Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Dec 18, 2008
  1. @gregkh

    Linux 2.6.27.10

    gregkh authored
  2. @gregkh

    xilinx_hwicap: remove improper wording in license statement

    gregkh authored
    commit 09a35ce upstream.
    
    GPLv2 doesn't allow additional restrictions to be imposed on any
    code, so this wording needs to be removed from these files.
    
    Signed-off-by: Stephen Neuendorffer <stephen.neuendorffer@xilinx.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    setup_per_zone_pages_min(): take zone->lock instead of zone->lru_lock

    Gerald Schaefer authored gregkh committed
    commit 1125b4e upstream.
    
    This replaces zone->lru_lock in setup_per_zone_pages_min() with zone->lock.
    There seems to be no need for the lru_lock anymore, but there is a need for
    zone->lock instead, because that function may call move_freepages() via
    setup_zone_migrate_reserve().
    
    Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
    Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Tested-by: Yasunori Goto <y-goto@jp.fujitsu.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @gregkh

    V4L/DVB (9621): Avoid writing outside shadow.bytes[] array

    Mauro Carvalho Chehab authored gregkh committed
    commit 4942643 upstream.
    
    There were no check about the limits of shadow.bytes array. This offers
    a risk of writing values outside the limits, overriding other data
    areas.
    
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @fthain @gregkh

    macfb: Do not overflow fb_fix_screeninfo.id

    fthain authored gregkh committed
    commit 89c223a upstream.
    
    Don't overflow the 16-character fb_fix_screeninfo id string (fixes some
    console erasing and blanking artifacts). Have the ID default to "Unknown"
    on machines with no built-in video and no nubus devices. Check for
    fb_alloc_cmap failure.
    
    Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
    Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @gregkh

    b1isa: fix b1isa_exit() to really remove registered capi controllers

    Wilfried Klaebe authored gregkh committed
    commit 1c594c0 upstream.
    
    On "/etc/init.d/capiutils stop", this oops happened.
    
    The oops happens on reading /proc/capi/controllers because
    capi_ctrl->procinfo is called for the wrongly not unregistered
    controller, which points to b1isa_procinfo(), which was removed on
    module unload.
    
    b1isa_exit() did not call b1isa_remove() for its controllers because
    io[0] == 0 on module unload despite having been 0x340 on module load.
    
    Besides, just removing the controllers that where added on module
    load time and not those that were added later via b1isa_add_card() is
    wrong too - the place where all added cards are found is isa_dev[].
    
    relevant dmesg lines:
    
    [    0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008
    
    [   67.403555] CAPI Subsystem Rev 1.1.2.8
    [   68.529154] capifs: Rev 1.1.2.3
    [   68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs)
    [   77.026936] b1: revision 1.1.2.2
    [   77.049992] b1isa: revision 1.1.2.3
    [   77.722655] kcapi: Controller [001]: b1isa-340 attached
    [   77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255
    [   81.272669] b1isa-340: card 1 "B1" ready.
    [   81.272683] b1isa-340: card 1 Protocol: DSS1
    [   81.272689] b1isa-340: card 1 Linetype: point to multipoint
    [   81.272695] b1isa-340: B1-card (3.11-03) now active
    [   81.272702] kcapi: card [001] "b1isa-340" ready.
    
    [  153.721281] kcapi: card [001] down.
    [  154.151889] BUG: unable to handle kernel paging request at e87af000
    [  154.152081] IP: [<e87af000>]
    [  154.153292] *pde = 2655b067 *pte = 00000000
    [  154.153307] Oops: 0000 [#1]
    [  154.153360] Modules linked in: rfcomm l2cap ppdev lp ipt_MASQUERADE tun capi capifs kernelcapi ac battery nfsd exportfs nfs lockd nfs_acl sunrpc sit tunnel4 bridge stp llc ipt_REJECT ipt_LOG xt_tcpudp xt_state iptable_filter iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables nls_utf8 isofs nls_base zlib_inflate loop ipv6 netconsole snd_via82xx dvb_usb_dib0700 gameport dib7000p dib7000m dvb_usb snd_ac97_codec ac97_bus dvb_core mt2266 snd_pcm tuner_xc2028 dib3000mc dibx000_common mt2060 dib0070 snd_page_alloc snd_mpu401_uart snd_seq_midi snd_seq_midi_event btusb snd_rawmidi bluetooth snd_seq snd_timer snd_seq_device snd via686a i2c_viapro soundcore i2c_core parport_pc parport button dm_mirror dm_log dm_snapshot floppy sg ohci1394 uhci_hcd ehci_hcd 8139too mii ieee1394 usbcore sr_mod cdrom sd_mod thermal processor fan [last unloaded: b1]
    [  154.153360]
    [  154.153360] Pid: 4132, comm: capiinit Not tainted (2.6.27.4 #3)
    [  154.153360] EIP: 0060:[<e87af000>] EFLAGS: 00010286 CPU: 0
    [  154.153360] EIP is at 0xe87af000
    [  154.153360] EAX: e6b9ccc8 EBX: e6b9ccc8 ECX: e87a0c67 EDX: e87af000
    [  154.153360] ESI: e142bbc0 EDI: e87a56e0 EBP: e0505f0c ESP: e0505ee4
    [  154.153360]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
    [  154.153360] Process capiinit (pid: 4132, ti=e0504000 task=d1196cf0 task.ti=e0504000)
    [  154.153360] Stack: e879f650 00000246 e0505ef4 c01472eb e0505f0c 00000246 e7001780 fffffff4
    [  154.153360]        fffffff4 e142bbc0 e0505f48 c01a56c6 00000400 b805e000 d102dc80 e142bbe0
    [  154.153360]        00000000 e87a56e0 00000246 e12617ac 00000000 00000000 e1261760 fffffffb
    [  154.153360] Call Trace:
    [  154.153360]  [<e879f650>] ? controller_show+0x20/0x90 [kernelcapi]
    [  154.153360]  [<c01472eb>] ? trace_hardirqs_on+0xb/0x10
    [  154.153360]  [<c01a56c6>] ? seq_read+0x126/0x2f0
    [  154.153360]  [<c01a55a0>] ? seq_read+0x0/0x2f0
    [  154.153360]  [<c01c033c>] ? proc_reg_read+0x5c/0x90
    [  154.153360]  [<c0189919>] ? vfs_read+0x99/0x140
    [  154.153360]  [<c01c02e0>] ? proc_reg_read+0x0/0x90
    [  154.153360]  [<c0189a7d>] ? sys_read+0x3d/0x70
    [  154.153360]  [<c0103c3d>] ? sysenter_do_call+0x12/0x35
    [  154.153360]  =======================
    [  154.153360] Code:  Bad EIP value.
    [  154.153360] EIP: [<e87af000>] 0xe87af000 SS:ESP 0068:e0505ee4
    [  154.153360] ---[ end trace 23750b6c2862de94 ]---
    
    Signed-off-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Acked-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    SUNRPC: Fix a performance regression in the RPC authentication code

    Trond Myklebust authored gregkh committed
    commit 23918b0 upstream.
    
    Fix a regression reported by Max Kellermann whereby kernel profiling
    showed that his clients were spending 45% of their time in
    rpcauth_lookup_credcache.
    
    It turns out that although his processes had identical uid/gid/groups,
    generic_match() was failing to detect this, because the task->group_info
    pointers were not shared. This again lead to the creation of a huge number
    of identical credentials at the RPC layer.
    
    The regression is fixed by comparing the contents of task->group_info
    if the actual pointers are not identical.
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @gregkh

    ieee1394: add quirk fix for Freecom HDD

    Stefan Richter authored gregkh committed
    commit 25a41b2 upstream.
    
    According to http://bugzilla.kernel.org/show_bug.cgi?id=12206, Freecom
    FireWire Hard Drive 1TB reports max_rom=2 but returns garbage if block
    read requests are used to read the config ROM.  Force max_rom=0 to limit
    them to quadlet read requests.
    
    Reported-by: Christian Mueller <cm1@mumac.de>
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    firewire: fw-ohci: fix IOMMU resource exhaustion

    Stefan Richter authored gregkh committed
    commit 1d1dc5e upstream.
    
    There is a DMA map/ unmap imbalance whenever a block write request
    packet is sent and then dequeued with ohci_cancel_packet.  The latter
    may happen frequently if the AR resp tasklet is executed before the AT
    req tasklet for the same transaction.
    
    Add the missing dma_unmap_single.  This fixes
    https://bugzilla.redhat.com/show_bug.cgi?id=475156
    
    Reported-by: Emmanuel Kowalski
    Tested-by: Emmanuel Kowalski
    Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    key: fix setkey(8) policy set breakage

    Alexey Dobriyan authored gregkh committed
    commit 920da69 upstream.
    
    Steps to reproduce:
    
    	#/usr/sbin/setkey -f
    	flush;
    	spdflush;
    
    	add 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 "1234567890123456";
    	add 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc "123456789012123456789012";
    
    	spdadd 192.168.0.42 192.168.0.1 any -P out ipsec
    		esp/transport//require
    		ah/transport//require;
    
    setkey: invalid keymsg length
    
    Policy dump will bail out with the same message after that.
    
    -recv(4, "\2\16\0\0\32\0\3\0\0\0\0\0\37\r\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208
    +recv(4, "\2\16\0\0\36\0\3\0\0\0\0\0H\t\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208
    
    Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Cc: Kadianakis George <desnacked@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @jmberg @gregkh

    iwlagn: fix RX skb alignment

    jmberg authored gregkh committed
    commit 4018517 upstream.
    
    So I dug deeper into the DMA problems I had with iwlagn and a kind soul
    helped me in that he said something about pci-e alignment and mentioned
    the iwl_rx_allocate function to check for crossing 4KB boundaries. Since
    there's 8KB A-MPDU support, crossing 4k boundaries didn't seem like
    something the device would fail with, but when I looked into the
    function for a minute anyway I stumbled over this little gem:
    
    	BUG_ON(rxb->dma_addr & (~DMA_BIT_MASK(36) & 0xff));
    
    Clearly, that is a totally bogus check, one would hope the compiler
    removes it entirely. (Think about it)
    
    After fixing it, I obviously ran into it, nothing guarantees the
    alignment the way you want it,  because of the way skbs and their
    headroom are allocated. I won't explain that here nor double-check that
    I'm right, that goes beyond what most of the CC'ed people care about.
    
    So then I came up with the patch below, and so far my system has
    survived minutes with 64K pages, when it would previously fail in
    seconds. And I haven't seen a single instance of the TX bug either. But
    when you see the patch it'll be pretty obvious to you why.
    
    This should fix the following reported kernel bugs:
    
    http://bugzilla.kernel.org/show_bug.cgi?id=11596
    http://bugzilla.kernel.org/show_bug.cgi?id=11393
    http://bugzilla.kernel.org/show_bug.cgi?id=11983
    
    I haven't checked if there are any elsewhere, but I suppose RHBZ will
    have a few instances too...
    
    I'd like to ask anyone who is CC'ed (those are people I know ran into
    the bug) to try this patch.
    
    I am convinced that this patch is correct in spirit, but I haven't
    understood why, for example, there are so many unmap calls. I'm not
    entirely convinced that this is the only bug leading to the TX reply
    errors.
    
    Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @ib @gregkh

    console ASCII glyph 1:1 mapping

    ib authored gregkh committed
    commit 1c55f18 upstream.
    
    For the console, there is a 1:1 mapping of glyphs which cannot be found
    in the current font.  This seems to be meant as a kind of 'emergency
    fallback' for fonts without unicode mapping which otherwise would
    display nothing readable on the screen.
    
    At the moment it affects all chars for which no substitution character
    is defined.  In particular this means that for all chars (>= 128) where
    there is no iso88591-1/unicode character (e.g.  control character area)
    you'll get the very strange 1:1 mapping of the (cp437) graphics card
    glyphs.
    
    I'm pretty sure that the 1:1 mapping should only affect strict ASCII
    code characters, i.e.  chars < 128.
    
    The patch limits the mapping as it probably was meant anyway.
    
    Signed-off-by: Ingo Brueckl <ib@wupperonline.de>
    Acked-by: H. Peter Anvin <hpa@zytor.com>
    Cc: Egmont Koblinger <egmont@uhulinux.hu>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @ib @gregkh

    unicode table for cp437

    ib authored gregkh committed
    commit f75bc06 upstream.
    
    There is a major bug in the cp437 to unicode translation table.  Char
    0x7c is mapped to U+00a5 which is the Yen sign and wrong.  The right
    mapping is U+00a6 (broken bar).
    
    Furthermore, a mapping for U+00b4 (a widely used character) is missing
    even though easily possible.
    
    The patch fixes these, as well as it provides a few other useful
    mappings.
    
    The changes are as follows:
    
      0x0f (enhancement) enables a sort of currency symbol
      0x27 (bug) enables a sort of acute accent which is a widely used character
      0x44 (enhancement) enables a sort of icelandic capital letter eth
      0x7c (major bug) corrects mapping
      0xeb (enhancement) enables a sort of icelandic small letter eth
      0xee (enhancement) enables a sort of math 'element of'
    
    Signed-off-by: Ingo Brueckl <ib@wupperonline.de>
    Acked-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @gregkh

    net: eliminate warning from NETIF_F_UFO on bridge

    Stephen Hemminger authored gregkh committed
    Based on commit b63365a upstream, but
    drastically cut down for 2.6.27.y
    
    The bridge device always causes a warning because when it is first created
    it has the no checksum flag set along with all the segmentation/fragmentation
    offload bits.  The code in register_netdevice incorrectly checks for only
    hardware checksum bit and ignores no checksum bit.
    
    Similar code is already in 2.6.28:
       commit b63365a
       net: Fix disjunct computation of netdev features
    
    Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
    Cc: David Miller <davem@davemloft.net>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15. @gregkh

    iwlwifi: clean key table in iwl_clear_stations_table function

    Tomas Winkler authored gregkh committed
    commit 40a9a82 upstream.
    
    This patch cleans uCode key table bit map iwl_clear_stations_table
    since all stations are cleared also the key table must be.
    
    Since the keys are not removed properly on suspend by mac80211
    this may result in exhausting key table on resume leading
    to memory corruption during removal
    
    This patch also fixes a memory corruption problem reported in
    http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in
    http://bugzilla.kernel.org/show_bug.cgi?id=12040.
    
    When the key is removed a second time the offset is set to 255 - this
    index is not valid for the ucode_key_table and corrupts the eeprom pointer
    (which is 255 bits from ucode_key_table).
    
    Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
    Signed-off-by: Zhu Yi <yi.zhu@intel.com>
    Reported-by: Carlos R. Mafra <crmafra2@gmail.com>
    Reported-by: Lukas Hejtmanek <xhejtman@ics.muni.cz>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16. @gregkh

    can: omit received RTR frames for single ID filter lists

    Oliver Hartkopp authored gregkh committed
    commit f706644 upstream.
    
    Since commit d253eee the single CAN
    identifier filter lists handle only non-RTR CAN frames.
    
    So we need to omit the check of these filter lists when receiving RTR
    CAN frames.
    
    Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17. @gregkh

    can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter

    Oliver Hartkopp authored gregkh committed
    commit d253eee upstream.
    
    Due to a wrong safety check in af_can.c it was not possible to filter
    for SFF frames with a specific CAN identifier without getting the
    same selected CAN identifier from a received EFF frame also.
    
    This fix has a minimum (but user visible) impact on the CAN filter
    API and therefore the CAN version is set to a new date.
    
    Indeed the 'old' API is still working as-is. But when now setting
    CAN_(EFF|RTR)_FLAG in can_filter.can_mask you might get less traffic
    than before - but still the stuff that you expected to get for your
    defined filter ...
    
    Thanks to Kurt Van Dijck for pointing at this issue and for the review.
    
    Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
    Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @Jkirsher @gregkh

    e1000e: fix double release of mutex

    Jkirsher authored gregkh committed
    commit 30bb0e0 upstream.
    
    During a reset, releasing the swflag after it failed to be acquired would
    cause a double unlock of the mutex.  Instead, test whether acquisition of
    the swflag was successful and if not, do not release the swflag.  The reset
    must still be done to bring the device to a quiescent state.
    
    This resolves [BUG 12200] BUG: bad unlock balance detected! e1000e
    http://bugzilla.kernel.org/show_bug.cgi?id=12200
    
    Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @gregkh

    libata: fix Seagate NCQ+FLUSH blacklist

    Tejun Heo authored gregkh committed
    commit d10d491 upstream.
    
    Due to miscommunication, P/N was mistaken as firmware revision
    strings.  Update it.
    
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @manfred-colorfu @gregkh

    lib/idr.c: Fix bug introduced by RCU fix

    manfred-colorfu authored gregkh committed
    commit 711a49a upstream.
    
    The last patch to lib/idr.c caused a bug if idr_get_new_above() was
    called on an empty idr.
    
    Usually, nodes stay on the same layer.  New layers are added to the top
    of the tree.
    
    The exception is idr_get_new_above() on an empty tree: In this case, the
    new root node is first added on layer 0, then moved upwards.  p->layer
    was not updated.
    
    As usual: You shall never rely on the source code comments, they will
    only mislead you.
    
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @gregkh

    x86 Fix VMI crash on boot in 2.6.28-rc8

    Zachary Amsden authored gregkh committed
    commit ae8d04e upstream.
    
    VMI initialiation can relocate the fixmap, causing early_ioremap to
    malfunction if it is initialized before the relocation.  To fix this,
    VMI activation is split into two phases; the detection, which must
    happen before setting up ioremap, and the activation, which must happen
    after parsing early boot parameters.
    
    This fixes a crash on boot when VMI is enabled under VMware.
    
    Signed-off-by: Zachary Amsden <zach@vmware.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @torvalds @gregkh

    Revert "sched_clock: prevent scd->clock from moving backwards"

    torvalds authored gregkh committed
    commit ca7e716 upstream.
    
    This reverts commit 5b7dba4, which
    caused a regression in hibernate, reported by and bisected by Fabio
    Comolli.
    
    This revert fixes
    
     http://bugzilla.kernel.org/show_bug.cgi?id=12155
     http://bugzilla.kernel.org/show_bug.cgi?id=12149
    
    Bisected-by: Fabio Comolli <fabio.comolli@gmail.com>
    Requested-by: Rafael J. Wysocki <rjw@sisk.pl>
    Acked-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  23. @gregkh

    bonding: fix miimon failure counter

    Jay Vosburgh authored gregkh committed
    commit fba4acd upstream.
    
    During the rework of the mii monitor for:
    
      commit f0c76d6
      Author: Jay Vosburgh <fubar@us.ibm.com>
      Date:   Wed Jul 2 18:21:58 2008 -0700
    
        bonding: refactor mii monitor
    
    I left out the increment of the link failure counter.  This
    patch corrects that omission.
    
    Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24. @gregkh

    AMD IOMMU: enable device isolation per default

    Joerg Roedel authored gregkh committed
    commit 3ce1f93 upstream.
    
    Impact: makes device isolation the default for AMD IOMMU
    
    Some device drivers showed double-free bugs of DMA memory while testing
    them with AMD IOMMU. If all devices share the same protection domain
    this can lead to data corruption and data loss. Prevent this by putting
    each device into its own protection domain per default.
    
    Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Dec 13, 2008
  1. @gregkh

    Linux 2.6.27.9

    gregkh authored
  2. @gregkh

    ib700wdt.c - fix buffer_underflow bug

    Wim Van Sebroeck authored gregkh committed
    commit 7c2500f upstream.
    
    This fixes Bug 11399:
    if ibwdt_set_heartbeat(int t) is called with value 30 then
    the check "if ((t < 0) || (t > 30))" in ibwdt_set_heartbeat
    is not going to fail because t == 30, but in the loop, the
    check wd_times[i] > t is never going to be true because
    none of the wd_times are greater than the value of t (i.e. 30).
    So we are exiting the loop with i == -1 and therefore setting
    wd_margin to -1 which is wrong.
    
    Reported-by: Zvonimir Rakamaric <zrakamar@cs.ubc.ca>
    Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    applicom: Fix an unchecked user ioctl range and an error return

    Alan Cox authored gregkh committed
    commit a7be18d upstream.
    
    Closes bug #11408 by checking the card index range for command 0
    Fixes the ioctl to return ENOTTY which is correct for unknown ioctls
    
    Signed-off-by: Alan Cox <alan@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @dchinner @gregkh

    XFS: Fix hang after disallowed rename across directory quota domains

    dchinner authored gregkh committed
    commit 576a488 upstream.
    
    When project quota is active and is being used for directory tree
    quota control, we disallow rename outside the current directory
    tree. This requires a check to be made after all the inodes
    involved in the rename are locked. We fail to unlock the inodes
    correctly if we disallow the rename when the target is outside the
    current directory tree. This results in a hang on the next access
    to the inodes involved in failed rename.
    
    Reported-by: Arkadiusz Miskiewicz <arekm@maven.pl>
    Signed-off-by: Dave Chinner <david@fromorbit.com>
    Tested-by: Arkadiusz Miskiewicz <arekm@maven.pl>
    Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @gregkh

    powerpc: Use cpu_thread_in_core in smp_init for of_spin_map

    Milton Miller authored gregkh committed
    commit 6a75a6b upstream.
    
    We used to assume that even numbered threads were the primary
    threads, ie those that would be listed and started as a cpu from
    open firmware.  Replace a left over is even (% 2) check with a check
    for it being a primary thread and update the comments.
    
    Tested with a debug print on pseries, identical code found for cell.
    
    Signed-off-by: Milton Miller <miltonm@bga.com>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @gregkh

    pnp: make the resource type an unsigned long

    Rene Herman authored gregkh committed
    commit b563cf5 upstream.
    
    PnP encodes the resource type directly as its struct resource->flags value
    which is an unsigned long.  Make it so...
    
    Signed-off-by: Rene Herman <rene.herman@gmail.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
    Cc: Andi Kleen <andi@firstfloor.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Rafael J. Wysocki <rjw@sisk.pl>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    cifs: fix a regression in cifs umount codepath

    Jeff Layton authored gregkh committed
    backport of 469ee61 upstream.
    
    Several cifs patches were added to 2.6.27.8 to fix some races in the
    mount/umount codepath. When this was done, a couple of prerequisite
    patches were missed causing a minor regression.
    
    When the last cifs mount to a server goes away, the kthread that manages
    the socket is supposed to come down. The patches that went into 2.6.27.8
    removed the kthread_stop calls that used to take down these threads, but
    left the thread function expecting them. This made the thread stay up
    even after the last mount was gone.
    
    This patch should fix up this regression and also prevent a possible
    race where a dead task could be signalled.
    
    Signed-off-by: Jeff Layton <jlayton@redhat.com>
    Cc: Suresh Jayaraman <sjayaraman@suse.de>
    Acked-by: Steve French <smfrench@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @gregkh

    ACPI: delete OSI(Linux) DMI dmesg spam

    Len Brown authored gregkh committed
    In 2.6.28 a6e0887 removed this code
    because the linux-acpi community no longer needs the feedback
    that these console messages solicit.
    
    here in .stable, we apply a simpler version of that patch,
    but for the exact same reasons.
    
    Signed-off-by: Len Brown <len.brown@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    powerpc/virtex5: Fix Virtex5 machine check handling

    Grant Likely authored gregkh committed
    commit 640d17d upstream.
    
    The 440x5 core in the Virtex5 uses the 440A type machine check
    (ie, they have MCSRR0/MCSRR1). They thus need to call the
    appropriate fixup function to hook the right variant of the
    exception.
    
    Without this, all machine checks become fatal due to loss
    of context when entering the exception handler.
    
    Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
    Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    tracehook: exec double-reporting fix

    Roland McGrath authored gregkh committed
    commit 85f3346 upstream.
    
    The patch 6341c39 "tracehook: exec" introduced a small regression in
    2.6.27 regarding binfmt_misc exec event reporting.  Since the reporting
    is now done in the common search_binary_handler() function, an exec
    of a misc binary will result in two (or possibly multiple) exec events
    being reported, instead of just a single one, because the misc handler
    contains a recursive call to search_binary_handler.
    
    To add to the confusion, if PTRACE_O_TRACEEXEC is not active, the multiple
    SIGTRAP signals will in fact cause only a single ptrace intercept, as the
    signals are not queued.  However, if PTRACE_O_TRACEEXEC is on, the debugger
    will actually see multiple ptrace intercepts (PTRACE_EVENT_EXEC).
    
    The test program included below demonstrates the problem.
    
    This change fixes the bug by calling tracehook_report_exec() only in the
    outermost search_binary_handler() call (bprm->recursion_depth == 0).
    
    The additional change to restore bprm->recursion_depth after each binfmt
    load_binary call is actually superfluous for this bug, since we test the
    value saved on entry to search_binary_handler().  But it keeps the use of
    of the depth count to its most obvious expected meaning.  Depending on what
    binfmt handlers do in certain cases, there could have been false-positive
    tests for recursion limits before this change.
    
        /* Test program using PTRACE_O_TRACEEXEC.
           This forks and exec's the first argument with the rest of the arguments,
           while ptrace'ing.  It expects to see one PTRACE_EVENT_EXEC stop and
           then a successful exit, with no other signals or events in between.
    
           Test for kernel doing two PTRACE_EVENT_EXEC stops for a binfmt_misc exec:
    
           $ gcc -g traceexec.c -o traceexec
           $ sudo sh -c 'echo :test:M::foobar::/bin/cat: > /proc/sys/fs/binfmt_misc/register'
           $ echo 'foobar test' > ./foobar
           $ chmod +x ./foobar
           $ ./traceexec ./foobar; echo $?
           ==> good <==
           foobar test
           0
           $
           ==> bad <==
           foobar test
           unexpected status 0x4057f != 0
           3
           $
    
        */
    
        #include <stdio.h>
        #include <sys/types.h>
        #include <sys/wait.h>
        #include <sys/ptrace.h>
        #include <unistd.h>
        #include <signal.h>
        #include <stdlib.h>
    
        static void
        wait_for (pid_t child, int expect)
        {
          int status;
          pid_t p = wait (&status);
          if (p != child)
    	{
    	  perror ("wait");
    	  exit (2);
    	}
          if (status != expect)
    	{
    	  fprintf (stderr, "unexpected status %#x != %#x\n", status, expect);
    	  exit (3);
    	}
        }
    
        int
        main (int argc, char **argv)
        {
          pid_t child = fork ();
    
          if (child < 0)
    	{
    	  perror ("fork");
    	  return 127;
    	}
          else if (child == 0)
    	{
    	  ptrace (PTRACE_TRACEME);
    	  raise (SIGUSR1);
    	  execv (argv[1], &argv[1]);
    	  perror ("execve");
    	  _exit (127);
    	}
    
          wait_for (child, W_STOPCODE (SIGUSR1));
    
          if (ptrace (PTRACE_SETOPTIONS, child,
    		  0L, (void *) (long) PTRACE_O_TRACEEXEC) != 0)
    	{
    	  perror ("PTRACE_SETOPTIONS");
    	  return 4;
    	}
    
          if (ptrace (PTRACE_CONT, child, 0L, 0L) != 0)
    	{
    	  perror ("PTRACE_CONT");
    	  return 5;
    	}
    
          wait_for (child, W_STOPCODE (SIGTRAP | (PTRACE_EVENT_EXEC << 8)));
    
          if (ptrace (PTRACE_CONT, child, 0L, 0L) != 0)
    	{
    	  perror ("PTRACE_CONT");
    	  return 6;
    	}
    
          wait_for (child, W_EXITCODE (0, 0));
    
          return 0;
        }
    
    Reported-by: Arnd Bergmann <arnd@arndb.de>
    CC: Ulrich Weigand <ulrich.weigand@de.ibm.com>
    Signed-off-by: Roland McGrath <roland@redhat.com>
    Acked-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @kiryl @gregkh

    Allow recursion in binfmt_script and binfmt_misc

    kiryl authored gregkh committed
    commit bf2a9a3 upstream.
    
    binfmt_script and binfmt_misc disallow recursion to avoid stack overflow
    using sh_bang and misc_bang.  It causes problem in some cases:
    
    $ echo '#!/bin/ls' > /tmp/t0
    $ echo '#!/tmp/t0' > /tmp/t1
    $ echo '#!/tmp/t1' > /tmp/t2
    $ chmod +x /tmp/t*
    $ /tmp/t2
    zsh: exec format error: /tmp/t2
    
    Similar problem with binfmt_misc.
    
    This patch introduces field 'recursion_depth' into struct linux_binprm to
    track recursion level in binfmt_misc and binfmt_script.  If recursion
    level more then BINPRM_MAX_RECURSION it generates -ENOEXEC.
    
    [akpm@linux-foundation.org: make linux_binprm.recursion_depth a uint]
    Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.