Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jan 7, 2010
  1. @gregkh

    Linux 2.6.31.11

    gregkh authored
  2. @gregkh

    Revert "rt2x00: Disable powersaving for rt61pci and rt2800pci."

    gregkh authored
    This reverts commit f1850a5.
    
    It broke the build :(
    
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Jan 6, 2010
  1. @gregkh

    Linux 2.6.31.10

    gregkh authored
  2. @dmonakhov @gregkh

    ext4: fix sleep inside spinlock issue with quota and dealloc (#14739)

    dmonakhov authored gregkh committed
    commit 39bc680 upstream.
    
    Unlock i_block_reservation_lock before vfs_dq_reserve_block().
    This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=14739
    
    Cc: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @dmonakhov @gregkh

    ext4: Convert to generic reserved quota's space management.

    dmonakhov authored gregkh committed
    commit a9e7f44 upstream.
    
    This patch also fixes write vs chown race condition.
    
    Acked-by: "Theodore Ts'o" <tytso@mit.edu>
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @dmonakhov @gregkh

    quota: decouple fs reserved space from quota reservation

    dmonakhov authored gregkh committed
    commit fd8fbfc upstream.
    
    Currently inode_reservation is managed by fs itself and this
    reservation is transfered on dquot_transfer(). This means what
    inode_reservation must always be in sync with
    dquot->dq_dqb.dqb_rsvspace. Otherwise dquot_transfer() will result
    in incorrect quota(WARN_ON in dquot_claim_reserved_space() will be
    triggered)
    This is not easy because of complex locking order issues
    for example http://bugzilla.kernel.org/show_bug.cgi?id=14739
    
    The patch introduce quota reservation field for each fs-inode
    (fs specific inode is used in order to prevent bloating generic
    vfs inode). This reservation is managed by quota code internally
    similar to i_blocks/i_bytes and may not be always in sync with
    internal fs reservation.
    
    Also perform some code rearrangement:
    - Unify dquot_reserve_space() and dquot_reserve_space()
    - Unify dquot_release_reserved_space() and dquot_free_space()
    - Also this patch add missing warning update to release_rsv()
      dquot_release_reserved_space() must call flush_warnings() as
      dquot_free_space() does.
    
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @dmonakhov @gregkh

    Add unlocked version of inode_add_bytes() function

    dmonakhov authored gregkh committed
    commit b462707 upstream.
    
    Quota code requires unlocked version of this function. Off course
    we can just copy-paste the code, but copy-pasting is always an evil.
    
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @Codeblight @gregkh

    Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P

    Codeblight authored gregkh committed
    This patch is not upstream. Since 2.6.32, there is an interface in
    /sys for handling the force_release events from userspace, so such
    quirk patches are no longer accepted upstream now. But this patch is
    valid for version 2.6.31 downwards.
    
    OriginalAuthor:
        Moiseev Vladimir <cdb@linkycat.com>
        Alexander Huhlaev <sancheolz@gmail.com>
    
    BugLink: http://bugs.launchpad.net/bugs/253874
    
    Signed-off-by: Keng-Yu Lin <keng-yu.lin@canonical.com>
    Cc: Moiseev Vladimir <cdb@linkycat.com>
    Cc: Alexander Huhlaev <sancheolz@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    memcg: avoid oom-killing innocent task in case of use_hierarchy

    Daisuke Nishimura authored gregkh committed
    commit d31f56d upstream
    
    task_in_mem_cgroup(), which is called by select_bad_process() to check whether
    a task can be a candidate for being oom-killed from memcg's limit, checks
    "curr->use_hierarchy"("curr" is the mem_cgroup the task belongs to).
    
    But this check return true(it's false positive) when:
    
    	<some path>/00		use_hierarchy == 0	<- hitting limit
    	  <some path>/00/aa	use_hierarchy == 1	<- "curr"
    
    This leads to killing an innocent task in 00/aa. This patch is a fix for this
    bug. And this patch also fixes the arg for mem_cgroup_print_oom_info(). We
    should print information of mem_cgroup which the task being killed, not current,
    belongs to.
    
    Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
    Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Reviewed-by: Balbir Singh <balbir@linux.vnet.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @gregkh

    rt2x00: Disable powersaving for rt61pci and rt2800pci.

    Gertjan van Wingerde authored gregkh committed
    commit 93b6bd2 upstream.
    
    We've had many reports of rt61pci failures with powersaving enabled.
    Therefore, as a stop-gap measure, disable powersaving of the rt61pci
    until we have found a proper solution.
    Also disable powersaving on rt2800pci as it most probably will show
    the same problem.
    
    Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
    Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    generic_permission: MAY_OPEN is not write access

    Serge E. Hallyn authored gregkh committed
    commit 7ea6600 upstream.
    
    generic_permission was refusing CAP_DAC_READ_SEARCH-enabled
    processes from opening DAC-protected files read-only, because
    do_filp_open adds MAY_OPEN to the open mask.
    
    Ignore MAY_OPEN.  After this patch, CAP_DAC_READ_SEARCH is
    again sufficient to open(fname, O_RDONLY) on a file to which
    DAC otherwise refuses us read permission.
    
    Reported-by: Mike Kazantsev <mk.fraggod@gmail.com>
    Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
    Tested-by: Mike Kazantsev <mk.fraggod@gmail.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @janekr @gregkh

    XFS bug in log recover with quota (bugzilla id 855)

    janekr authored gregkh committed
    commit 8ec6dba upstream.
    
    Hi,
    I was hit by a bug in linux 2.6.31 when XFS is not able to recover the
    log after a crash if fs was mounted with quotas. Gory details in XFS
    bugzilla: http://oss.sgi.com/bugzilla/show_bug.cgi?id=855.
    
    It looks like wrong struct is used in buffer length check, and the following
    patch should fix the problem.
    
    xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes
    long, and this is exactly what I see in system logs - "XFS: dquot too small
    (104) in xlog_recover_do_dquot_trans."
    
    Signed-off-by: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alex Elder <aelder@sgi.com>
    Cc: Simon Kirby <sim@hostway.ca>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @torvalds @gregkh

    x86/ptrace: make genregs[32]_get/set more robust

    torvalds authored gregkh committed
    commit 04a1e62 upstream.
    
    The loop condition is fragile: we compare an unsigned value to zero, and
    then decrement it by something larger than one in the loop.  All the
    callers should be passing in appropriately aligned buffer lengths, but
    it's better to just not rely on it, and have some appropriate defensive
    loop limits.
    
    Acked-by: Roland McGrath <roland@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @error27 @gregkh

    V4L/DVB (13596): ov511.c typo: lock => unlock

    error27 authored gregkh committed
    commit 50e9d31 upstream.
    
    This was found with a static checker and has not been tested, but it seems
    pretty clear that the mutex_lock() was supposed to be mutex_unlock()
    
    Signed-off-by: Dan Carpenter <error27@gmail.com>
    Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Cc: Brandon Philips <brandon@ifup.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @jankara @gregkh

    udf: Try harder when looking for VAT inode

    jankara authored gregkh committed
    commit e971b0b upstream.
    
    Some disks do not contain VAT inode in the last recorded block as required
    by the standard but a few blocks earlier (or the number of recorded blocks
    is wrong). So look for the VAT inode a bit before the end of the media.
    
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @gregkh

    S390: dasd: support DIAG access for read-only devices

    Stefan Weinhuber authored gregkh committed
    commit 22825ab upstream.
    
    When a DASD device is used with the DIAG discipline, the DIAG
    initialization will indicate success or error with a respective
    return code. So far we have interpreted a return code of 4 as error,
    but it actually means that the initialization was successful, but
    the device is read-only. To allow read-only devices to be used with
    DIAG we need to accept a return code of 4 as success.
    
    Re-initialization of the DIAG access is also part of the DIAG error
    recovery. If we find that the access mode of a device has been
    changed from writable to read-only while the device was in use,
    we print an error message.
    
    Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
    Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Cc: Stephen Powell <zlinuxman@wowway.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15. @kaber @gregkh

    ipv6: reassembly: use seperate reassembly queues for conntrack and lo…

    kaber authored gregkh committed
    …cal delivery
    
    commit 0b5ccb2 upstream.
    
    Currently the same reassembly queue might be used for packets reassembled
    by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
    as well as local delivery. This can cause "packet jumps" when the fragment
    completing a reassembled packet is queued from a different position in the
    stack than the previous ones.
    
    Add a "user" identifier to the reassembly queue key to seperate the queues
    of each caller, similar to what we do for IPv4.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16. @gregkh

    i2c/tsl2550: Fix lux value in extended mode

    Michele Jr De Candia authored gregkh committed
    commit 5f5bfb0 upstream.
    
    According to the TAOS Application Note 'Controlling a Backlight with
    the TSL2550 Ambient Light Sensor' (page 14), the actual lux value in
    extended mode should be obtained multiplying the calculated lux value
    by 5.
    
    Signed-off-by: Michele Jr De Candia <michele.decandia@valueteam.com>
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17. @gregkh

    hwmon: (sht15) Off-by-one error in array index + incorrect constants

    Jonathan Cameron authored gregkh committed
    commit 4235f68 upstream.
    
    Fix an off-by-one error in array index + incorrect constants.
    
    Signed-off-by: Christoph Walser <walser@tik.ee.ethz.ch>
    Signed-off-by: Jonathan Cameron <jic23@cam.ac.uk>
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @RoelKluin @gregkh

    hwmon: (fschmd) Fix check on unsigned in watchdog_write()

    RoelKluin authored gregkh committed
    commit c7702c3 upstream.
    
    If unsigned the watchdog_trigger() return value will not be
    checked correctly.
    
    Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
    Acked-by: Andrew Morton <akpm@linux-foundation.org>
    Cc: Hans de Goede <hdegoede@redhat.com>
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @martin-decky @gregkh

    hostap: Revert a toxic part of the conversion to net_device_ops

    martin-decky authored gregkh committed
    commit e484c16 upstream.
    
    As the hostap driver was converted to use net_device_ops, a mistake was
    made in hostap_main.c (commit 5ae4efb).
    Originally, the tx_queue_len was set to 0 for every other interface than
    HOSTAP_INTERFACE_MASTER, but the new fragment of code sets tx_queue_len to
    0 only for HOSTAP_INTERFACE_MASTER. The opposite of the previous
    behavior makes the driver to drop all packets in AP mode.
    
    Change the way 0 is assigned to tx_queue_len according to the original
    logic.
    
    Signed-off-by: Martin Decky <martin@decky.cz>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @gregkh

    e100: Fix broken cbs accounting due to missing memset.

    Roger Oksanen authored gregkh committed
    commit 70abc8c upstream.
    
    Alan Stern noticed that e100 caused slab corruption.
    commit 98468ef changed
    the allocation of cbs to use dma pools that don't return zeroed memory,
    especially the cb->status field used to track which cb to clean, causing
    (the visible) double freeing of skbs and a wrong free cbs count.
    
    Now the cbs are explicitly zeroed at allocation time.
    
    Reported-by: Alan Stern <stern@rowland.harvard.edu>
    Tested-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
    Acked-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @gregkh

    e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocatio…

    Roger Oksanen authored gregkh committed
    …n failure
    
    commit 98468ef upstream.
    
    pci_alloc_consistent uses GFP_ATOMIC allocation that may fail on some systems
    with limited memory (Bug #14265). pci_pool_alloc allows waiting with
    GFP_KERNEL.
    
    Tested-by: Karol Lewandowski <karol.k.lewandowski@gmail.com>
    Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @gregkh

    x86, cpuid: Add "volatile" to asm in native_cpuid()

    Suresh Siddha authored gregkh committed
    commit 45a94d7 upstream.
    
    xsave_cntxt_init() does something like:
    
    	cpuid(0xd, ..);	// find out what features FP/SSE/.. etc are supported
    
    	xsetbv();	// enable the features known to OS
    
    	cpuid(0xd, ..);	// find out the size of the context for features enabled
    
    Depending on what features get enabled in xsetbv(), value of the
    cpuid.eax=0xd.ecx=0.ebx changes correspondingly (representing the
    size of the context that is enabled).
    
    As we don't have volatile keyword for native_cpuid(), gcc 4.1.2
    optimizes away the second cpuid and the kernel continues to use
    the cpuid information obtained before xsetbv(), ultimately leading to kernel
    crash on processors supporting more state than the legacy FP/SSE.
    
    Add "volatile" for native_cpuid().
    
    Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
    LKML-Reference: <1261009542.2745.55.camel@sbs-t61.sc.intel.com>
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  23. @donnykurnia @gregkh

    USB: option: support hi speed for modem Haier CE100

    donnykurnia authored gregkh committed
    commit c983202 upstream.
    
    I made this patch for usbserial driver to add the support for EVDO modem
    Haier CE100. The bugs report for this is here:
    https://bugs.launchpad.net/ubuntu/+source/linux/+bug/490068
    
    This patch based on these post:
    http://blankblondtank.wordpress.com/2009/09/04/mengoptimalkan-koneksi-modem-haier-ce-100-cdma-di-linux/
    http://tantos.web.id/blogs/how-to-internet-connection-using-cdma-evdo-modem-and-karmic-koala-ubuntu-9-10
    
    I hope this patch can help other that have the Haier C100 modem, mostly in my country, Indonesia.
    
    Signed-off-by: Donny Kurnia <donnykurnia@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24. @gregkh

    USB: musb: gadget_ep0: avoid SetupEnd interrupt

    Sergei Shtylyov authored gregkh committed
    commit 17be5c5 upstream.
    
    Gadget stalling a zero-length SETUP request results in this error message:
    
    SetupEnd came in a wrong ep0stage idle
    
    In order to avoid it, always set the CSR0.DataEnd bit after detecting a zero-
    length request.  Add the missing '\n' to the error message itself as well...
    
    Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Acked-by: Anand Gadiyar <gadiyar@ti.com>
    Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  25. @panchoh @gregkh

    USB: Fix a bug on appledisplay.c regarding signedness

    panchoh authored gregkh committed
    commit 37e9066 upstream.
    
    brightness status is reported by the Apple Cinema Displays as an
    'unsigned char' (u8) value, but the code used 'char' instead.
    
    Note that he driver was developed on the PowerPC architecture,
    where the two types are synonymous, which is not always the case.
    
    Fixed that.  Otherwise the driver will interpret brightness
    levels > 127 as negative, and fail to load.
    
    Signed-off-by: pancho horrillo <pancho@pancho.name>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  26. @cladisch @gregkh

    USB: emi62: fix crash when trying to load EMI 6|2 firmware

    cladisch authored gregkh committed
    commit ac06c06 upstream.
    
    While converting emi62 to use request_firmware(), the driver was also
    changed to use the ihex helper functions.  However, this broke the loading
    of the FPGA firmware because the code tries to access the addr field of
    the EOF record which works with a plain array that has an empty last
    record but not with the ihex helper functions where the end of the data is
    signaled with a NULL record pointer, resulting in:
    
    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]
    
    This can be fixed by changing the loop condition to test the return value
    of ihex_next_binrec() directly (like in emi26.c).
    
    Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
    Reported-and-tested-by: Der Mickster <retroeffective@gmail.com>
    Acked-by: David Woodhouse <David.Woodhouse@intel.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  27. @cladisch @gregkh

    sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer

    cladisch authored gregkh committed
    commit 3e85fd6 upstream.
    
    When allocating the PCM buffer, use vmalloc_user() instead of vmalloc().
    Otherwise, it would be possible for applications to play the previous
    contents of the kernel memory to the speakers, or to read it directly if
    the buffer is exported to userspace.
    
    Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  28. @mikechristie @gregkh

    SCSI: fc class: fix fc_transport_init error handling

    mikechristie authored gregkh committed
    commit 48de68a upstream.
    
    If transport_class_register fails we should unregister any
    registered classes, or we will leak memory or other
    resources.
    
    I did a quick modprobe of scsi_transport_fc to test the
    patch.
    
    Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
    Signed-off-by: James Bottomley <James.Bottomley@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  29. @gregkh

    pata_hpt3x2n: fix clock turnaround

    Sergei Shtylyov authored gregkh committed
    commit 256ace9 upstream.
    
    The clock turnaround code still doesn't work for several reasons:
    
    - 'USE_DPLL' flag in 'ap->host->private_data' is never initialized
      or updated, so the driver can only set the chip to the DPLL clock
      mode, not the PCI mode;
    
    - the driver doesn't serialize access to the channels depending on
      the current clock mode like the vendor drivers, so the clock
      turnaround is only executed "optionally", not always as it should be;
    
    - the wrong ports are written to when hpt3x2n_set_clock() is called
      for the secondary channel;
    
    - hpt3x2n_set_clock() can inadvertently enable the disabled channels
      when resetting the channel state machines.
    
    Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  30. @bzolnier @gregkh

    pata_cmd64x: fix overclocking of UDMA0-2 modes

    bzolnier authored gregkh committed
    commit 509426b upstream.
    
    adev->dma_mode stores the transfer mode value not UDMA mode number
    so the condition in cmd64x_set_dmamode() is always true and the higher
    UDMA clock is always selected.  This can potentially result in data
    corruption when UDMA33 device is used, when 40-wire cable is used or
    when the error recovery code decides to lower the device speed down.
    
    The issue was introduced in the commit 6a40da0 ("libata cmd64x: whack
    into a shape that looks like the documentation") which goes back to
    kernel 2.6.20.
    
    Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  31. @neilbrown @gregkh

    md: Fix unfortunate interaction with evms

    neilbrown authored gregkh committed
    commit cbd1998 upstream.
    
    evms configures md arrays by:
      open device
      send ioctl
      close device
    
    for each different ioctl needed.
    Since 2.6.29, the device can disappear after the 'close'
    unless a significant configuration has happened to the device.
    The change made by "SET_ARRAY_INFO" can too minor to stop the device
    from disappearing, but important enough that losing the change is bad.
    
    So: make sure SET_ARRAY_INFO sets mddev->ctime, and keep the device
    active as long as ctime is non-zero (it gets zeroed with lots of other
    things when the array is stopped).
    
    This is suitable for -stable kernels since 2.6.29.
    
    Signed-off-by: NeilBrown <neilb@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  32. @zonque @gregkh

    Libertas: fix buffer overflow in lbs_get_essid()

    zonque authored gregkh committed
    commit 45b2416 upstream.
    
    The libertas driver copies the SSID buffer back to the wireless core and
    appends a trailing NULL character for termination. This is
    
    a) unnecessary because the buffer is allocated with kzalloc and is hence
       already NULLed when this function is called, and
    
    b) for priv->curbssparams.ssid_len == 32, it writes back one byte too
       much which causes memory corruptions.
    
    Fix this by removing the extra write.
    
    Signed-off-by: Daniel Mack <daniel@caiaq.de>
    Cc: Stephen Hemminger <shemminger@vyatta.com>
    Cc: Maithili Hinge <maithili@marvell.com>
    Cc: Kiran Divekar <dkiran@marvell.com>
    Cc: Michael Hirsch <m.hirsch@raumfeld.com>
    Cc: netdev@vger.kernel.org
    Cc: libertas-dev@lists.infradead.org
    Cc: linux-wireless@lists.infradead.org
    Acked-by: Holger Schurig <holgerschurig@gmail.com>
    Acked-by: Dan Williams <dcbw@redhat.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  33. @JuliaLawall @gregkh

    drivers/net/usb: Correct code taking the size of a pointer

    JuliaLawall authored gregkh committed
    commit 6057912 upstream.
    
    sizeof(dev->dev_addr) is the size of a pointer.  A few lines above, the
    size of this field is obtained using netdev->addr_len for a call to memcpy,
    so do the same here.
    
    A simplified version of the semantic patch that finds this problem is as
    follows: (http://coccinelle.lip6.fr/)
    
    // <smpl>
    @@
    expression *x;
    expression f;
    type T;
    @@
    
    *f(...,(T)x,...)
    // </smpl>
    
    Signed-off-by: Julia Lawall <julia@diku.dk>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.