Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jul 21, 2008
  1. Linux 2.6.16.62

    Adrian Bunk authored
Commits on Jul 19, 2008
  1. Linux 2.6.16.62-rc1

    Adrian Bunk authored
  2. kconfig: move the option SCSI_HPTIOP to a better place

    Adrian Bunk authored
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  3. [IA64] Fix unaligned handler for floating point instructions with bas…

    Tony Luck authored Adrian Bunk committed
    …e update
    
    The compiler team did the hard work for this distilling a problem in
    large fortran application which showed up when applied to a 290MB input
    data set down to this instruction:
    
            ldfd f34=[r17],-8
    
    Which they noticed incremented r17 by 0x10 rather than decrementing it
    by 8 when the value in r17 caused an unaligned data fault.  I tracked
    it down to some bad instruction decoding in unaligned.c. The code
    assumes that the 'x' bit can determine whether the instruction is
    an "ldf" or "ldfp" ... which it is for opcode=6 (see table 4-29 on
    page 3:302 of the SDM).  But for opcode=7 the 'x' bit is irrelevent,
    all variants are "ldf" instructions (see table 4-36 on page 3:306).
    
    Note also that interpreting the instruction as "ldfp" means that the
    "paired" floating point register (f35 in the example here) will also
    be corrupted.
    
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  4. V4L/DVB (3393): Cx88: reduce excessive logging

    Ian Pickworth authored Adrian Bunk committed
    - fix temporary debug code by changing printk to dprintk at level 1.
    - move CORE_IOCTL messages from level 1 to level 2.
    - this should help with selective debugging,
      while not filling people's logs up during normal use.
    
    Signed-off-by: Ian Pickworth <ian@pickworth.me.uk>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  5. @davem330

    sctp: Make sure N * sizeof(union sctp_addr) does not overflow. (CVE-2…

    davem330 authored Adrian Bunk committed
    …008-2826)
    
    As noticed by Gabriel Campana, the kmalloc() length arg
    passed in by sctp_getsockopt_local_addrs_old() can overflow
    if ->addr_num is large enough.
    
    Therefore, enforce an appropriate limit.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  6. mm: trim more holes (CVE-2008-0598)

    Nick Piggin authored Adrian Bunk committed
    If prepare_write fails with AOP_TRUNCATED_PAGE, or if commit_write fails, then
    we may have failed the write operation despite prepare_write having
    instantiated blocks past i_size.  Fix this, and consolidate the trimming into
    one place.
    
    Signed-off-by: Nick Piggin <npiggin@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  7. USB: remove short initial timeout for device descriptor fetch

    Alan Stern authored Adrian Bunk committed
    This patch (as905) removes a micro-optimization from the hub port
    initialization code.  Previously we had been using a short timeout on
    the first attempt the read the device descriptor; now we will use the
    standard timeout length.
    
    It's not clear that the short timeout ever provided any benefit.  And
    now we know of one case where it actually hurts: The device can't meet
    the short timeout and then it gets terminally confused.
    
    This fixes Bugzilla #8444.
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  8. alpha: build fixes - force architecture

    Ivan Kokshaysky authored Adrian Bunk committed
    Override compiler .arch directive for generic kernel build.
    
    Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
    Signed-off-by: Richard Henderson <rth@twiddle.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  9. moduleparam: fix alpha, ia64 and ppc64 compile failures

    Ivan Kokshaysky authored Adrian Bunk committed
    On alpha, ia64 and ppc64 only relocations to local data can go into
    read-only sections. The vast majority of module parameters use the global
    generic param_set_*/param_get_* functions, so the 'const' attribute for
    struct kernel_param is not only useless, but it also causes compile
    failures due to 'section type conflict' in those rare cases where
    param_set/get are local functions.
    
    This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8964
    
    Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  10. unexport gameport_{cooked_read,set_name}

    Adrian Bunk authored
    static inline functions mustn't be exported.
    
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  11. unexport swap_page

    Adrian Bunk authored
    static functions mustn't be exported.
    
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Commits on Jul 16, 2008
  1. Linux 2.6.16.61

    Adrian Bunk authored
Commits on Jul 14, 2008
  1. Linux 2.6.16.61-rc1

    Adrian Bunk authored
  2. 3w-xxxx: Prevent data corruption

    3ware Inc authored
    Use default DMA data direction to prevent data corruption
    when using SWIOTLB with 4GB+ on EM64T.
    
    http://www.3ware.com/KB/article.aspx?id=15243&cNode=6I1C6S
    
    Acked-by: Jean Delvare <jdelvare@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  3. fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)

    Al Viro authored Adrian Bunk committed
    fcntl_setlk()/close() race prevention has a subtle hole - we need to
    make sure that if we *do* have an fcntl/close race on SMP box, the
    access to descriptor table and inode->i_flock won't get reordered.
    
    As it is, we get STORE inode->i_flock, LOAD descriptor table entry vs.
    STORE descriptor table entry, LOAD inode->i_flock with not a single
    lock in common on both sides.  We do have BKL around the first STORE,
    but check in locks_remove_posix() is outside of BKL and for a good
    reason - we don't want BKL on common path of close(2).
    
    Solution is to hold ->file_lock around fcheck() in there; that orders
    us wrt removal from descriptor table that preceded locks_remove_posix()
    on close path and we either come first (in which case eviction will be
    handled by the close side) or we'll see the effect of close and do
    eviction ourselves.  Note that even though it's read-only access,
    we do need ->file_lock here - rcu_read_lock() won't be enough to
    order the things.
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  4. @davem330

    sit: Add missing kfree_skb() on pskb_may_pull() failure. (CVE-2008-2136)

    davem330 authored Adrian Bunk committed
    Noticed by Paul Marks <paul@pmarks.net>.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  5. @davem330

    [NETFILTER]: Fix warnings in ip_nat_snmp_basic.c

    davem330 authored Adrian Bunk committed
    net/ipv4/netfilter/ip_nat_snmp_basic.c: In function 'asn1_header_decode':
    net/ipv4/netfilter/ip_nat_snmp_basic.c:248: warning: 'len' may be used unini
    net/ipv4/netfilter/ip_nat_snmp_basic.c:248: warning: 'def' may be used unini
    net/ipv4/netfilter/ip_nat_snmp_basic.c: In function 'snmp_translate':
    net/ipv4/netfilter/ip_nat_snmp_basic.c:672: warning: 'l' may be used uniniti
    net/ipv4/netfilter/ip_nat_snmp_basic.c:668: warning: 'type' may be used unin
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  6. @chriswright

    asn1: additional sanity checking during BER decoding (CVE-2008-1673)

    chriswright authored Adrian Bunk committed
    - Don't trust a length which is greater than the working buffer.
      An invalid length could cause overflow when calculating buffer size
      for decoding oid.
    
    - An oid length of zero is invalid and allows for an off-by-one error when
      decoding oid because the first subid actually encodes first 2 subids.
    
    - A primitive encoding may not have an indefinite length.
    
    Thanks to Wei Wang from McAfee for report.
    
    Acked-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  7. @kaber

    TCP: Fix shrinking windows with window scaling

    kaber authored Adrian Bunk committed
    Upstream commit: 607bfbf
    
    When selecting a new window, tcp_select_window() tries not to shrink
    the offered window by using the maximum of the remaining offered window
    size and the newly calculated window size. The newly calculated window
    size is always a multiple of the window scaling factor, the remaining
    window size however might not be since it depends on rcv_wup/rcv_nxt.
    This means we're effectively shrinking the window when scaling it down.
    
    The dump below shows the problem (scaling factor 2^7):
    
    - Window size of 557 (71296) is advertised, up to 3111907257:
    
    IP 172.2.2.3.33000 > 172.2.2.2.33000: . ack 3111835961 win 557 <...>
    
    - New window size of 514 (65792) is advertised, up to 3111907217, 40 bytes
      below the last end:
    
    IP 172.2.2.3.33000 > 172.2.2.2.33000: . 3113575668:3113577116(1448) ack 3111841425 win 514 <...>
    
    The number 40 results from downscaling the remaining window:
    
    3111907257 - 3111841425 = 65832
    65832 / 2^7 = 514
    65832 % 2^7 = 40
    
    If the sender uses up the entire window before it is shrunk, this can have
    chaotic effects on the connection. When sending ACKs, tcp_acceptable_seq()
    will notice that the window has been shrunk since tcp_wnd_end() is before
    tp->snd_nxt, which makes it choose tcp_wnd_end() as sequence number.
    This will fail the receivers checks in tcp_sequence() however since it
    is before it's tp->rcv_wup, making it respond with a dupack.
    
    If both sides are in this condition, this leads to a constant flood of
    ACKs until the connection times out.
    
    Make sure the window is never shrunk by aligning the remaining window to
    the window scaling factor.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  8. x86: Replace NSC/Cyrix specific chipset access macros by inlined func…

    Juergen Beisert authored Adrian Bunk committed
    …tions.
    
    Due to index register access ordering problems, when using macros a line
    like this fails (and does nothing):
    
        setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88);
    
    With inlined functions this line will work as expected.
    
    Note about a side effect: Seems on Geode GX1 based systems the
    "suspend on halt power saving feature" was never enabled due to this
    wrong macro expansion. With inlined functions it will be enabled, but
    this will stop the TSC when the CPU runs into a HLT instruction.
    Kernel output something like this:
        Clocksource tsc unstable (delta = -472746897 ns)
    
    This is the 3rd version of this patch.
    
     - Adding missed arch/i386/kernel/cpu/mtrr/state.c
        Thanks to Andres Salomon
     - Adding some big fat comments into the new header file
        Suggested by Andi Kleen
    
    AK: fixed x86-64 compilation
    
    Adrian Bunk:
    Added workaround for x86_64 compilation.
    
    Signed-off-by: Juergen Beisert <juergen@kreuzholzen.de>
    Signed-off-by: Andi Kleen <ak@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Commits on Apr 10, 2008
  1. Disable DETECT_SOFTLOCKUP for s390

    Heiko Carstens authored Adrian Bunk committed
    From: Heiko Carstens <heiko.carstens@de.ibm.com>
    
    We got several false bug reports because of enabled
    CONFIG_DETECT_SOFTLOCKUP.  Disable soft lockup detection on s390, since it
    doesn't work on a virtualized architecture.
    
    Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Commits on Mar 19, 2008
  1. @tgraf

    [DECNet] fib: Fix out of bound access of dn_fib_props[]

    tgraf authored Adrian Bunk committed
    Fixes a typo which caused fib_props[] to have the wrong size
    and makes sure the value used to index the array which is
    provided by userspace via netlink is checked to avoid out of
    bound access.
    
    Signed-off-by: Thomas Graf <tgraf@suug.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  2. USB: race on disconnect in mdc800

    Oliver Neukum authored Adrian Bunk committed
    I overlooked one. Setting the flag and killing the URBs must be under the lo
    so that no URB is submitted after usb_kill_urb()
    
    Adrian Bunk:
    Backported to 2.6.16.
    
    Signed-off-by: Oliver Neukum <oliver@neukum.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Commits on Mar 14, 2008
  1. gcc >= 4.3 is not supported

    Adrian Bunk authored
    Building kernel 2.6.16 with gcc 4.3 is completely untested, and
    you might run into both kernel and gcc problems (as always with
    new gcc versions).
    
    For making this obvious the kernel build now #error's when trying
    to build with gcc >= 4.3.
    
    The kernel might work fine when compiled with gcc 4.3 and it's
    therefore possible to remove the #error, but if someone really
    longs for regressions he can as well try a more recent kernel
    instead.
    
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Commits on Jan 27, 2008
  1. Linux 2.6.16.60

    Adrian Bunk authored
Commits on Jan 21, 2008
  1. Linux 2.6.16.60-rc1

    Adrian Bunk authored
  2. NFS: call nfs_wb_all() only on regular files

    Trond Myklebust authored Adrian Bunk committed
    It looks like nfs_setattr() and nfs_rename() also need to test whether the
    target is a regular file before calling nfs_wb_all()...
    
    It isn't technically needed since the version of nfs_wb_all() that exists
    on 2.6.16 should be safe to call on non-regular files (it will be a no-op).
    However it is a useful optimisation.
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  3. NFS: writes should not clobber utimes() calls

    Trond Myklebust authored Adrian Bunk committed
    Ensure that we flush out writes in the case when someone calls utimes() in
    order to set the file times.
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  4. vfs: coredumping fix (CVE-2007-6206)

    Ingo Molnar authored Adrian Bunk committed
    fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
    
    only allow coredumping to the same uid that the coredumping
    task runs under.
    
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  5. I4L: fix isdn_ioctl memory overrun vulnerability (CVE-2007-6151)

    Karsten Keil authored Adrian Bunk committed
    Fix possible memory overrun issue in the isdn ioctl code.
    
    Found by ADLAB <adlab@venustech.com.cn>
    
    Signed-off-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  6. isdn: avoid copying overly-long strings (CVE-2007-6063)

    Karsten Keil authored Adrian Bunk committed
    Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
    
    Signed-off-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  7. [NET]: Generic checksum annotations and cleanups.

    Al Viro authored Adrian Bunk committed
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  8. drivers/scsi/BusLogic.c: #ifdef MODULE BusLogic_pci_tbl[]

    Adrian Bunk authored
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
  9. @benmcollins

    [BusLogic] Add pci dev table for auto module loading.

    benmcollins authored Adrian Bunk committed
    Signed-off-by: Ben Collins <bcollins@ubuntu.com>
    Signed-off-by: Adrian Bunk <bunk@kernel.org>
Something went wrong with that request. Please try again.