Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on May 1, 2008
  1. @gregkh

    Linux 2.6.24.6

    gregkh authored
  2. @gregkh

    Fix dnotify/close race (CVE-2008-1375)

    Al Viro authored gregkh committed
    commit 214b704 upstream.
    
    We have a race between fcntl() and close() that can lead to
    dnotify_struct inserted into inode's list *after* the last descriptor
    had been gone from current->files.
    
    Since that's the only point where dnotify_struct gets evicted, we are
    screwed - it will stick around indefinitely.  Even after struct file in
    question is gone and freed.  Worse, we can trigger send_sigio() on it at
    any later point, which allows to send an arbitrary signal to arbitrary
    process if we manage to apply enough memory pressure to get the page
    that used to host that struct file and fill it with the right pattern...
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @pebolle @gregkh

    ISDN: Do not validate ISDN net device address prior to interface-up

    pebolle authored gregkh committed
    Commit bada339 (Validate device addr prior to interface-up) caused a regression
    in the ISDN network code, see: http://bugzilla.kernel.org/show_bug.cgi?id=9923
    The trivial fix is to remove the pointer to eth_validate_addr() in the
    net_device struct in isdn_net_init().
    
    Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @gregkh

    V4L: cx88: enable radio GPIO correctly

    Steven Toth authored gregkh committed
    This patch fixes an issue on the HVR1300, where GPIO is blown away due to
    the radio input being undefined, breaking the functionality of the DVB
    demodulator and MPEG2 encoder used on the cx8802 mpeg TS port.
    
    This is a minimal patch for 2.6.26 and the -stable series.  This must be
    fixed a better way for 2.6.27.
    
    Signed-off-by: Steven Toth <stoth@hauppauge.com>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    (cherry picked from commit 6b92b3b)
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @Alan-Cox @gregkh

    V4L: Fix VIDIOCGAP corruption in ivtv

    Alan-Cox authored gregkh committed
    Frank Bennett reported that ivtv was causing skype to crash. With help
    from one of their developers he showed it was a kernel problem.
    VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
    that are too long and does not truncate them so corrupts a few bytes of
    the app data area.
    
    Possibly the names also want trimming but for now this should fix the
    corruption case.
    
    Signed-off-by: Alan Cox <alan@redhat.com>
    Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    (cherry picked from commit d2b213f)
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @gregkh

    USB: remove broken usb-serial num_endpoints check

    gregkh authored
    commit: 07c3b1a
    
    The num_interrupt_in, num_bulk_in, and other checks in the usb-serial
    code are just wrong, there are too many different devices out there with
    different numbers of endpoints.  We need to just be sticking with the
    device ids instead of trying to catch this kind of thing.  It broke too
    many different devices.
    
    This fixes a large number of usb-serial devices to get them working
    properly again.
    
    
    Cc: Oliver Neukum <oliver@neukum.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    Increase the max_burst threshold from 3 to tp->reordering.

    John Heffner authored gregkh committed
    [ Upstream commit: dd9e0dd ]
    
    This change is necessary to allow cwnd to grow during persistent
    reordering.  Cwnd moderation is applied when in the disorder state
    and an ack that fills the hole comes in.  If the hole was greater
    than 3 packets, but less than tp->reordering, cwnd will shrink when
    it should not have.
    
    Signed-off-by: John Heffner <jheffner@napa.none>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @dwmw2 @gregkh

    JFFS2: Fix free space leak with in-band cleanmarkers

    dwmw2 authored gregkh committed
    We were accounting for the cleanmarker by calling jffs2_link_node_ref()
    (without locking!), which adjusted both superblock and per-eraseblock
    accounting, subtracting the size of the cleanmarker from {jeb,c}->free_size
    and adding it to {jeb,c}->used_size.
    
    But only _then_ were we adding the size of the newly-erased block back
    to the superblock counts, and we were adding each of jeb->{free,used}_size
    to the corresponding superblock counts. Thus, the size of the cleanmarker
    was effectively subtracted from the superblock's free_size _twice_.
    
    Fix this, by always adding a full eraseblock size to c->free_size when
    we've erased a block. And call jffs2_link_node_ref() under the proper
    lock, while we're at it.
    
    Thanks to Alexander Yurchenko and/or Damir Shayhutdinov for (almost)
    pinpointing the problem.
    
    [Backport of commit 014b164]
    
    Signed-off-by: David Woodhouse <dwmw2@infradead.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    USB: gadget: queue usb USB_CDC_GET_ENCAPSULATED_RESPONSE message

    Jan Altenberg authored gregkh committed
    backport of 41566bc
    
    commit 0cf4f2d introduced a bug, which
    prevents sending an USB_CDC_GET_ENCAPSULATED_RESPONSE message. This
    breaks the RNDIS initialization (especially / only Windoze machines
    dislike this behavior...).
    
    Signed-off-by: Benedikt Spranger <b.spranger@linutronix.de>
    Signed-off-by: Jan Altenberg <jan.altenberg@linutronix.de>
    Acked-by: David Brownell <dbrownell@users.sourceforge.net>
    Cc: Vernon Sauder <vernoninhand@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    tehuti: move ioctl perm check closer to function start (CVE-2008-1675)

    Jeff Garzik authored gregkh committed
    Commit f946dff upstream
    
    Noticed by davem.
    
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @gregkh

    tehuti: check register size (CVE-2008-1675)

    Francois Romieu authored gregkh committed
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @gregkh

    x86: Fix 32-bit x86 MSI-X allocation leakage

    PJ Waskiewicz authored gregkh committed
    commit 9d9ad4b upstream
    
    This bug was introduced in the 2.6.24 lguest tree merge, where
    MSI-X vector allocation will eventually fail.  The cause is the new
    bit array tracking used vectors is not getting cleared properly on
    IRQ destruction on the 32-bit APIC code.
    
    This can be seen easily using the ixgbe 10 GbE driver on multi-core
    systems by simply loading and unloading the driver a few times.
    Depending on the number of available vectors on the host system, the
    MSI-X allocation will eventually fail, and the driver will only be
    able to use legacy interrupts.
    
    Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @gregkh

    fix oops on rmmod capidrv

    Karsten Keil authored gregkh committed
    commit eb36f4f upstream.
    
    Fix overwriting the stack with the version string
    (it is currently 10 bytes + zero) when unloading the
    capidrv module. Safeguard against overwriting it
    should the version string grow in the future.
    
    Should fix Kernel Bug Tracker Bug 9696.
    
    Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com>
    Acked-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @gregkh

    splice: use mapping_gfp_mask

    Hugh Dickins authored gregkh committed
    upstream commit: 4cd1350
    
    The loop block driver is careful to mask __GFP_IO|__GFP_FS out of its
    mapping_gfp_mask, to avoid hangs under memory pressure.  But nowadays
    it uses splice, usually going through __generic_file_splice_read.  That
    must use mapping_gfp_mask instead of GFP_KERNEL to avoid those hangs.
    
    Signed-off-by: Hugh Dickins <hugh@veritas.com>
    Cc: Jens Axboe <jens.axboe@oracle.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Commits on Apr 19, 2008
  1. @chriswright

    Linux 2.6.24.5

    chriswright authored
  2. @chriswright

    locks: fix possible infinite loop in fcntl(F_SETLKW) over nfs

    J. Bruce Fields authored chriswright committed
    upstream commit: 19e729a
    
    Miklos Szeredi found the bug:
    
    	"Basically what happens is that on the server nlm_fopen() calls
    	nfsd_open() which returns -EACCES, to which nlm_fopen() returns
    	NLM_LCK_DENIED.
    
    	"On the client this will turn into a -EAGAIN (nlm_stat_to_errno()),
    	which in will cause fcntl_setlk() to retry forever."
    
    So, for example, opening a file on an nfs filesystem, changing
    permissions to forbid further access, then trying to lock the file,
    could result in an infinite loop.
    
    And Trond Myklebust identified the culprit, from Marc Eshel and I:
    
    	7723ec9 "locks: factor out
    	generic/filesystem switch from setlock code"
    
    That commit claimed to just be reshuffling code, but actually introduced
    a behavioral change by calling the lock method repeatedly as long as it
    returned -EAGAIN.
    
    We assumed this would be safe, since we assumed a lock of type SETLKW
    would only return with either success or an error other than -EAGAIN.
    However, nfs does can in fact return -EAGAIN in this situation, and
    independently of whether that behavior is correct or not, we don't
    actually need this change, and it seems far safer not to depend on such
    assumptions about the filesystem's ->lock method.
    
    Therefore, revert the problematic part of the original commit.  This
    leaves vfs_lock_file() and its other callers unchanged, while returning
    fcntl_setlk and fcntl_setlk64 to their former behavior.
    
    Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
    Tested-by: Miklos Szeredi <mszeredi@suse.cz>
    Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
    Cc: Marc Eshel <eshel@almaden.ibm.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  3. @hallyn @chriswright

    file capabilities: remove cap_task_kill()

    hallyn authored chriswright committed
    upstream commit: aedb60a
    
    The original justification for cap_task_kill() was as follows:
    
    	check_kill_permission() does appropriate uid equivalence checks.
    	However with file capabilities it becomes possible for an
    	unprivileged user to execute a file with file capabilities
    	resulting in a more privileged task with the same uid.
    
    However now that cap_task_kill() always returns 0 (permission
    granted) when p->uid==current->uid, the whole hook is worthless,
    and only likely to create more subtle problems in the corner cases
    where it might still be called but return -EPERM.  Those cases
    are basically when uids are different but euid/suid is equivalent
    as per the check in check_kill_permission().
    
    One example of a still-broken application is 'at' for non-root users.
    
    This patch removes cap_task_kill().
    
    Signed-off-by: Serge Hallyn <serge@hallyn.com>
    Acked-by: Andrew G. Morgan <morgan@kernel.org>
    Earlier-version-tested-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
    Acked-by: Casey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    [chrisw@sous-sol.org: backport to 2.6.24.4]
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  4. @chriswright

    macb: Call phy_disconnect on removing

    Atsushi Nemoto authored chriswright committed
    upstream commit: 84b7901
    
    Call phy_disconnect() on remove routine.  Otherwise the phy timer
    causes a kernel crash when unloading.
    
    Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  5. @chriswright

    fbdev: fix /proc/fb oops after module removal

    Alexey Dobriyan authored chriswright committed
    upstream commit: c43f89c
    
    /proc/fb is not removed during rmmod.
    
    Steps to reproduce:
    
    	modprobe fb
    	rmmod fb
    	ls /proc
    
    BUG: unable to handle kernel paging request at ffffffffa0094370
    IP: [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
    PGD 203067 PUD 207063 PMD 17e758067 PTE 0
    Oops: 0000 [1] SMP
    last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.0/resource
    CPU 1
    Modules linked in: nf_conntrack_irc xt_state iptable_filter ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables vfat fat usbhid ehci_hcd uhci_hcd usbcore sr_mod cdrom [last unloaded: fb]
    Pid: 21205, comm: ls Not tainted 2.6.25-rc8-mm2 #14
    RIP: 0010:[<ffffffff802b92a1>]  [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
    RSP: 0018:ffff81017c4bfc78  EFLAGS: 00010246
    RAX: 0000000000008000 RBX: ffff8101787f5470 RCX: 0000000048011ccc
    RDX: ffffffffa0094320 RSI: ffff810006ad43b0 RDI: ffff81017fc2cc00
    RBP: ffff81017e450300 R08: 0000000000000002 R09: ffff81017c5d1000
    R10: 0000000000000000 R11: 0000000000000246 R12: ffff81016b903a28
    R13: ffff81017f822020 R14: ffff81017c4bfd58 R15: ffff81017f822020
    FS:  00007f08e71696f0(0000) GS:ffff81017fc06480(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: ffffffffa0094370 CR3: 000000017e54a000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process ls (pid: 21205, threadinfo ffff81017c4be000, task ffff81017de48770)
    Stack:  ffff81017c5d1000 00000000ffffffea ffff81017e450300 ffffffff802bdd1e
     ffff81017f802258 ffff81017c4bfe48 ffff81016b903a28 ffff81017f822020
     ffff81017c4bfd48 ffffffff802b9ba0 ffff81016b903a28 ffff81017f802258
    Call Trace:
     [<ffffffff802bdd1e>] ? proc_lookup_de+0x8e/0x100
     [<ffffffff802b9ba0>] ? proc_root_lookup+0x20/0x60
     [<ffffffff802882a7>] ? do_lookup+0x1b7/0x210
     [<ffffffff8028883d>] ? __link_path_walk+0x53d/0x7f0
     [<ffffffff80295eb8>] ? mntput_no_expire+0x28/0x130
     [<ffffffff80288b4a>] ? path_walk+0x5a/0xc0
     [<ffffffff80288dd3>] ? do_path_lookup+0x83/0x1c0
     [<ffffffff80287785>] ? getname+0xe5/0x210
     [<ffffffff80289adb>] ? __user_walk_fd+0x4b/0x80
     [<ffffffff8028236c>] ? vfs_lstat_fd+0x2c/0x70
     [<ffffffff8028bf1e>] ? filldir+0xae/0xf0
     [<ffffffff802b92e9>] ? de_put+0x9/0x50
     [<ffffffff8029633d>] ? mnt_want_write+0x2d/0x80
     [<ffffffff8029339f>] ? touch_atime+0x1f/0x170
     [<ffffffff802b9b1d>] ? proc_root_readdir+0x7d/0xa0
     [<ffffffff802825e7>] ? sys_newlstat+0x27/0x50
     [<ffffffff8028bffb>] ? vfs_readdir+0x9b/0xd0
     [<ffffffff8028c0fe>] ? sys_getdents+0xce/0xe0
     [<ffffffff8020b39b>] ? system_call_after_swapgs+0x7b/0x80
    
    Code: b7 83 b2 00 00 00 25 00 f0 00 00 3d 00 80 00 00 74 19 48 89 93 f0 00 00 00 48 89 df e8 39 9a fd ff 48 89 d8 48 83 c4 08 5b 5d c3 <48> 83 7a 50 00 48 c7 c0 60 16 45 80 48 c7 c2 40 17 45 80 48 0f
    RIP  [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
     RSP <ffff81017c4bfc78>
    CR2: ffffffffa0094370
    ---[ end trace c71hiarjan8ab739 ]---
    
    Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
    "Antonino A. Daplas" <adaplas@pol.net>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  6. @chriswright

    acpi: bus: check once more for an empty list after locking it

    Chuck Ebbert authored chriswright committed
    upstream commit: f0a37e0
    
    List could have become empty after the unlocked check that was made earlier,
    so check again inside the lock.
    
    Should fix https://bugzilla.redhat.com/show_bug.cgi?id=427765
    
    Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
    Cc: <stable@kernel.org>
    Cc: Len Brown <lenb@kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  7. @jkkm @chriswright

    PARISC fix signal trampoline cache flushing

    jkkm authored chriswright committed
    upstream commit: cf39cc3
    
    The signal trampolines were accidently flushing the kernel I$ instead of
    the users.  Fix that up, and also add a missing user D$ flush while
    we're at it.
    
    Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  8. @chriswright

    PARISC pdc_console: fix bizarre panic on boot

    Kyle McMartin authored chriswright committed
    upstream commit ef1afd4
    
    commit 721fdf3
    Author: Kyle McMartin <kyle@shortfin.cabal.ca>
    Date:   Thu Dec 6 09:32:15 2007 -0800
    
        [PARISC] print more than one character at a time for pdc console
    
    introduced a subtle bug by accidentally removing the "static" from
    iodc_dbuf. This resulted in, what appeared to be, a trap without
    *current set to a task. Probably the result of a trap in real mode
    while calling firmware.
    
    Also do other misc clean ups. Since the only input from firmware is non
    blocking, share iodc_dbuf between input and output, and spinlock the
    only callers.
    
    [jejb: fixed up rejections against the stable tree]
    
    Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  9. @chriswright

    PARISC futex: special case cmpxchg NULL in kernel space

    Kyle McMartin authored chriswright committed
    upstream commit: c20a84c
    
    commit f9e77ac
    Author: Thomas Gleixner <tglx@linutronix.de>
    Date:   Sun Feb 24 02:10:05 2008 +0000
    
        futex: runtime enable pi and robust functionality
     
    
    which was backported to stable based on mainline Commit
    a0c1e90 added code to futex.c
    to detect whether futex_atomic_cmpxchg_inatomic was implemented at run
    time:
    
    +       curval = cmpxchg_futex_value_locked(NULL, 0, 0);
    +       if (curval == -EFAULT)
    +               futex_cmpxchg_enabled = 1;
    
    This is bogus on parisc, since page zero in kernel virtual space is the
    gateway page for syscall entry, and should not be read from the kernel.
    (That, and we really don't like the kernel faulting on its own address
     space...)
    
    Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  10. @lenb @chriswright

    pnpacpi: reduce printk severity for "pnpacpi: exceeded the max number…

    lenb authored chriswright committed
    … of ..."
    
    upstream commit 33fd7af 
    
    We have been printing these messages at KERN_ERR since 2.6.24,
    per http://bugzilla.kernel.org/show_bug.cgi?id=9535
    
    But KERN_ERR pops up on a console booted with "quiet"
    and causes users to get alarmed and file bugs
    about the message itself:
    https://bugzilla.redhat.com/show_bug.cgi?id=436589
    
    So reduce the severity of these messages to
    KERN_WARNING, which is not printed by "quiet".
    
    This message will still be seen without "quiet",
    but a lot of messages are printed in that mode
    and it will be less likely to cause undue alarm.
    
    We could go all the way to KERN_DEBUG, but this
    is a real warning after all, so it seems prudent
    not to require "debug" to see it.
    
    Signed-off-by: Len Brown <len.brown@intel.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  11. @agx @chriswright

    POWERPC: Fix build of modular drivers/macintosh/apm_emu.c

    agx authored chriswright committed
    upstream commit: 620a245
    
    Currently, if drivers/macintosh/apm_emu is a module and the config
    doesn't have CONFIG_SUSPEND we get:
    
    ERROR: "pmu_batteries" [drivers/macintosh/apm_emu.ko] undefined!
    ERROR: "pmu_battery_count" [drivers/macintosh/apm_emu.ko] undefined!
    ERROR: "pmu_power_flags" [drivers/macintosh/apm_emu.ko] undefined!
    
    on PPC32.  The variables aren't wrapped in '#if defined(CONFIG_SUSPEND)'
    so we probably shouldn't wrap the exports either.  This removes the
    CONFIG_SUSPEND part of the export, which fixes compilation on ppc32.
    
    Signed-off-by: Guido Guenther <agx@sigxcpu.org>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    
    mpagano@gentoo.org notes:
    
    The details can be found at http://bugs.gentoo.org/show_bug.cgi?id=217629. 
    
    Cc: Mike Pagano <mpagano@gentoo.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  12. @djbw @chriswright

    md: close a livelock window in handle_parity_checks5

    djbw authored chriswright committed
    upstream commit: bd2ab67
    
    If a failure is detected after a parity check operation has been initiated,
    but before it completes handle_parity_checks5 will never quiesce operations on
    the stripe.
    
    Explicitly handle this case by "canceling" the parity check, i.e.  clear the
    STRIPE_OP_CHECK flags and queue the stripe on the handle list again to refresh
    any non-uptodate blocks.
    
    Kernel versions >= 2.6.23 are susceptible.
    
    Cc: <stable@kernel.org>
    Cc: NeilBrown <neilb@suse.de>
    Signed-off-by: Dan Williams <dan.j.williams@intel.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  13. @davidel @chriswright

    signalfd: fix for incorrect SI_QUEUE user data reporting

    davidel authored chriswright committed
    upstream commit: 0859ab5
    
    Michael Kerrisk found out that signalfd was not reporting back user data
    pushed using sigqueue:
    
      http://groups.google.com/group/linux.kernel/msg/9397cab8551e3123
    
    The following patch makes signalfd report back the ssi_ptr and ssi_int members
    of the signalfd_siginfo structure.
    
    Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
    Acked-by: Michael Kerrisk <mtk.manpages@googlemail.com>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  14. @chriswright

    plip: replace spin_lock_irq with spin_lock_irqsave in irq context

    Mikulas Patocka authored chriswright committed
    upstream commit: cabce28
    
    Plip uses spin_lock_irq/spin_unlock_irq in its IRQ handler (called from
    parport IRQ handler), the latter enables interrupts without parport
    subsystem IRQ handler expecting it.
    
    The bug can be seen if you compile kernel with lock dependency checking
    and use plip --- it produces a warning.
    
    This patch changes it to spin_lock_irqsave/spin_lock_irqrestore, so that
    it doesn't enable interrupts when already disabled.
    
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  15. @chriswright

    acpi: fix "buggy BIOS check" when CPUs are hot removed

    Alok Kataria authored chriswright committed
    upstream commit: ba62b07
    
    Fixes a BUG in ACPI hotplugging.
    
    processor_device_array[pr->id] needs to be set to NULL when removing a CPU.
    Else the "buggy BIOS check" in acpi_processor_start mistakenly fires when a
    CPU is removed from the system and then later re-added.
    
    Signed-off-by: Alok N Kataria <akataria@vmware.com>
    Signed-off-by: Dan Arai <arai@vmware.com>
    Cc: Len Brown <lenb@kernel.org>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  16. @chriswright

    HFS+: fix unlink of links

    Roman Zippel authored chriswright committed
    upstream commit: 76b0c26
    
    Some time ago while attempting to handle invalid link counts, I botched 
    the unlink of links itself, so this patch fixes this now correctly, so 
    that only the link count of nodes that don't point to links is ignored.
    Thanks to Vlado Plaga <rechner@vlado-do.de> to notify me of this 
    problem.
    
    Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  17. @chriswright

    DVB: tda10086: make the 22kHz tone for DISEQC a config option

    Hartmut Hackmann authored chriswright committed
    (backported from commit ea75baf)
    
    Some cards need the diseqc signal modulated, while some just need
    the envelope to control the LNB supply.
    
    This fixes Bug 9887
    
    Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
    Acked-by: Oliver Endriss <o.endriss@gmx.de>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Cc: Hermann Pitton <hermann-pitton@arcor.de>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  18. @davem330 @chriswright

    SPARC64: Fix FPU saving in 64-bit signal handling.

    davem330 authored chriswright committed
    Upstream commit: 7c3cce9
    
    The calculation of the FPU reg save area pointer
    was wrong.
    
    Based upon an OOPS report from Tom Callaway.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  19. @hidave @chriswright

    bluetooth: hci_core: defer hci_unregister_sysfs()

    hidave authored chriswright committed
    upstream commit: 147e2d5
    
    Alon Bar-Lev reports:
    
     Feb 16 23:41:33 alon1 usb 3-1: configuration #1 chosen from 1 choice
    Feb 16 23:41:33 alon1 BUG: unable to handle kernel NULL pointer
    dereference at virtual address 00000008
    Feb 16 23:41:33 alon1 printing eip: c01b2db6 *pde = 00000000
    Feb 16 23:41:33 alon1 Oops: 0000 [#1] PREEMPT
    Feb 16 23:41:33 alon1 Modules linked in: ppp_deflate zlib_deflate
    zlib_inflate bsd_comp ppp_async rfcomm l2cap hci_usb vmnet(P)
    vmmon(P) tun radeon drm autofs4 ipv6 aes_generic crypto_algapi
    ieee80211_crypt_ccmp nf_nat_irc nf_nat_ftp nf_conntrack_irc
    nf_conntrack_ftp ipt_MASQUERADE iptable_nat nf_nat ipt_REJECT
    xt_tcpudp ipt_LOG xt_limit xt_state nf_conntrack_ipv4 nf_conntrack
    iptable_filter ip_tables x_tables snd_pcm_oss snd_mixer_oss
    snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
    bluetooth ppp_generic slhc ioatdma dca cfq_iosched cpufreq_powersave
    cpufreq_ondemand cpufreq_conservative acpi_cpufreq freq_table uinput
    fan af_packet nls_cp1255 nls_iso8859_1 nls_utf8 nls_base pcmcia
    snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm nsc_ircc snd_timer
    ipw2200 thinkpad_acpi irda snd ehci_hcd yenta_socket uhci_hcd
    psmouse ieee80211 soundcore intel_agp hwmon rsrc_nonstatic pcspkr
    e1000 crc_ccitt snd_page_alloc i2c_i801 ieee80211_crypt pcmcia_core
    agpgart thermal bat!
    tery nvram rtc sr_mod ac sg firmware_class button processor cdrom
    unix usbcore evdev ext3 jbd ext2 mbcache loop ata_piix libata sd_mod
    scsi_mod
    Feb 16 23:41:33 alon1
    Feb 16 23:41:33 alon1 Pid: 4, comm: events/0 Tainted: P
    (2.6.24-gentoo-r2 #1)
    Feb 16 23:41:33 alon1 EIP: 0060:[<c01b2db6>] EFLAGS: 00010282 CPU: 0
    Feb 16 23:41:33 alon1 EIP is at sysfs_get_dentry+0x26/0x80
    Feb 16 23:41:33 alon1 EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX:
    f48a2210
    Feb 16 23:41:33 alon1 ESI: f72eb900 EDI: f4803ae0 EBP: f4803ae0 ESP:
    f7c49efc
    Feb 16 23:41:33 alon1 hcid[7004]: HCI dev 0 registered
    Feb 16 23:41:33 alon1 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
    Feb 16 23:41:33 alon1 Process events/0 (pid: 4, ti=f7c48000
    task=f7c3efc0 task.ti=f7c48000)
    Feb 16 23:41:33 alon1 Stack: f7cb6140 f4822668 f7e71e10 c01b304d
    ffffffff ffffffff fffffffe c030ba9c
    Feb 16 23:41:33 alon1 f7cb6140 f4822668 f6da6720 f7cb6140 f4822668
    f6da6720 c030ba8e c01ce20b
    Feb 16 23:41:33 alon1 f6e9dd00 c030ba8e f6da6720 f6e9dd00 f6e9dd00
    00000000 f4822600 00000000
    Feb 16 23:41:33 alon1 Call Trace:
    Feb 16 23:41:33 alon1 [<c01b304d>] sysfs_move_dir+0x3d/0x1f0
    Feb 16 23:41:33 alon1 [<c01ce20b>] kobject_move+0x9b/0x120
    Feb 16 23:41:33 alon1 [<c0241711>] device_move+0x51/0x110
    Feb 16 23:41:33 alon1 [<f9aaed80>] del_conn+0x0/0x70 [bluetooth]
    Feb 16 23:41:33 alon1 [<f9aaed99>] del_conn+0x19/0x70 [bluetooth]
    Feb 16 23:41:33 alon1 [<c012c1a1>] run_workqueue+0x81/0x140
    Feb 16 23:41:33 alon1 [<c02c0c88>] schedule+0x168/0x2e0
    Feb 16 23:41:33 alon1 [<c012fc70>] autoremove_wake_function+0x0/0x50
    Feb 16 23:41:33 alon1 [<c012c9cb>] worker_thread+0x9b/0xf0
    Feb 16 23:41:33 alon1 [<c012fc70>] autoremove_wake_function+0x0/0x50
    Feb 16 23:41:33 alon1 [<c012c930>] worker_thread+0x0/0xf0
    Feb 16 23:41:33 alon1 [<c012f962>] kthread+0x42/0x70
    Feb 16 23:41:33 alon1 [<c012f920>] kthread+0x0/0x70
    Feb 16 23:41:33 alon1 [<c0104c2f>] kernel_thread_helper+0x7/0x18
    Feb 16 23:41:33 alon1 =======================
    Feb 16 23:41:33 alon1 Code: 26 00 00 00 00 57 89 c7 a1 50 1b 3a c0
    56 53 8b 70 38 85 f6 74 08 8b 0e 85 c9 74 58 ff 06 8b 56 50 39 fa 74
    47 89 fb eb 02 89 c3 <8b> 43 08 39 c2 75 f7 8b 46 08 83 c0 68 e8 98
    e7 10 00 8b 43 10
    Feb 16 23:41:33 alon1 EIP: [<c01b2db6>] sysfs_get_dentry+0x26/0x80
    SS:ESP 0068:f7c49efc
    Feb 16 23:41:33 alon1 ---[ end trace aae864e9592acc1d ]---
    
    Defer hci_unregister_sysfs because hci device could be destructed
    while hci conn devices still there.
    
    Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
    Tested-by: Stefan Seyfried <seife@suse.de>
    Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Acked-by: Marcel Holtmann <marcel@holtmann.org>
    
    dsd@gentoo.org notes:
    
    This patch fixes http://bugs.gentoo.org/211179
    
    Cc: Daniel Drake <dsd@gentoo.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  20. @chriswright

    sis190: read the mac address from the eeprom first

    Francois Romieu authored chriswright committed
    upstream commit: 563e0ae
    
    Reading a serie of zero from the cmos sram area do not work
    well with is_valid_ether_addr(). Let's read the mac address
    from the eeprom first as it seems more reliable.
    
    Fix for http://bugzilla.kernel.org/show_bug.cgi?id=9831
    
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    
    dsd@gentoo.org notes:
    This patch fixes http://bugs.gentoo.org/207706
    
    Cc: Daniel Drake <dsd@gentoo.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  21. @htejun @chriswright

    libata: assume no device is attached if both IDENTIFYs are aborted

    htejun authored chriswright committed
    upstream commit: 1ffc151
    
    This is to fix bugzilla #10254.  QSI cdrom attached to pata_sis as
    secondary master appears as phantom device for the slave.
    Interestingly, instead of not setting DRQ after IDENTIFY which
    triggers NODEV_HINT, it aborts both IDENTIFY and IDENTIFY PACKET which
    makes EH retry.
    
    Modify EH such that it assumes no device is attached if both flavors
    of IDENTIFY are aborted by the device.  There really isn't much point
    in retrying when the device actively aborts the commands.
    
    While at it, convert NODEV detection message to ata_dev_printk() to
    help debugging obscure detection problems.
    
    This problem was reported by Jan Bücken.
    
    Signed-off-by: Tejun Heo <htejun@gmail.com>
    Cc: Jan Bücken <jb.faq@gmx.de>
    Acked-by: Alan Cox <alan@redhat.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    
    dsd@gentoo.org notes:
    
    This patch fixes http://bugs.gentoo.org/211369
    
    Cc: Daniel Drake <dsd@gentoo.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Something went wrong with that request. Please try again.