __set_personality()

    sigprof authored gregkh committed
    If the change of personality does not lead to change of exec domain,
    __set_personality() returned without releasing the module reference
    acquired by lookup_exec_domain().
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: Sergey Vlasov <vsu@altlinux.ru>
    Cc: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @gregkh

    [PATCH] Fix the p4-clockmod N60 errata workaround.

    Venkatesh Pallipadi authored gregkh committed
    [CPUFREQ] Fix the p4-clockmod N60 errata workaround.
    
    Fix the code to disable freqs less than 2GHz in N60 errata.
    
    Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @gregkh

    [PATCH] wrong error path in dup_fd() leading to oopses in RCU

    Kirill Korotaev authored gregkh committed
    Wrong error path in dup_fd() - it should return NULL on error,
    not an address of already freed memory :/
    
    Triggered by OpenVZ stress test suite.
    
    What is interesting is that it was causing different oopses in RCU like
    below:
    Call Trace:
       [<c013492c>] rcu_do_batch+0x2c/0x80
       [<c0134bdd>] rcu_process_callbacks+0x3d/0x70
       [<c0126cf3>] tasklet_action+0x73/0xe0
       [<c01269aa>] __do_softirq+0x10a/0x130
       [<c01058ff>] do_softirq+0x4f/0x60
       =======================
       [<c0113817>] smp_apic_timer_interrupt+0x77/0x110
       [<c0103b54>] apic_timer_interrupt+0x1c/0x24
      Code:  Bad EIP value.
       <0>Kernel panic - not syncing: Fatal exception in interrupt
    
    Signed-Off-By: Pavel Emelianov <xemul@sw.ru>
    Signed-Off-By: Dmitry Mishin <dim@openvz.org>
    Signed-Off-By: Kirill Korotaev <dev@openvz.org>
    Signed-Off-By: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @gregkh

    [PATCH] {ip, nf}_conntrack_netlink: fix expectation notifier unregist…

    Martin Josefsson authored gregkh committed
    …ration
    
    [NETFILTER]: {ip,nf}_conntrack_netlink: fix expectation notifier unregistration
    
    This patch fixes expectation notifier unregistration on module unload to
    use ip_conntrack_expect_unregister_notifier(). This bug causes a soft
    lockup at the first expectation created after a rmmod ; insmod of this
    module.
    
    Should go into -stable as well.
    
    Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15. @gregkh

    [PATCH] isicom must select FW_LOADER

    maximilian attems authored gregkh committed
    The isicom driver uses request_firmware()
    and thus needs to select FW_LOADER.
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: maximilian attems <maks@sternwelten.at>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16. @kernelslacker @gregkh

    [PATCH] Mark longhaul driver as broken.

    kernelslacker authored gregkh committed
    [CPUFREQ] Mark longhaul driver as broken.
    This seems to work for a short period of time, but when
    used in conjunction with a userspace governor that changes
    the frequency regularly, it's only a matter of time before
    everything just locks up.
    
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17. @tiwai @gregkh

    [PATCH] opti9x - Fix compile without CONFIG_PNP

    tiwai authored gregkh committed
    Modules: Opti9xx drivers
    
    Fix compile errors without CONFIG_PNP.
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @chexum @gregkh

    [PATCH] pcmcia: permit single-character-identifiers

    chexum authored gregkh committed
    For some time, the core pcmcia drivers seem not to think single
    character prod_ids are valid, thus preventing the "cleverly" named
    
      "D" "Link DWL-650 11Mbps WLAN Card"
    
    Before (as in 2.6.16):
    PRODID_1=""
    PRODID_2="Link DWL-650 11Mbps WLAN Card"
    PRODID_3="Version 01.02"
    PRODID_4=""
    MANFID=0156,0002
    FUNCID=6
    
    After (with the patch)
    PRODID_1="D"
    PRODID_2="Link DWL-650 11Mbps WLAN Card"
    PRODID_3="Version 01.02"
    PRODID_4=""
    MANFID=0156,0002
    FUNCID=6
    
    Signed-off-by: Janos Farkas <chexum@gmail.com>
    Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @AdrianBunk @gregkh

    [PATCH] PCMCIA_SPECTRUM must select FW_LOADER

    AdrianBunk authored gregkh committed
    PCMCIA_SPECTRUM must select FW_LOADER.
    
    Reported by "Alexander E. Patrakov" <patrakov@ums.usu.ru>.
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @gregkh

    [PATCH] powerpc: make ISA floppies work again

    Stephen Rothwell authored gregkh committed
    We used to assume that a DMA mapping request with a NULL dev was for
    ISA DMA.  This assumption was broken at some point.  Now we explicitly
    pass the detected ISA PCI device in the floppy setup.
    
    Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @gregkh

    [PATCH] sbp2: fix spinlock recursion

    Stefan Richter authored gregkh committed
    sbp2util_mark_command_completed takes a lock which was already taken by
    sbp2scsi_complete_all_commands.  This is a regression in Linux 2.6.15.
    Reported by Kristian Harms at
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187394
    
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @schirmeier @gregkh

    [PATCH] USB: usbcore: usb_set_configuration oops (NULL ptr dereference)

    schirmeier authored gregkh committed
    When trying to deconfigure a device via usb_set_configuration(dev, 0),
    2.6.16-rc kernels after 55c5271 oops
    with "Unable to handle NULL pointer dereference at...". This is due to
    an unchecked dereference of cp in the power budget part.
    
    This patch was already included in Linus' tree.
    
    Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
    Acked-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
  23. @cladisch @gregkh

    [PATCH] USB: EHCI full speed ISO bugfixes

    cladisch authored gregkh committed
    This patch replaces the split ISO raw_mask calculation code in the
    iso_stream_init() function that computed incorrect numbers of high
    speed transactions for both input and output transfers.
    
    In the output case, it added a superfluous start-split transaction for
    all maxmimum packet sizes that are a multiple of 188.
    
    In the input case, it forgot to add complete-split transactions for all
    microframes covered by the full speed transaction, and the additional
    complete-split transaction needed for the case when full speed data
    starts arriving near the end of a microframe.
    
    These changes don't affect the lack of full speed bandwidth, but at
    least it removes the MMF errors that the HC raised with some input
    streams.
    
    Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
    Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24. @gregkh

    [PATCH] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

    gregkh authored
    No one should be writing a PAGE_SIZE worth of data to a normal sysfs
    file, so properly terminate the buffer.
    
    Thanks to Al Viro for pointing out my stupidity here.
    
    CVE-2006-1055 has been assigned for this.
    
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  25. @gregkh

    [PATCH] USB: Fix irda-usb use after use

    Eugene Teo authored gregkh committed
    Don't read from free'd memory after calling netif_rx().  docopy is used as
    a boolean (0 and 1) so unsigned int is sufficient.
    
    Coverity bug #928
    
    Signed-off-by: Eugene Teo <eugene.teo@eugeneteo.net>
    Cc: "David S. Miller" <davem@davemloft.net>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  26. @gregkh

    [PATCH] tlclk: fix handling of device major

    Andrew Morton authored gregkh committed
    tlclk calls register_chrdev() and permits register_chrdev() to allocate the
    major, but it promptly forgets what that major was.  So if there's no hardware
    present you still get "telco_clock" appearing in /proc/devices and, I assume,
    an oops reading /proc/devices if tlclk was a module.
    
    Fix.
    
    Mark, I'd suggest that that we not call register_chrdev() until _after_ we've
    established that the hardware is present.
    
    Cc: Mark Gross <mgross@linux.intel.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Mar 28, 2006
  1. @gregkh

    Linux 2.6.16.1

    gregkh authored
  2. @gregkh

    [PATCH] Fix speedstep-smi assembly bug in speedstep_smi_ownership

    Andrew Morton authored gregkh committed
    Fix bug identified by Linus Torvalds <torvalds@osdl.org>: the `out'
    instruction depends upon the state of memory_data[], so we need to tell gcc
    that before executing it. (The opcode, not gcc).
    
    Fixes http://bugzilla.kernel.org/show_bug.cgi?id=5553
    
    Thanks to Antonio Ospite <ospite@studenti.unina.it> for testing.
    
    Cc: Dave Jones <davej@codemonkey.org.uk>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.