Skip to content
Commits on Aug 21, 2007
  1. @gregkh

    Linux 2.6.22.4

    gregkh committed Aug 20, 2007
  2. @holtmann @gregkh

    Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)

    This fixes a vulnerability in the "parent process death signal"
    implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
    and iSEC Security Research.
    
    http://marc.info/?l=bugtraq&m=118711306802632&w=2
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    holtmann committed with gregkh Aug 17, 2007
Commits on Aug 15, 2007
  1. @gregkh

    Linux 2.6.22.3

    gregkh committed Aug 15, 2007
  2. @gregkh

    CPUFREQ: ondemand: add a check to avoid negative load calculation

    Due to rounding and inexact jiffy accounting, idle_ticks can sometimes
    be higher than total_ticks. Make sure those cases are handled as
    zero load case.
    
    Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Venki Pallipadi committed with gregkh Jun 20, 2007
  3. @gregkh

    CPUFREQ: ondemand: fix tickless accounting and software coordination bug

    With tickless kernel and software coordination os P-states, ondemand
    can look at wrong idle statistics. This can happen when ondemand sampling
    is happening on CPU 0 and due to software coordination sampling also looks at
    utilization of CPU 1. If CPU 1 is in tickless state at that moment, its idle
    statistics will not be uptodate and CPU 0 thinks CPU 1 is idle for less
    amount of time than it actually is.
    
    This can be resolved by looking at all the busy times of CPUs, which is
    accurate, even with tickless, and use that to determine idle time in a
    round about way (total time - busy time).
    
    Thanks to Arjan for originally reporting the ondemand bug on
    Lenovo T61.
    
    Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Venki Pallipadi committed with gregkh Jun 20, 2007
  4. @gregkh

    pata_atiixp: add SB700 PCI ID

    [libata] pata_atiixp: add SB700 PCI ID
    
    From AMD.
    
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Cc: Chuck Ebbert <cebbert@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jeff Garzik committed with gregkh Aug 13, 2007
  5. @gregkh

    stifb: detect cards in double buffer mode more reliably

    Visualize-EG, Graffiti and A4450A graphics cards on PARISC can
    be configured in double-buffer and standard mode, but the stifb
    driver supports standard mode only.
    This patch detects double-buffered cards more reliable.
    
    It is a real bugfix for a very nasty problem for all parisc users which have
    wrongly configured their graphic card.  The problem: The stifb graphics driver
    will not detect that the card is wrongly configured and then nevertheless just
    enables the graphics mode, which it shouldn't.  In the end, the user will see
    no further updates / boot messages on the screen.
    
    We had documented this problem already on our FAQ
    (http://parisc-linux.org/faq/index.html#viseg "Why do I get corrupted graphics
    with my Vis-EG/Graffiti/A4450A card?") but people still run into this problem.
     So having this fix in as early as possible can help us.
    
    Signed-off-by: Helge Deller <deller@gmx.de>
    Signed-off-by: Antonino Daplas <adaplas@gmail.com>
    Cc: Kyle McMartin <kyle@mcmartin.ca>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Helge Deller committed with gregkh Aug 10, 2007
  6. @gregkh

    direct-io: fix error-path crashes

    Need to initialize map_bh.b_state to zero.  Otherwise, in case of a faulty
    user-buffer its possible to go into dio_zero_block() and submit a page by
    mistake - since it checks for buffer_new().
    
    http://marc.info/?l=linux-kernel&m=118551339032528&w=2
    
    akpm: Linus had a (better) patch to just do a kzalloc() in there, but it got
    lost.  Probably this version is better for -stable anwyay.
    
    Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com>
    Acked-by: Joe Jin <joe.jin@oracle.com>
    Acked-by: Zach Brown <zach.brown@oracle.com>
    Cc: gurudas pai <gurudas.pai@oracle.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Badari Pulavarty committed with gregkh Aug 10, 2007
  7. @ozbenh @gregkh

    powerpc: Fix size check for hugetlbfs

    My "slices" address space management code that was added in 2.6.22
    implementation of get_unmapped_area() doesn't properly check that the
    size is a multiple of the requested page size. This allows userland to
    create VMAs that aren't a multiple of the huge page size with hugetlbfs
    (since hugetlbfs entirely relies on get_unmapped_area() to do that
    checking) which leads to a kernel BUG() when such areas are torn down.
    
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ozbenh committed with gregkh Aug 8, 2007
  8. @kimphill @gregkh

    PPC: Revert "[POWERPC] Add 'mdio' to bus scan id list for platforms w…

    …ith QE UEC"
    
    This reverts commit 3baee95.
    
    this was a mistake from the start; I added mdio type to the bus
    scan list early on in my ucc_geth migrate to phylib development,
    which is just pure wrong (the ucc_geth_mii driver creates the mii
    bus and the PHY layer handles PHY enumeration without translation).
    
    this accompanies commit 7792682:
    
     Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()"
    
    which was basically trying to hide a symptom of the original mistake
    this revert fixes.
    
    Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    kimphill committed with gregkh Jul 26, 2007
  9. @paulusmack @gregkh

    PPC: Revert "[POWERPC] Don't complain if size-cells == 0 in prom_pars…

    …e()"
    
    This reverts commit fd6e9d3.
    
    Having #size-cells == 0 in a node indicates that things under the
    node aren't directly accessible, and therefore we shouldn't try to
    translate addresses for devices under the node into CPU physical
    addresses.
    
    Some drivers, such as the nvram driver for powermacs, rely on
    of_address_to_resource failing if they are called for a node
    representing a device whose resources aren't directly accessible
    by the CPU.  These drivers were broken by commit fd6e9d3,
    resulting in the "Lombard" powerbook hanging early in the boot
    process.
    
    stable team, this patch is equivalent to commit
    
    7792682
    
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Cc: Kim Phillips <kim.phillips@freescale.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    paulusmack committed with gregkh Jul 26, 2007
  10. @htejun @gregkh

    ata_piix: update map 10b for ich8m

    Fix map entry 10b for ich8.  It's [P0 P2 IDE IDE] like ich6 / ich6m.
    
    Signed-off-by: Tejun Heo <htejun@gmail.com>
    Acked-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
    Cc: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    htejun committed with gregkh Aug 7, 2007
  11. @gregkh

    softmac: Fix deadlock of wx_set_essid with assoc work

    The essid wireless extension does deadlock against the assoc mutex,
    as we don't unlock the assoc mutex when flushing the workqueue, which
    also holds the lock.
    
    Signed-off-by: Michael Buesch <mb@bu3sch.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Michael Buesch committed with gregkh Aug 7, 2007
  12. @gregkh

    random: fix bound check ordering (CVE-2007-3105)

    If root raised the default wakeup threshold over the size of the
    output pool, the pool transfer function could overflow the stack with
    RNG bytes, causing a DoS or potential privilege escalation.
    
    (Bug reported by the PaX Team <pageexec@freemail.hu>)
    
    Cc: Theodore Tso <tytso@mit.edu>
    Cc: Willy Tarreau <w@1wt.eu>
    Signed-off-by: Matt Mackall <mpm@selenic.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Matt Mackall committed with gregkh Jul 15, 2007
  13. @gregkh

    fix oops in __audit_signal_info()

    	Check for audit_signals is misplaced and check for
    audit_dummy_context() is missing; as the result, if we send
    signal to auditd from task with NULL ->audit_context while
    we have audit_signals != 0 we end up with an oops.
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Acked-by: James Morris <jmorris@namei.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Al Viro committed with gregkh Aug 8, 2007
Commits on Aug 9, 2007
  1. @gregkh

    Linux 2.6.22.2

    gregkh committed Aug 9, 2007
  2. @gregkh

    UML: exports for hostfs

    Add some exports for hostfs that are required after Alberto Bertogli's
    fixes for accessing unlinked host files.
    
    Also did some style cleanups while I was here.
    
    Signed-off-by: Jeff Dike <jdike@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jeff Dike committed with gregkh Jul 10, 2007
  3. @jirislaby @gregkh

    sx: switch subven and subid values

    sx.c is failing to locate Graham's card.
    
    Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
    Cc: Graham Murray <gmurray@webwayone.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    jirislaby committed with gregkh Jul 10, 2007
  4. @gregkh

    USB: fix for ftdi_sio quirk handling

    this one fixes an oops with quirky ftdi_sio devices. As it fixes a
    regression, I propose that it be included in 2.6.22
    
    Signed-off-by: Oliver Neukum <oneukum@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Oliver Neukum committed with gregkh Jul 2, 2007
  5. @kaber @gregkh

    Netfilter: Fix logging regression

    [NETFILTER]: Fix logging regression
    
    Loading one of the LOG target fails if a different target has already
    registered itself as backend for the same family. This can affect the
    ipt_LOG and ipt_ULOG modules when both are loaded.
    
    Reported and tested by: <t.artem@mailcity.com>
    Upstream-commit: 7e2acc7
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    kaber committed with gregkh Jul 25, 2007
  6. @gregkh

    sysfs: release mutex when kmalloc() failed in sysfs_open_file().

    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    YOSHIFUJI Hideaki committed with gregkh Jul 12, 2007
  7. @gregkh

    IPV6: /proc/net/anycast6 unbalanced inet6_dev refcnt

    Reading /proc/net/anycast6 when there is no anycast address
    on an interface results in an ever-increasing inet6_dev reference
    count, as well as a reference to the netdevice you can't get rid of.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Cc: Marcus Meissner <meissner@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    David Stevens committed with gregkh Feb 26, 2007
  8. @gregkh

    nf_conntrack: don't track locally generated special ICMP error

    [NETFILTER]: nf_conntrack: don't track locally generated special ICMP error
    
    The conntrack assigned to locally generated ICMP error is usually the one
    assigned to the original packet which has caused the error. But if
    the original packet is handled as invalid by nf_conntrack, no conntrack
    is assigned to the original packet. Then nf_ct_attach() cannot assign
    any conntrack to the ICMP error packet. In that case the current
    nf_conntrack_icmp assigns appropriate conntrack to it. But the current
    code mistakes the direction of the packet. As a result, NAT code mistakes
    the address to be mangled.
    
    To fix the bug, this changes nf_conntrack_icmp not to assign conntrack
    to such ICMP error. Actually no address is necessary to be mangled
    in this case.
    
    Spotted by Jordan Russell.
    
    Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
    
    Upstream commit ID: 130e7a8
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Yasuyuki Kozakai committed with gregkh Jul 17, 2007
  9. @gregkh

    Keep rfcomm_dev on the list until it is freed

    This patch changes the RFCOMM TTY release process so that the TTY is kept
    on the list until it is really freed. A new device flag is used to keep
    track of released TTYs.
    
    Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Ville Tervo committed with gregkh Jul 11, 2007
  10. @mcfrisk @gregkh

    Hangup TTY before releasing rfcomm_dev

    The core problem is that RFCOMM socket layer ioctl can release
    rfcomm_dev struct while RFCOMM TTY layer is still actively using
    it. Calling tty_vhangup() is needed for a synchronous hangup before
    rfcomm_dev is freed.
    
    Addresses the oops at http://bugzilla.kernel.org/show_bug.cgi?id=7509
    
    Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    mcfrisk committed with gregkh Jul 11, 2007
  11. @gregkh

    ACPI: dock: fix opps after dock driver fails to initialize

    ACPI: dock: fix opps after dock driver fails to initialize
    
    The driver tests the dock_station pointer for nonnull
    to check whether it has initialized properly. But in
    some cases dock_station will be non-null after being
    freed when driver init fails. Fix by zeroing the
    pointer after freeing.
    
    Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
    Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
    Signed-off-by: Len Brown <len.brown@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Chuck Ebbert committed with gregkh Aug 7, 2007
  12. @gregkh

    cr_backlight_probe() allocates too little storage for struct cr_panel

    The Coverity checker noticed that we allocate too little storage for
    "struct cr_panel *crp" in cr_backlight_probe().
    
    Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
    Cc: Thomas Hellstrom <thomas@tungstengraphics.com>
    Cc: Alan Hourihane <alanh@tungstengraphics.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jesper Juhl committed with gregkh Jul 20, 2007
  13. @gregkh

    dm: disable barriers

    This patch causes device-mapper to reject any barrier requests.  This is done
    since most of the targets won't handle this correctly anyway.  So until the
    situation improves it is better to reject these requests at the first place.
    Since barrier requests won't get to the targets, the checks there can be
    removed.
    
    Signed-off-by: Stefan Bader <shbader@de.ibm.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Stefan Bader committed with gregkh Jul 12, 2007
  14. @gregkh

    dm snapshot: permit invalid activation

    Allow invalid snapshots to be activated instead of failing.
    
    This allows userspace to reinstate any given snapshot state - for
    example after an unscheduled reboot - and clean up the invalid snapshot
    at its leisure.
    
    Signed-off-by: Milan Broz <mbroz@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Milan Broz committed with gregkh Jul 12, 2007
  15. @gregkh

    dm io: fix another panic on large request

    bio_alloc_bioset() will return NULL if 'num_vecs' is too large.
    Use bio_get_nr_vecs() to get estimation of maximum number.
    
    Signed-off-by: Junichi Nomura <j-nomura@ce.jp.nec.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jun'ichi Nomura committed with gregkh Jul 12, 2007
  16. @gregkh

    dm raid1: fix status

    Fix mirror status line broken in dm-log-report-fault-status.patch:
      - space missing between two words
      - placeholder ("0") required for compatibility with a subsequent patch
      - incorrect offset parameter
    
    Signed-off-by: Milan Broz <mbroz@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Milan Broz committed with gregkh Jul 12, 2007
  17. @gregkh

    nfsd: fix possible oops on re-insertion of rpcsec_gss modules

    The handling of the re-registration case is wrong here; the "test" that was
    returned from auth_domain_lookup will not be used again, so that reference
    should be put.  And auth_domain_lookup never did anything with "new" in
    this case, so we should just clean it up ourself.
    
    Thanks to Akinobu Mita for bug report, analysis, and testing.
    
    Cc: Akinobu Mita <akinobu.mita@gmail.com>
    Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
    Cc: Neil Brown <neilb@suse.de>
    Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    J. Bruce Fields committed with gregkh Jul 23, 2007
  18. @gregkh

    ieee1394: revert "sbp2: enforce 32bit DMA mapping"

    Revert commit 0555659 from 2.6.22-rc1.
    The dma_set_mask call somehow failed on a PowerMac G5, PPC64:
    http://lkml.org/lkml/2007/8/1/344
    
    Should there ever occur a DMA mapping beyond the physical DMA range, a
    proper SBP-2 firmware will report transport errors.  So let's leave it
    at that.
    
    Same as commit a9c2f18.
    
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Tested-by: Olaf Hering <olh@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Stefan Richter committed with gregkh Aug 4, 2007
  19. @htejun @gregkh

    libata: add FUJITSU MHV2080BH to NCQ blacklist

    Please warmly welcome the first member from FUJITSU to the prestigious
    NCQ spurious completion club.
    
    This is reported by Serge Van Thillo in bugzilla bug 8730.
    
      http://bugzilla.kernel.org/show_bug.cgi?id=8730
    
    Signed-off-by: Tejun Heo <htejun@gmail.com>
    Cc: Serge van Thillo <nulleke@hotmail.com>
    Cc: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    htejun committed with gregkh Jul 10, 2007
  20. @gregkh

    cfq-iosched: fix async queue behaviour

    With the cfq_queue hash removal, we inadvertently got rid of the
    async queue sharing. This was not intentional, in fact CFQ purposely
    shares the async queue per priority level to get good merging for
    async writes.
    
    So put some logic in cfq_get_queue() to track the shared queues.
    
    Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jens Axboe committed with gregkh Jul 10, 2007
Something went wrong with that request. Please try again.