Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Dec 11, 2006
  1. @chriswright


    chriswright authored
  2. @davem330 @chriswright

    [PATCH] NETLINK: Put {IFA,IFLA}_{RTA,PAYLOAD} macros back for userspace.

    davem330 authored chriswright committed
    GLIBC uses them etc.
    They are guarded by ifndef __KERNEL__ so nobody will start
    accidently using them in the kernel again, it's just for
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  3. @chriswright

    [PATCH] forcedeth: Disable INTx when enabling MSI in forcedeth

    Daniel Barkalow authored chriswright committed
    At least some nforce cards continue to send legacy interrupts when MSI
    is enabled, and these interrupts are treated as unhandled by the
    kernel. This patch disables legacy interrupts explicitly when enabling
    MSI mode.
    The correct fix is to change the MSI infrastructure to disable legacy
    interrupts when enabling MSI, but this is potentially risky if the
    device isn't PCI-2.3 or is quirky, so the correct fix is going into
    mainline, while patches like this one go into -stable.
    Legend has it that it is most correct to disable legacy interrupts
    before enabling MSI, but the mainline patch does it in the other
    order, and this patch is "obviously" the same as mainline.
    Signed-off-by: Daniel Barkalow <>
    Cc: Jeff Garzik <>
    Cc: Greg KH <>
    Signed-off-by: Chris Wright <>
  4. @chriswright

    [PATCH] x86: Fix boot hang due to nmi watchdog init code

    Ravikiran G Thirumalai authored chriswright committed
    2.6.19  stopped booting (or booted based on build/config) on our x86_64
    systems due to a bug introduced in 2.6.19.  check_nmi_watchdog schedules an
    IPI on all cpus to  busy wait on a flag, but fails to set the busywait
    flag if NMI functionality is disabled.  This causes the secondary cpus
    to spin in an endless loop, causing the kernel bootup to hang.
    Depending upon the build, the  busywait flag got overwritten (stack variable)
    and caused  the kernel to bootup on certain builds.  Following patch fixes
    the bug by setting the busywait flag before returning from check_nmi_watchdog.
    I guess using a stack variable is not good here as the calling function could
    potentially return while the busy wait loop is still spinning on the flag.
    AK: I redid the patch significantly to be cleaner
    Signed-off-by: Ravikiran Thirumalai <>
    Signed-off-by: Shai Fultheim <>
    Signed-off-by: Andi Kleen <>
    Signed-off-by: Chris Wright <>
  5. @htakata @chriswright

    [PATCH] m32r: make userspace headers platform-independent

    htakata authored chriswright committed
    The m32r kernel 2.6.18-rc1 or after cause build errors of "unknown isa
    configuration" for userspace application programs, such as glibc, gdb, etc.
    This is because the recent kernel do not include linux/config.h not to expose
    kernel headers for userspace.
    To fix the above compile errors, this patch fixes two headers ptrace.h and
    sigcontext.h for m32r and makes them platform-independent.
    Signed-off-by: Hirokazu Takata <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  6. @chriswright

    [PATCH] softirq: remove BUG_ONs which can incorrectly trigger

    Zachary Amsden authored chriswright committed
    It is possible to have tasklets get scheduled before softirqd has had a chance
    to spawn on all CPUs.  This is totally harmless; after success during action
    CPU_UP_PREPARE, action CPU_ONLINE will be called, which immediately wakes
    softirqd on the appropriate CPU to process the already pending tasklets.  So
    there is no danger of having a missed wakeup for any tasklets that were
    already pending.
    In particular, i386 is affected by this during startup, and is visible when
    using a very large initrd; during the time it takes for the initrd to be
    decompressed, a timer IRQ can come in and schedule RCU callbacks.  It is also
    possible that resending of a hardware IRQ via a softirq triggers the same bug.
    Because of different timing conditions, this shows up in all emulators and
    virtual machines tested, including Xen, VMware, Virtual PC, and Qemu.  It is
    also possible to trigger on native hardware with a large enough initrd,
    although I don't have a reliable case demonstrating that.
    Signed-off-by: Zachary Amsden <>
    Cc: <>
    Cc: Ingo Molnar <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  7. @chriswright

    [PATCH] autofs: fix error code path in autofs_fill_sb()

    Jiri Kosina authored chriswright committed
    When kernel is compiled with old version of autofs (CONFIG_AUTOFS_FS), and
    new (observed at least with 5.x.x) automount deamon is started, kernel
    correctly reports incompatible version of kernel and userland daemon, but
    then screws things up instead of correct handling of the error:
     autofs: kernel does not match daemon version
     [ BUG: bad unlock balance detected! ]
     automount/4199 is trying to release lock (&type->s_umount_key) at:
     [<c0163b9e>] get_sb_nodev+0x76/0xa4
     but there are no more locks to release!
     other info that might help us debug this:
     no locks held by automount/4199.
     stack backtrace:
      [<c0103b15>] dump_trace+0x68/0x1b2
      [<c0103c77>] show_trace_log_lvl+0x18/0x2c
      [<c01041db>] show_trace+0xf/0x11
      [<c010424d>] dump_stack+0x12/0x14
      [<c012e02c>] print_unlock_inbalance_bug+0xe7/0xf3
      [<c012fd4f>] lock_release+0x8d/0x164
      [<c012b452>] up_write+0x14/0x27
      [<c0163b9e>] get_sb_nodev+0x76/0xa4
      [<c0163689>] vfs_kern_mount+0x83/0xf6
      [<c016373e>] do_kern_mount+0x2d/0x3e
      [<c017513f>] do_mount+0x607/0x67a
      [<c0175224>] sys_mount+0x72/0xa4
      [<c0102b96>] sysenter_past_esp+0x5f/0x99
     DWARF2 unwinder stuck at sysenter_past_esp+0x5f/0x99
     Leftover inexact backtrace:
    and then deadlock comes.
    The problem: autofs_fill_super() returns EINVAL to get_sb_nodev(), but
    before that, it calls kill_anon_super() to destroy the superblock which
    won't be needed.  This is however way too soon to call kill_anon_super(),
    because get_sb_nodev() has to perform its own cleanup of the superblock
    first (deactivate_super(), etc.).  The correct time to call
    kill_anon_super() is in the autofs_kill_sb() callback, which is called by
    deactivate_super() at proper time, when the superblock is ready to be
    I can see the same faulty codepath also in autofs4.  This patch solves
    issues in both filesystems in a same way - it postpones the
    kill_anon_super() until the proper time is signalized by deactivate_super()
    calling the kill_sb() callback.
    [ update comment]
    Signed-off-by: Jiri Kosina <>
    Acked-by: Ian Kent <>
    Cc: <>
    Signed-off-by: Ian Kent <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  8. @rjwysocki @chriswright

    [PATCH] PM: Fix swsusp debug mode testproc

    rjwysocki authored chriswright committed
    The 'testproc' swsusp debug mode thaws tasks twice in a row, which is _very_
    confusing.  Fix that.
    Signed-off-by: Rafael J. Wysocki <>
    Acked-by: Pavel Machek <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  9. @chriswright

    [PATCH] compat: skip data conversion in compat_sys_mount when data_pa…

    Andrey Mirkin authored chriswright committed
    …ge is NULL
    OpenVZ Linux kernel team has found a problem with mounting in compat mode.
    Simple command "mount -t smbfs ..." on Fedora Core 5 distro in 32-bit mode
    leads to oops:
    Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
    [<ffffffff802bc7c6>] compat_sys_mount+0xd6/0x290
    PGD 34d48067 PUD 34d03067 PMD 0
    Oops: 0000 [1] SMP
    CPU: 0
    Modules linked in: iptable_nat simfs smbfs ip_nat ip_conntrack vzdquota
    parport_pc lp parport 8021q bridge llc vznetdev vzmon nfs lockd sunrpc vzdev
    iptable_filter af_packet xt_length ipt_ttl xt_tcpmss ipt_TCPMSS
    iptable_mangle xt_limit ipt_tos ipt_REJECT ip_tables x_tables thermal
    processor fan button battery asus_acpi ac uhci_hcd ehci_hcd usbcore i2c_i801
    i2c_core e100 mii floppy ide_cd cdrom
    Pid: 14656, comm: mount
    RIP: 0060:[<ffffffff802bc7c6>]  [<ffffffff802bc7c6>]
    RSP: 0000:ffff810034d31f38  EFLAGS: 00010292
    RAX: 000000000000002c RBX: 0000000000000000 RCX: 0000000000000000
    RDX: ffff810034c86bc0 RSI: 0000000000000096 RDI: ffffffff8061fc90
    RBP: ffff810034d31f78 R08: 0000000000000000 R09: 000000000000000d
    R10: ffff810034d31e58 R11: 0000000000000001 R12: ffff810039dc3000
    R13: 000000000805ea48 R14: 0000000000000000 R15: 00000000c0ed0000
    FS:  0000000000000000(0000) GS:ffffffff80749000(0033) knlGS:00000000b7d556b0
    CS:  0060 DS: 007b ES: 007b CR0: 000000008005003b
    CR2: 0000000000000000 CR3: 0000000034d43000 CR4: 00000000000006e0
    Process mount (pid: 14656, veid=300, threadinfo ffff810034d30000, task
    Stack:  0000000000000000 ffff810034dd0000 ffff810034e4a000 000000000805ea48
     0000000000000000 0000000000000000 0000000000000000 0000000000000000
     000000000805ea48 ffffffff8021e64e 0000000000000000 0000000000000000
    Call Trace:
     [<ffffffff8021e64e>] ia32_sysret+0x0/0xa
    Code: 83 3b 06 0f 85 41 01 00 00 0f b7 43 0c 89 43 14 0f b7 43 0a
    RIP  [<ffffffff802bc7c6>] compat_sys_mount+0xd6/0x290
     RSP <ffff810034d31f38>
    CR2: 0000000000000000
    The problem is that data_page pointer can be NULL, so we should skip data
    conversion in this case.
    Signed-off-by: Andrey Mirkin <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  10. @chriswright

    [PATCH] drm-sis linkage fix

    Andrew Morton authored chriswright committed
    WARNING: "drm_sman_set_manager" [drivers/char/drm/sis.ko] undefined!
    Cc: <>
    Cc: Dave Airlie <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  11. @chriswright

    [PATCH] add bottom_half.h

    Andrew Morton authored chriswright committed
    With CONFIG_SMP=n:
    drivers/input/ff-memless.c:384: warning: implicit declaration of function 'local_bh_disable'
    drivers/input/ff-memless.c:393: warning: implicit declaration of function 'local_bh_enable'
    Really linux/spinlock.h should include linux/interrupt.h.  But interrupt.h
    includes sched.h which will need spinlock.h.
    So the patch breaks the _bh declarations out into a separate header and
    includes it in bothj interrupt.h and spinlock.h.
    Cc: "Randy.Dunlap" <>
    Cc: Andi Kleen <>
    Cc: <>
    Cc: Ingo Molnar <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Chris Wright <>
  12. @tgraf @chriswright

    [PATCH] NETLINK: Restore API compatibility of address and neighbour bits

    tgraf authored chriswright committed
    Restore API compatibility due to bits moved from rtnetlink.h to
    separate headers.
    Signed-off-by: Thomas Graf <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  13. @chriswright

    [PATCH] IrDA: Incorrect TTP header reservation

    Jeet Chaudhuri authored chriswright committed
    We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in.
    This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size
    is greater than 0.
    Signed-off-by: Samuel Ortiz <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  14. @davem330 @chriswright

    [PATCH] IPSEC: Fix inetpeer leak in ipv4 xfrm dst entries.

    davem330 authored chriswright committed
    We grab a reference to the route's inetpeer entry but
    forget to release it in xfrm4_dst_destroy().
    Bug discovered by Kazunori MIYAZAWA <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  15. @seanyoung @chriswright

    [PATCH] USB: Fix oops in PhidgetServo

    seanyoung authored chriswright committed
    The PhidgetServo causes an Oops when any of its sysfs attributes are read
    or written too, making the driver useless.
    Signed-off-by: Sean Young <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Chris Wright <>
  16. @kaber @chriswright

    [PATCH] XFRM: Use output device disable_xfrm for forwarded packets

    kaber authored chriswright committed
    Currently the behaviour of disable_xfrm is inconsistent between
    locally generated and forwarded packets. For locally generated
    packets disable_xfrm disables the policy lookup if it is set on
    the output device, for forwarded traffic however it looks at the
    input device. This makes it impossible to disable xfrm on all
    devices but a dummy device and use normal routing to direct
    traffic to that device.
    Always use the output device when checking disable_xfrm.
    Signed-off-by: Patrick McHardy <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  17. @davem330 @chriswright

    [PATCH] TOKENRING: Remote memory corruptor in ibmtr.c

    davem330 authored chriswright committed
    ip_summed changes last summer had missed that one.  As the result,
    we have ip_summed interpreted as CHECKSUM_PARTIAL now.  IOW,
    ->csum is interpreted as offset of checksum in the packet.  net/core/*
    will both read and modify the value as that offset, with obvious
    reasons.  At the very least it's a remote memory corruptor.
    Signed-off-by: Al Viro <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  18. @chriswright

    [PATCH] do_coredump() and not stopping rewrite attacks? (CVE-2006-6304)

    Alexey Dobriyan authored chriswright committed
    On Sat, Dec 02, 2006 at 11:47:44PM +0300, Alexey Dobriyan wrote:
    > David Binderman compiled 2.6.19 with icc and grepped for "was set but never
    > used". Many warnings are on
    Heh, the very first line:
    fs/exec.c(1465): remark #593: variable "flag" was set but never used
      1477		/*
      1478		 *	We cannot trust fsuid as being the "true" uid of the
      1479		 *	process nor do we know its entire history. We only know it
      1480		 *	was tainted so we dump it as root in mode 2.
      1481		 */
      1482		if (mm->dumpable == 2) {	/* Setuid core dump mode */
      1483			flag = O_EXCL;		/* Stop rewrite attacks */
      1484			current->fsuid = 0;	/* Dump root private */
      1485		}
    And then filp_open follows with "flag" totally ignored.
    Signed-off-by: Chris Wright <>
  19. @chriswright

    [PATCH] IB/ucm: Fix deadlock in cleanup

    Michael S Tsirkin authored chriswright committed
    ib_ucm_cleanup_events() holds file_mutex while calling ib_destroy_cm_id().
    This can deadlock since ib_destroy_cm_id() flushes event handlers, and
    ib_ucm_event_handler() needs file_mutex, too.  Therefore, drop the
    file_mutex during the call to ib_destroy_cm_id().
    Signed-off-by: Michael S. Tsirkin <>
    Signed-off-by: Roland Dreier <>
    Acked-by: Sean Hefty <>
    Signed-off-by: Chris Wright <>
  20. @chriswright

    [PATCH] softmac: fix unbalanced mutex_lock/unlock in ieee80211softmac…

    Maxime Austruy authored chriswright committed
    Routine ieee80211softmac_wx_set_mlme has one return that fails
    to release a mutex acquired at entry.
    Signed-off-by: Maxime Austruy <>
    Signed-off-by: Larry Finger <>
    Signed-off-by: Chris Wright <>
  21. @chriswright

    [PATCH] NETFILTER: bridge netfilter: deal with martians correctly

    Bart De Schuymer authored chriswright committed
    The attached patch resolves an issue where a IP DNATed packet with a
    martian source is forwarded while it's better to drop it. It also
    resolves messages complaining about ip forwarding being disabled while
    it's actually enabled. Thanks to lepton <> for
    reporting this problem.
    This is probably a candidate for the -stable release.
    Signed-off-by: Bart De Schuymer <>
    Signed-off-by: Patrick McHardy <>
    Signed-off-by: Chris Wright <>
  22. @chriswright

    [PATCH] NETFILTER: Fix iptables compat hook validation

    Dmitry Mishin authored chriswright committed
    In compat mode, matches and targets valid hooks checks always successful due
    to not initialized e->comefrom field yet. This patch separates this checks from
    translation code and moves them after mark_source_chains() call, where these
    marks are initialized.
    Signed-off-by: Dmitry Mishin <>
    Signed-off-by; Patrick McHardy <>
    Signed-off-by: Chris Wright <>
  23. @chriswright

    [PATCH] NETFILTER: Fix {ip, ip6, arp}_tables hook validation

    Dmitry Mishin authored chriswright committed
    Commit 590bdf7 introduced a regression
    in match/target hook validation. mark_source_chains builds a bitmask
    for each rule representing the hooks it can be reached from, which is
    then used by the matches and targets to make sure they are only called
    from valid hooks. The patch moved the match/target specific validation
    before the mark_source_chains call, at which point the mask is always zero.
    This patch returns back to the old order and moves the standard checks
    to mark_source_chains. This allows to get rid of a special case for
    standard targets as a nice side-effect.
    Signed-off-by: Dmitry Mishin <>
    Signed-off-by: Patrick McHardy <>
    Signed-off-by: Chris Wright <>
  24. @sadkingbilly @chriswright

    [PATCH] SUNHME: Fix for sunhme failures on x86

    sadkingbilly authored chriswright committed
    The following patch fixes the failure of sunhme drivers on x86 hosts
    due to missing pci_enable_device() and pci_set_master() calls, lost
    during code refactoring. It has been filed as bugzilla bug #7502 [0]
    and Debian bug #397460 [1].
    Signed-off-by: Jurij Smakov <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  25. @davem330 @chriswright

    [PATCH] PKT_SCHED act_gact: division by zero

    davem330 authored chriswright committed
    Not returning -EINVAL, because someone might want to use the value
    zero in some future gact_prob algorithm?
    Signed-off-by: Kim Nordlund <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  26. @lenb @chriswright

    [PATCH] Revert "ACPI: SCI interrupt source override"

    lenb authored chriswright committed
    This reverts commit 281ea49,
    which broke ACPI Interrupt source overrides that move
    the SCI from one IRQ in PIC mode to another in IOAPIC mode.
    If the SCI shared an interrupt line with another device,
    this would result in a "irq 18: nobody cared" type failure.
    Signed-off-by: Len Brown <>
    Signed-off-by: Chris Wright <>
  27. @herbertx @chriswright

    [PATCH] cryptoloop: Select CRYPTO_CBC

    herbertx authored chriswright committed
    As CBC is the default chaining method for cryptoloop, we should select
    it from cryptoloop to ease the transition.
    Signed-off-by: Herbert Xu <>
    Signed-off-by: Chris Wright <>
  28. @kaber @chriswright

    [PATCH] NET_SCHED: policer: restore compatibility with old iproute bi…

    kaber authored chriswright committed
    The tc actions increased the size of struct tc_police, which broke
    compatibility with old iproute binaries since both the act_police
    and the old NET_CLS_POLICE code check for an exact size match.
    Since the new members are not even used, the simple fix is to also
    accept the size of the old structure. Dumping is not affected since
    old userspace will receive a bigger structure, which is handled fine.
    Signed-off-by: Patrick McHardy <>
    Acked-by: Jamal Hadi Salim <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  29. @chriswright

    [PATCH] EBTABLES: Prevent wraparounds in checks for entry components'…

    Al Viro authored chriswright committed
    … sizes.
    Signed-off-by: Al Viro <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  30. @chriswright

    [PATCH] EBTABLES: Deal with the worst-case behaviour in loop checks.

    Al Viro authored chriswright committed
    No need to revisit a chain we'd already finished with during
    the check for current hook.  It's either instant loop (which
    we'd just detected) or a duplicate work.
    Signed-off-by: Al Viro <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  31. @chriswright

    [PATCH] EBTABLES: Verify that ebt_entries have zero ->distinguisher.

    Al Viro authored chriswright committed
    We need that for iterator to work; existing check had been too weak.
    Signed-off-by: Al Viro <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  32. @chriswright

    [PATCH] EBTABLES: Fix wraparounds in ebt_entries verification.

    Al Viro authored chriswright committed
    We need to verify that
    	a) we are not too close to the end of buffer to dereference
    	b) next entry we'll be checking won't be _before_ our
    While we are at it, don't subtract unrelated pointers...
    Signed-off-by: Al Viro <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
  33. @chriswright

    [PATCH] softmac: remove netif_tx_disable when scanning

    Michael Buesch authored chriswright committed
    In the scan section of ieee80211softmac, network transmits are disabled.
    When SoftMAC re-enables transmits, it may override the wishes of a driver
    that may have very good reasons for disabling transmits. At least one failure
    in bcm43xx can be traced to this problem. In addition, several unexplained
    problems may arise from the unexpected enabling of transmits.
    Signed-off-by: Michael Buesch <>
    Signed-off-by: Larry Finger <>
    Signed-off-by: Chris Wright <>
  34. @davem330 @chriswright

    [PATCH] IPV6 NDISC: Calculate packet length correctly for allocation.

    davem330 authored chriswright committed
    MAX_HEADER does not include the ipv6 header length in it,
    so we need to add it in explicitly.
    With help from YOSHIFUJI Hideaki.
    Signed-off-by: David S. Miller <>
    Signed-off-by: Chris Wright <>
Commits on Nov 29, 2006
  1. Linux 2.6.19

    Linus Torvalds authored
    It's all good.
Something went wrong with that request. Please try again.