Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jul 5, 2010
  1. @gregkh

    Linux 2.6.31.14

    gregkh authored
  2. @avagin @gregkh

    posix_timer: Fix error path in timer_create

    avagin authored gregkh committed
    commit 45e0fff upstream.
    
    Move CLOCK_DISPATCH(which_clock, timer_create, (new_timer)) after all
    posible EFAULT erros.
    
    *_timer_create may allocate/get resources.
    (for example posix_cpu_timer_create does get_task_struct)
    
    [ tglx: fold the remove crappy comment patch into this ]
    
    Signed-off-by: Andrey Vagin <avagin@openvz.org>
    Cc: Oleg Nesterov <oleg@tv-sign.ru>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @jeffmahoney @gregkh

    reiserfs: fix corruption during shrinking of xattrs

    jeffmahoney authored gregkh committed
    commit fb2162d upstream.
    
    Commit 48b32a3 ("reiserfs: use generic
    xattr handlers") introduced a problem that causes corruption when extended
    attributes are replaced with a smaller value.
    
    The issue is that the reiserfs_setattr to shrink the xattr file was moved
    from before the write to after the write.
    
    The root issue has always been in the reiserfs xattr code, but was papered
    over by the fact that in the shrink case, the file would just be expanded
    again while the xattr was written.
    
    The end result is that the last 8 bytes of xattr data are lost.
    
    This patch fixes it to use new_size.
    
    Addresses https://bugzilla.kernel.org/show_bug.cgi?id=14826
    
    Signed-off-by: Jeff Mahoney <jeffm@suse.com>
    Reported-by: Christian Kujau <lists@nerdbynature.de>
    Tested-by: Christian Kujau <lists@nerdbynature.de>
    Cc: Edward Shishkin <edward.shishkin@gmail.com>
    Cc: Jethro Beekman <kernel@jbeekman.nl>
    Cc: Greg Surbey <gregsurbey@hotmail.com>
    Cc: Marco Gatti <marco.gatti@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @jeffmahoney @gregkh

    reiserfs: fix permissions on .reiserfs_priv

    jeffmahoney authored gregkh committed
    commit cac36f7 upstream.
    
    Commit 677c9b2 ("reiserfs: remove
    privroot hiding in lookup") removed the magic from the lookup code to hide
    the .reiserfs_priv directory since it was getting loaded at mount-time
    instead.  The intent was that the entry would be hidden from the user via
    a poisoned d_compare, but this was faulty.
    
    This introduced a security issue where unprivileged users could access and
    modify extended attributes or ACLs belonging to other users, including
    root.
    
    This patch resolves the issue by properly hiding .reiserfs_priv.  This was
    the intent of the xattr poisoning code, but it appears to have never
    worked as expected.  This is fixed by using d_revalidate instead of
    d_compare.
    
    This patch makes -oexpose_privroot a no-op.  I'm fine leaving it this way.
    The effort involved in working out the corner cases wrt permissions and
    caching outweigh the benefit of the feature.
    
    Signed-off-by: Jeff Mahoney <jeffm@suse.com>
    Acked-by: Edward Shishkin <edward.shishkin@gmail.com>
    Reported-by: Matt McCutchen <matt@mattmccutchen.net>
    Tested-by: Matt McCutchen <matt@mattmccutchen.net>
    Cc: Frederic Weisbecker <fweisbec@gmail.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @error27 @gregkh

    ALSA: mixart: range checking proc file

    error27 authored gregkh committed
    commit b0cc58a upstream.
    
    The original code doesn't take into consideration that the value of
    MIXART_BA0_SIZE - pos can be less than zero which would lead to a large
    unsigned value for "count".
    
    Also I moved the check that read size is a multiple of 4 bytes below
    the code that adjusts "count".
    
    Signed-off-by: Dan Carpenter <error27@gmail.com>
    Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commits on Apr 1, 2010
  1. @gregkh

    Linux 2.6.31.13

    gregkh authored
  2. @gregkh

    hwmon: (coretemp) Add missing newline to dev_warn() message

    Dean Nelson authored gregkh committed
    commit 4d7a564 upstream.
    
    Add missing newline to dev_warn() message string. This is more of an issue
    with older kernels that don't automatically add a newline if it was missing
    from the end of the previous line.
    
    Signed-off-by: Dean Nelson <dnelson@redhat.com>
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @gregkh

    x86: Fix placement of FIX_OHCI1394_BASE

    Jan Beulich authored gregkh committed
    commit ff30a05 upstream.
    
    Ever for 32-bit with sufficiently high NR_CPUS, and starting
    with commit 789d03f also for
    64-bit, the statically allocated early fixmap page tables were
    not covering FIX_OHCI1394_BASE, leading to a boot time crash
    when "ohci1394_dma=early" was used. Despite this entry not being
    a permanently used one, it needs to be moved into the permanent
    range since it has to be close to FIX_DBGP_BASE and
    FIX_EARLYCON_MEM_BASE.
    
    Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
    Fixes-bug: http://bugzilla.kernel.org/show_bug.cgi?id=14487
    Signed-off-by: Jan Beulich <jbeulich@novell.com>
    LKML-Reference: <4B9E15D30200007800034D23@vpn.id2.novell.com>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @gregkh

    USB: fix usbfs regression

    Alan Stern authored gregkh committed
    commit 7152b59 upstream.
    
    This patch (as1352) fixes a bug in the way isochronous input data is
    returned to userspace for usbfs transfers.  The entire buffer must be
    copied, not just the first actual_length bytes, because the individual
    packets will be discontiguous if any of them are short.
    
    Reported-by: Markus Rechberger <mrechberger@gmail.com>
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @kosaki @gregkh

    doc: add the documentation for mpol=local

    kosaki authored gregkh committed
    commit 5574169 upstream.
    
    commit 3f226aa (mempolicy: support mpol=local tmpfs mount option) added
    new mpol=local mount option.  but it didn't add a documentation.
    
    This patch does it.
    
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Ravikiran Thirumalai <kiran@scalex86.org>
    Cc: Christoph Lameter <cl@linux-foundation.org>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @kosaki @gregkh

    tmpfs: cleanup mpol_parse_str()

    kosaki authored gregkh committed
    commit 926f2ae upstream.
    
    mpol_parse_str() made lots 'err' variable related bug.  Because it is ugly
    and reviewing unfriendly.
    
    This patch simplifies it.
    
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Ravikiran Thirumalai <kiran@scalex86.org>
    Cc: Christoph Lameter <cl@linux-foundation.org>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @kosaki @gregkh

    tmpfs: handle MPOL_LOCAL mount option properly

    kosaki authored gregkh committed
    commit 12821f5 upstream.
    
    commit 71fe804 (mempolicy: use struct mempolicy pointer in
    shmem_sb_info) added mpol=local mount option.  but its feature is broken
    since it was born.  because such code always return 1 (i.e.  mount
    failure).
    
    This patch fixes it.
    
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Ravikiran Thirumalai <kiran@scalex86.org>
    Cc: Christoph Lameter <cl@linux-foundation.org>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @kosaki @gregkh

    tmpfs: mpol=bind:0 don't cause mount error.

    kosaki authored gregkh committed
    commit d69b2e6 upstream.
    
    Currently, following mount operation cause mount error.
    
    % mount -t tmpfs -ompol=bind:0 none /tmp
    
    Because commit 71fe804 (mempolicy: use struct mempolicy pointer in
    shmem_sb_info) corrupted MPOL_BIND parse code.
    
    This patch restore the needed one.
    
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Ravikiran Thirumalai <kiran@scalex86.org>
    Cc: Christoph Lameter <cl@linux-foundation.org>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    tmpfs: fix oops on mounts with mpol=default

    Ravikiran G Thirumalai authored gregkh committed
    commit 413b43d upstream.
    
    Fix an 'oops' when a tmpfs mount point is mounted with the mpol=default
    mempolicy.
    
    Upon remounting a tmpfs mount point with 'mpol=default' option, the mount
    code crashed with a null pointer dereference.  The initial problem report
    was on 2.6.27, but the problem exists in mainline 2.6.34-rc as well.  On
    examining the code, we see that mpol_new returns NULL if default mempolicy
    was requested.  This 'NULL' mempolicy is accessed to store the node mask
    resulting in oops.
    
    The following patch fixes it.
    
    Signed-off-by: Ravikiran Thirumalai <kiran@scalex86.org>
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Christoph Lameter <cl@linux-foundation.org>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()

    Francesco Lavra authored gregkh committed
    commit 19f48cb upstream.
    
    this patch fixes a memory leak which occurs when an em28xx card with DVB
    extension is unplugged or its DVB extension driver is unloaded. In
    dvb_fini(), dev->dvb must be freed before being set to NULL, as is done
    in dvb_init() in case of error.
    Note that this bug is also present in the latest stable kernel release.
    
    Signed-off-by: Francesco Lavra <francescolavra@interfree.it>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @gregkh

    coredump: suppress uid comparison test if core output files are pipes

    Neil Horman authored gregkh committed
    commit 76595f7 upstream.
    
    Modify uid check in do_coredump so as to not apply it in the case of
    pipes.
    
    This just got noticed in testing.  The end of do_coredump validates the
    uid of the inode for the created file against the uid of the crashing
    process to ensure that no one can pre-create a core file with different
    ownership and grab the information contained in the core when they
    shouldn' tbe able to.  This causes failures when using pipes for a core
    dumps if the crashing process is not root, which is the uid of the pipe
    when it is created.
    
    The fix is simple.  Since the check for matching uid's isn't relevant for
    pipes (a process can't create a pipe that the uermodehelper code will open
    anyway), we can just just skip it in the event ispipe is non-zero
    
    Reverts a pipe-affecting change which was accidentally made in
    
    : commit c46f739
    : Author:     Ingo Molnar <mingo@elte.hu>
    : AuthorDate: Wed Nov 28 13:59:18 2007 +0100
    : Commit:     Linus Torvalds <torvalds@woody.linux-foundation.org>
    : CommitDate: Wed Nov 28 10:58:01 2007 -0800
    :
    :     vfs: coredumping fix
    
    Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
    Cc: Andi Kleen <andi@firstfloor.org>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: maximilian attems <max@stro.at>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @andreas-schwab @gregkh

    powerpc: TIF_ABI_PENDING bit removal

    andreas-schwab authored gregkh committed
    commit 94f28da upstream.
    
    Here are the powerpc bits to remove TIF_ABI_PENDING now that
    set_personality() is called at the appropriate place in exec.
    
    Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  13. @torvalds @gregkh

    Fix 'flush_old_exec()/setup_new_exec()' split

    torvalds authored gregkh committed
    commit 7ab02af upstream.
    
    Commit 221af7f ("Split 'flush_old_exec' into two functions") split
    the function at the point of no return - ie right where there were no
    more error cases to check.  That made sense from a technical standpoint,
    but when we then also combined it with the actual personality setting
    going in between flush_old_exec() and setup_new_exec(), it needs to be a
    bit more careful.
    
    In particular, we need to make sure that we really flush the old
    personality bits in the 'flush' stage, rather than later in the 'setup'
    stage, since otherwise we might be flushing the _new_ personality state
    that we're just setting up.
    
    So this moves the flags and personality flushing (and 'flush_thread()',
    which is the arch-specific function that generally resets lazy FP state
    etc) of the old process into flush_old_exec(), so that it doesn't affect
    any state that execve() is setting up for the new process environment.
    
    This was reported by Michal Simek as breaking his Microblaze qemu
    environment.
    
    Reported-and-tested-by: Michal Simek <michal.simek@petalogix.com>
    Cc: Peter Anvin <hpa@zytor.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  14. @gregkh

    x86: get rid of the insane TIF_ABI_PENDING bit

    H. Peter Anvin authored gregkh committed
    commit 05d43ed upstream.
    
    Now that the previous commit made it possible to do the personality
    setting at the point of no return, we do just that for ELF binaries.
    And suddenly all the reasons for that insane TIF_ABI_PENDING bit go
    away, and we can just make SET_PERSONALITY() just do the obvious thing
    for a 32-bit compat process.
    
    Everything becomes much more straightforward this way.
    
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  15. @davem330 @gregkh

    sparc: TIF_ABI_PENDING bit removal

    davem330 authored gregkh committed
    commit 94673e9 upstream.
    
    Here are the sparc bits to remove TIF_ABI_PENDING now that
    set_personality() is called at the appropriate place in exec.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  16. @torvalds @gregkh

    Split 'flush_old_exec' into two functions

    torvalds authored gregkh committed
    commit 221af7f upstream.
    
    'flush_old_exec()' is the point of no return when doing an execve(), and
    it is pretty badly misnamed.  It doesn't just flush the old executable
    environment, it also starts up the new one.
    
    Which is very inconvenient for things like setting up the new
    personality, because we want the new personality to affect the starting
    of the new environment, but at the same time we do _not_ want the new
    personality to take effect if flushing the old one fails.
    
    As a result, the x86-64 '32-bit' personality is actually done using this
    insane "I'm going to change the ABI, but I haven't done it yet" bit
    (TIF_ABI_PENDING), with SET_PERSONALITY() not actually setting the
    personality, but just the "pending" bit, so that "flush_thread()" can do
    the actual personality magic.
    
    This patch in no way changes any of that insanity, but it does split the
    'flush_old_exec()' function up into a preparatory part that can fail
    (still called flush_old_exec()), and a new part that will actually set
    up the new exec environment (setup_new_exec()).  All callers are changed
    to trivially comply with the new world order.
    
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  17. @gregkh

    x86, ia32_aout: do not kill argument mapping

    Jiri Slaby authored gregkh committed
    commit 318f6b2 upstream.
    
    Do not set current->mm->mmap to NULL in 32-bit emulation on 64-bit
    load_aout_binary after flush_old_exec as it would destroy already
    set brpm mapping with arguments.
    
    Introduced by b6a2fea
    mm: variable length argument support
    where the argument mapping in bprm was added.
    
    [ hpa: this is a regression from 2.6.22... time to kill a.out? ]
    
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>
    LKML-Reference: <1265831716-7668-1-git-send-email-jslaby@suse.cz>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ollie Wild <aaw@google.com>
    Cc: x86@kernel.org
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @gregkh

    x86: Fix SCI on IOAPIC != 0

    Yinghai Lu authored gregkh committed
    commit 18dce6b upstream.
    
    Thomas Renninger <trenn@suse.de> reported on IBM x3330
    
    booting a latest kernel on this machine results in:
    
    PCI: PCI BIOS revision 2.10 entry at 0xfd61c, last bus=1
    PCI: Using configuration type 1 for base access bio: create slab <bio-0> at 0
    ACPI: SCI (IRQ30) allocation failed
    ACPI Exception: AE_NOT_ACQUIRED, Unable to install System Control Interrupt handler (20090903/evevent-161)
    ACPI: Unable to start the ACPI Interpreter
    
    Later all kind of devices fail...
    
    and bisect it down to this commit:
    commit b9c61b7
    
        x86/pci: update pirq_enable_irq() to setup io apic routing
    
    it turns out we need to set irq routing for the sci on ioapic1 early.
    
    -v2: make it work without sparseirq too.
    -v3: fix checkpatch.pl warning, and cc to stable
    
    Reported-by: Thomas Renninger <trenn@suse.de>
    Bisected-by: Thomas Renninger <trenn@suse.de>
    Tested-by: Thomas Renninger <trenn@suse.de>
    Signed-off-by: Yinghai Lu <yinghai@kernel.org>
    LKML-Reference: <1265793639-15071-2-git-send-email-yinghai@kernel.org>
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @mfuzzey @gregkh

    V4L/DVB: Video : pwc : Fix regression in pwc_set_shutter_speed caused…

    mfuzzey authored gregkh committed
    … by bad constant => sizeof conversion.
    
    commit 53f6860 upstream.
    
    Regression was caused by my commit 6b35ca0
    which determined message size using sizeof rather than hardcoded constants.
    
    Unfortunately pwc_set_shutter_speed reuses a 2 byte buffer for a one byte
    message too so the sizeof was bogus in this case.
    
    All other uses of sizeof checked and are ok.
    
    Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Signed-off-by: Martin Fuzzey <mfuzzey@gmail.com>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @gregkh

    mpt2sas: Delete volume before HBA detach.

    Kashyap, Desai authored gregkh committed
    commit d7384b2 upstream.
    
    The driver hangs when doing `rmmod mpt2sas` if there are any
    IR volumes present.The hang is due the scsi midlayer trying to access the
    IR volumes after the driver releases controller resources.  Perhaps when
    scsi_remove_host is called,the scsi mid layer is sending some request.
    This doesn't occur for bare drives becuase the driver is already reporting
    those drives deleted prior to calling mpt2sas_base_detach.
    To solve this issue, we need to delete the volumes as well.
    
    Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com>
    Reviewed-by: Eric Moore <eric.moore@lsi.com>
    Signed-off-by: James Bottomley <James.Bottomley@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @sgruszka @gregkh

    airo: fix setting zero length WEP key

    sgruszka authored gregkh committed
    commit f09c256 upstream.
    
    Patch prevents call set_wep_key() with zero key length. That fix long
    standing regression since commit c038069
    "airo: clean up WEP key operations". Additionally print call trace when
    someone will try to use improper parameters, and remove key.len = 0
    assignment, because it is in not possible code path.
    
    Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
    Bisected-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
    Tested-by: Chris Siebenmann <cks@cs.toronto.edu>
    Cc: Dan Williams <dcbw@redhat.com>
    Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @gregkh

    ACPI: Be in TS_POLLING state during mwait based C-state entry

    Pallipadi, Venkatesh authored gregkh committed
    commit d306ebc upstream.
    
    ACPI deep C-state entry had a long standing bug/missing feature, wherein we were sending
    resched IPIs when an idle CPU is in mwait based deep C-state. Only mwait based C1 was using
    the write to the monitored address to wake up mwait'ing CPU.
    
    This patch changes the code to retain TS_POLLING bit if we are entering an mwait based
    deep C-state.
    
    The patch has been verified to reduce the number of resched IPIs in general and also
    improves the performance/power on workloads with low system utilization (i.e., when mwait based
    deep C-states are being used).
    
    Fixes "netperf ~50% regression with 2.6.33-rc1, bisect to 1b9508f"
    http://marc.info/?l=linux-kernel&m=126441481427331&w=4
    
    Reported-by: Lin Ming <ming.m.lin@intel.com>
    Tested-by: Alex Shi <alex.shi@intel.com>
    Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
    Signed-off-by: Len Brown <len.brown@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  23. @liftoff-sr @gregkh

    serial: 8250: add serial transmitter fully empty test

    liftoff-sr authored gregkh committed
    commit bca4761 upstream.
    
    When controlling an industrial radio modem it can be necessary to
    manipulate the handshake lines in order to control the radio modem's
    transmitter, from userspace.
    
    The transmitter should not be turned off before all characters have been
    transmitted.  serial8250_tx_empty() was reporting that all characters were
    transmitted before they actually were.
    
    ===
    
    Discovered in parallel with more testing and analysis by Kees Schoenmakers
    as follows:
    
    I ran into an NetMos 9835 serial pci board which behaves a little
    different than the standard.  This type of expansion board is very common.
    
    "Standard" 8250 compatible devices clear the 'UART_LST_TEMT" bit together
    with the "UART_LSR_THRE" bit when writing data to the device.
    
    The NetMos device does it slightly different
    
    I believe that the TEMT bit is coupled to the shift register.  The problem
    is that after writing data to the device and very quickly after that one
    does call serial8250_tx_empty, it returns the wrong information.
    
    My patch makes the test more robust (and solves the problem) and it does
    not affect the already correct devices.
    
    Alan:
    
      We may yet need to quirk this but now we know which chips we have a
      way to do that should we find this breaks some other 8250 clone with
      dodgy THRE.
    
    Signed-off-by: Dick Hollenbeck <dick@softplc.com>
    Signed-off-by: Alan Cox <alan@linux.intel.com>
    Cc: Kees Schoenmakers <k.schoenmakers@sigmae.nl>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24. @pinchartl @gregkh

    class: Free the class private data in class_release

    pinchartl authored gregkh committed
    commit 18d19c9 upstream.
    
    Fix a memory leak by freeing the memory allocated in __class_register
    for the class private data.
    
    Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Acked-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  25. @lwfinger @gregkh

    b43: Fix throughput regression

    lwfinger authored gregkh committed
    commit b6c3f5b upstream.
    
    Commit c7ab5ef entitled "b43: implement
    short slot and basic rate handling" reduced the transmit throughput for
    my BCM4311 device from 18 Mb/s to 0.7 Mb/s. The basic rate handling
    portion is OK, the problem is in the short slot handling.
    
    Prior to this change, the short slot enable/disable routines were never
    called. Experimentation showed that the critical part was changing the
    value at offset 0x0010 in the shared memory. This is supposed to contain
    the 802.11 Slot Time in usec, but if it is changed from its initial value
    of zero, performance is destroyed. On the other hand, changing the value
    in the MMIO register corresponding to the Interframe Slot Time increased
    performance from 18 to 22 Mb/s. A BCM4306/3 also shows dramatic
    improvement of the transmit rate from 5.3 to 19.0 Mb/s.
    
    Other changes in the patch include removal of the magic number for the
    MMIO register, and allowing the slot time to be set for any PHY operating
    in the 2.4 GHz band. Previously, the routine was executed only for G PHYs.
    
    Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  26. @jbruchon @gregkh

    ALSA: hda-intel: Avoid divide by zero crash

    jbruchon authored gregkh committed
    commit fed08d0 upstream.
    
    On my AMD780V chipset, hda_intel.c can crash the kernel with a divide by
    zero
    for as-yet unknown reasons. A simple check for zero prevents it, though
    the problem that causes it remains. Since the workaround is harmless and
    won't affect anyone except victims of this bug, it should be safe;
    moreover,
    because this crash can be triggered by a user-mode application, there are
    denial of service implications on the systems affected by the bug without
    the patch.
    
    Signed-off-by: Jody Bruchon <jody@nctritech.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  27. @gregkh

    drm/r128: Add test for initialisation to all ioctls that require it

    Ben Hutchings authored gregkh committed
    commit 7dc482d upstream.
    
    Almost all r128's private ioctls require that the CCE state has
    already been initialised.  However, most do not test that this has
    been done, and will proceed to dereference a null pointer.  This may
    result in a security vulnerability, since some ioctls are
    unprivileged.
    
    This adds a macro for the common initialisation test and changes all
    ioctl implementations that require prior initialisation to use that
    macro.
    
    Also, r128_do_init_cce() does not test that the CCE state has not
    been initialised already.  Repeated initialisation may lead to a crash
    or resource leak.  This adds that test.
    
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Signed-off-by: Dave Airlie <airlied@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  28. @gregkh

    cifs: fix length calculation for converted unicode readdir names

    Jeff Layton authored gregkh committed
    commit f12f98d upstream.
    
    cifs_from_ucs2 returns the length of the converted name, including the
    length of the NULL terminator. We don't want to include the NULL
    terminator in the dentry name length however since that'll throw off the
    hash calculation for the dentry cache.
    
    I believe that this is the root cause of several problems that have
    cropped up recently that seem to be papered over with the "noserverino"
    mount option. More confirmation of that would be good, but this is
    clearly a bug and it fixes at least one reproducible problem that
    was reported.
    
    This patch fixes at least this reproducer in this kernel.org bug:
    
        http://bugzilla.kernel.org/show_bug.cgi?id=15088#c12
    
    Reported-by: Bjorn Tore Sund <bjorn.sund@it.uib.no>
    Acked-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
    Signed-off-by: Jeff Layton <jlayton@redhat.com>
    Signed-off-by: Steve French <sfrench@us.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  29. @gregkh

    NFS: Fix a bug in nfs_fscache_release_page()

    Trond Myklebust authored gregkh committed
    commit 2c17400 upstream.
    
    Not having an fscache cookie is perfectly valid if the user didn't mount
    with the fscache option.
    
    This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=15234
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Acked-by: David Howells <dhowells@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  30. @gregkh

    mm: replace various uses of num_physpages by totalram_pages

    Jan Beulich authored gregkh committed
    commit 4481374 upstream.
    
    Sizing of memory allocations shouldn't depend on the number of physical
    pages found in a system, as that generally includes (perhaps a huge amount
    of) non-RAM pages.  The amount of what actually is usable as storage
    should instead be used as a basis here.
    
    Some of the calculations (i.e.  those not intending to use high memory)
    should likely even use (totalram_pages - totalhigh_pages).
    
    Signed-off-by: Jan Beulich <jbeulich@novell.com>
    Acked-by: Rusty Russell <rusty@rustcorp.com.au>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Cc: Dave Airlie <airlied@linux.ie>
    Cc: Kyle McMartin <kyle@mcmartin.ca>
    Cc: Jeremy Fitzhardinge <jeremy@goop.org>
    Cc: Pekka Enberg <penberg@cs.helsinki.fi>
    Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Cc: "David S. Miller" <davem@davemloft.net>
    Cc: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.