Skip to content
Commits on Dec 10, 2010
  1. Merge branch 'configs-2.6.36' into pf-2.6.36

    Oleksandr Natalenko committed Dec 10, 2010
  2. configs-2.6.36: update config for Dell Inspiron 1525

    Oleksandr Natalenko committed Dec 10, 2010
  3. Merge branch 'version-2.6.36' into pf-2.6.36

    Oleksandr Natalenko committed Dec 10, 2010
  4. version-2.6.36: bump to v2.6.36-pf3

    Oleksandr Natalenko committed Dec 10, 2010
  5. Merge remote branch 'tuxonice-2.6.36/combined' into pf-2.6.36

    Oleksandr Natalenko committed Dec 10, 2010
  6. fix merge conflict

    Oleksandr Natalenko committed Dec 10, 2010
  7. @NigelCunningham
Commits on Dec 9, 2010
  1. @gregkh


    gregkh committed Dec 9, 2010
  2. @torvalds @gregkh

    Un-inline get_pipe_info() helper function

    torvalds committed with gregkh Nov 28, 2010
    commit 7208364 upstream.
    This avoids some include-file hell, and the function isn't really
    important enough to be inlined anyway.
    Reported-by: Ingo Molnar <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @torvalds @gregkh

    Export 'get_pipe_info()' to other users

    torvalds committed with gregkh Nov 28, 2010
    commit c66fb34 upstream.
    And in particular, use it in 'pipe_fcntl()'.
    The other pipe functions do not need to use the 'careful' version, since
    they are only ever called for things that are already known to be pipes.
    The normal read/write/ioctl functions are called through the file
    operations structures, so if a file isn't a pipe, they'd never get
    called.  But pipe_fcntl() is special, and called directly from the
    generic fcntl code, and needs to use the same careful function that the
    splice code is using.
    Cc: Jens Axboe <>
    Cc: Andrew Morton <>
    Cc: Al Viro <>
    Cc: Dave Jones <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @torvalds @gregkh

    Rename 'pipe_info()' to 'get_pipe_info()'

    torvalds committed with gregkh Nov 28, 2010
    commit 71993e6 upstream.
    .. and change it to take the 'file' pointer instead of an inode, since
    that's what all users want anyway.
    The renaming is preparatory to exporting it to other users.  The old
    'pipe_info()' name was too generic and is already used elsewhere, so
    before making the function public we need to use a more specific name.
    Cc: Jens Axboe <>
    Cc: Andrew Morton <>
    Cc: Al Viro <>
    Cc: Dave Jones <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @gregkh

    nmi: fix clock comparator revalidation

    Heiko Carstens committed with gregkh Nov 25, 2010
    commit e8129c6 upstream.
    On each machine check all registers are revalidated. The save area for
    the clock comparator however only contains the upper most seven bytes
    of the former contents, if valid.
    Therefore the machine check handler uses a store clock instruction to
    get the current time and writes that to the clock comparator register
    which in turn will generate an immediate timer interrupt.
    However within the lowcore the expected time of the next timer
    interrupt is stored. If the interrupt happens before that time the
    handler won't be called. In turn the clock comparator won't be
    reprogrammed and therefore the interrupt condition stays pending which
    causes an interrupt loop until the expected time is reached.
    On NOHZ machines this can result in unresponsive machines since the
    time of the next expected interrupted can be a couple of days in the
    To fix this just revalidate the clock comparator register with the
    expected value.
    In addition the special handling for udelay must be changed as well.
    Signed-off-by: Heiko Carstens <>
    Signed-off-by: Martin Schwidefsky <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @gregkh

    r8169: fix checksum broken

    Shan Wei committed with gregkh Nov 12, 2010
    commit d5d3ebe upstream.
    If r8196 received packets with invalid sctp/igmp(not tcp, udp) checksum, r8196 set skb->ip_summed
    wit CHECKSUM_UNNECESSARY. This cause that upper protocol don't check checksum field.
    I am not family with r8196 driver. I try to guess the meaning of RxProtoIP and IPFail.
    RxProtoIP stands for received IPv4 packet that upper protocol is not tcp and udp.
    !(opts1 & IPFail) is true means that driver correctly to check checksum in IPv4 header.
    If it's right, I think we should not set ip_summed wit CHECKSUM_UNNECESSARY for my sctp packets
    with invalid checksum.
    If it's not right, please tell me.
    Signed-off-by: Shan Wei <>
    Acked-by: Francois Romieu <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @gregkh

    r8169: revert "Handle rxfifo errors on 8168 chips"

    françois romieu committed with gregkh Nov 8, 2010
    commit 53f5735 upstream.
    The original patch helps under obscure conditions (no pun) but
    some 8168 do not like it. The change needs to be tightened with
    a specific 8168 version.
    This reverts commit 801e147
    ("r8169: Handle rxfifo errors on 8168 chips").
    Regression at
    Signed-off-by: Francois Romieu <>
    Tested-by: Andreas Radke <>
    Cc: Matthew Garrett <>
    Cc: Daniel J Blueman <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @sgruszka @gregkh

    r8169: (re)init phy on resume

    sgruszka committed with gregkh Oct 20, 2010
    commit fccec10 upstream.
    Fix switching device to low-speed mode after resume reported in:
    Reported-and-tested-by: Laurentiu Badea <>
    Signed-off-by: Stanislaw Gruszka <>
    Signed-off-by: David S. Miller <>
    Cc: Francois Romieu <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @gregkh

    r8169: fix rx checksum offload

    Eric Dumazet committed with gregkh Sep 5, 2010
    commit adea1ac upstream.
    While porting GRO to r8169, I found this driver has a bug in its rx
    All skbs given to network stack had their ip_summed set to
    CHECKSUM_NONE, while hardware said they had correct TCP/UDP checksums.
    The reason is driver sets skb->ip_summed on the original skb before the
    copy eventually done by copybreak. The fresh skb gets the ip_summed =
    CHECKSUM_NONE value, forcing network stack to recompute checksum, and
    preventing my GRO patch to work.
    Fix is to make the ip_summed setting after skb copy.
    Note : rx_copybreak current value is 16383, so all frames are copied...
    Signed-off-by: Eric Dumazet <>
    Acked-by: Francois Romieu <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    msp3400: fix mute audio regression

    Hans Verkuil committed with gregkh Oct 17, 2010
    commit 0310871 upstream.
    The switch to the new control framework caused a regression where the audio was
    no longer unmuted after the carrier scan finished.
    The original code attempted to set the volume control to its current value in
    order to have the set-volume control code to be called that handles the volume
    and muting. However, the framework will not call that code unless the new volume
    value is different from the old.
    Instead we now call msp_s_ctrl directly.
    It is a bit of a hack: we really need a v4l2_ctrl_refresh_ctrl function for this
    (or something along those lines).
    Thanks to Andy Walls for bisecting this and to Shane Shrybman for reporting it!
    Reported-by: Shane Shrybman <>
    Thanks-to: Andy Walls <>
    Signed-off-by: Hans Verkuil <>
    Signed-off-by: Mauro Carvalho Chehab <>
    Signed-off-by: Greg Kroah-Hartman <>
  11. @gregkh

    qla2xxx: Add module parameter to enable/disable GFF_ID device type ch…

    Chad Dupuis committed with gregkh Oct 15, 2010
    commit 4da26e1 upstream.
    Add the module parameter ql2xgffidenable to disable/enable the use of the
    GFF_ID name server command to prevent non FCP SCSI devices from being added to
    the driver's internal fc_port database.
    Signed-off-by: Chad Dupuis <>
    Signed-off-by: Madhuranath Iyengar <>
    Signed-off-by: James Bottomley <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    cfg80211: fix extension channel checks to initiate communication

    Luis R. Rodriguez committed with gregkh Nov 12, 2010
    commit 9236d83 upstream.
    When operating in a mode that initiates communication and using
    HT40 we should fail if we cannot use both primary and secondary
    channels to initiate communication. Our current ht40 allowmap
    only covers STA mode of operation, for beaconing modes we need
    a check on the fly as the mode of operation is dynamic and
    there other flags other than disable which we should read
    to check if we can initiate communication.
    Do not allow for initiating communication if our secondary HT40
    channel has is either disabled, has a passive scan flag, a
    no-ibss flag or is a radar channel. Userspace now has similar
    checks but this is also needed in-kernel.
    Reported-by: Jouni Malinen <>
    Signed-off-by: Luis R. Rodriguez <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @gregkh

    rds: Integer overflow in RDS cmsg handling

    Dan Rosenberg committed with gregkh Nov 17, 2010
    commit 218854a upstream.
    In rds_cmsg_rdma_args(), the user-provided args->nr_local value is
    restricted to less than UINT_MAX.  This seems to need a tighter upper
    bound, since the calculation of total iov_size can overflow, resulting
    in a small sock_kmalloc() allocation.  This would probably just result
    in walking off the heap and crashing when calling rds_rdma_pages() with
    a high count value.  If it somehow doesn't crash here, then memory
    corruption could occur soon after.
    Signed-off-by: Dan Rosenberg <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @philb @gregkh

    econet: fix CVE-2010-3848

    philb committed with gregkh Nov 24, 2010
    commit a27e13d upstream.
    Don't declare variable sized array of iovecs on the stack since this
    could cause stack overflow if msg->msgiovlen is large.  Instead, coalesce
    the user-supplied data into a new buffer and use a single iovec for it.
    Signed-off-by: Phil Blundell <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @philb @gregkh

    econet: fix CVE-2010-3850

    philb committed with gregkh Nov 24, 2010
    commit 16c4174 upstream.
    Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.
    Signed-off-by: Phil Blundell <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @philb @gregkh

    econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849

    philb committed with gregkh Nov 24, 2010
    commit fa0e846 upstream.
    Later parts of econet_sendmsg() rely on saddr != NULL, so return early
    with EINVAL if NULL was passed otherwise an oops may occur.
    Signed-off-by: Phil Blundell <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @sergey-senozhatsky @gregkh

    ext4: fix NULL pointer dereference in print_daily_error_info()

    sergey-senozhatsky committed with gregkh Oct 27, 2010
    commit a1c6c56 upstream.
    Fix NULL pointer dereference in print_daily_error_info, when
    called on unmounted fs (EXT4_SB(sb) returns NULL), by removing error
    reporting timer in ext4_put_super.
    Google-Bug-Id: 3017663
    Signed-off-by: Sergey Senozhatsky <>
    Signed-off-by: "Theodore Ts'o" <>
    Cc: Thomas Meyer <>
    Signed-off-by: Greg Kroah-Hartman <>
  18. @herbertx @gregkh

    crypto: padlock - Fix AES-CBC handling on odd-block-sized input

    herbertx committed with gregkh Nov 4, 2010
    commit c054a07 upstream.
    On certain VIA chipsets AES-CBC requires the input/output to be
    a multiple of 64 bytes.  We had a workaround for this but it was
    buggy as it sent the whole input for processing when it is meant
    to only send the initial number of blocks which makes the rest
    a multiple of 64 bytes.
    As expected this causes memory corruption whenever the workaround
    kicks in.
    Reported-by: Phil Sutter <>
    Signed-off-by: Herbert Xu <>
    Signed-off-by: Greg Kroah-Hartman <>
  19. @gregkh

    x25: Prevent crashing when parsing bad X.25 facilities

    Dan Rosenberg committed with gregkh Nov 12, 2010
    commit 5ef4130 upstream.
    Now with improved comma support.
    On parsing malformed X.25 facilities, decrementing the remaining length
    may cause it to underflow.  Since the length is an unsigned integer,
    this will result in the loop continuing until the kernel crashes.
    This patch adds checks to ensure decrementing the remaining length does
    not cause it to wrap around.
    Signed-off-by: Dan Rosenberg <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  20. @hartkopp @gregkh

    can-bcm: fix minor heap overflow

    hartkopp committed with gregkh Nov 10, 2010
    commit 0597d1b upstream.
    On 64-bit platforms the ASCII representation of a pointer may be up to 17
    bytes long. This patch increases the length of the buffer accordingly.
    Reported-by: Dan Rosenberg <>
    Signed-off-by: Oliver Hartkopp <>
    CC: Linus Torvalds <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  21. @davem330 @gregkh

    filter: make sure filters dont read uninitialized memory

    davem330 committed with gregkh Nov 10, 2010
    commit 57fe93b upstream.
    There is a possibility malicious users can get limited information about
    uninitialized stack mem array. Even if sk_run_filter() result is bound
    to packet length (0 .. 65535), we could imagine this can be used by
    hostile user.
    Initializing mem[] array, like Dan Rosenberg suggested in his patch is
    expensive since most filters dont even use this array.
    Its hard to make the filter validation in sk_chk_filter(), because of
    the jumps. This might be done later.
    In this patch, I use a bitmap (a single long var) so that only filters
    using mem[] loads/stores pay the price of added security checks.
    For other filters, additional cost is a single instruction.
    [ Since we access fentry->k a lot now, cache it in a local variable
      and mark filter entry pointer as const. -DaveM ]
    Reported-by: Dan Rosenberg <>
    Signed-off-by: Eric Dumazet <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  22. @lacombar @gregkh

    kbuild: use getopt_long(), not its _only() variant

    lacombar committed with gregkh Aug 23, 2010
    commit c94d3fb upstream.
    NetBSD lacks getopt_long_only() whereas getopt_long() works just fine.
    Signed-off-by: Arnaud Lacombe <>
    Acked-by: Sam Ravnborg <>
    Signed-off-by: Michal Marek <>
    Signed-off-by: Greg Kroah-Hartman <>
  23. @jessegross @gregkh

    vlan: Avoid hwaccel vlan packets when vid not used.

    jessegross committed with gregkh Nov 8, 2010
    [This patch applies only to 2.6.36 stable.  The problem was introduced
    in that release and is already fixed by larger changes to the vlan
    code in 2.6.37.]
    Normally hardware accelerated vlan packets are quickly dropped if
    there is no corresponding vlan device configured.  The one exception
    is promiscuous mode, where we allow all of these packets through so
    they can be picked up by tcpdump.  However, this behavior causes a
    crash if we actually try to receive these packets.  This fixes that
    crash by ignoring packets with vids not corresponding to a configured
    device in the vlan hwaccel routines and then dropping them before they
    get to consumers in the network stack.
    Reported-by: Ben Greear <>
    Tested-by: Nikola Ciprich <>
    Signed-off-by: Jesse Gross <>
    Acked-by: David Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  24. @AndrewHendry @gregkh

    memory corruption in X.25 facilities parsing

    AndrewHendry committed with gregkh Nov 3, 2010
    commit a6331d6 upstream.
    Signed-of-by: Andrew Hendry <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  25. @gregkh

    OMAP3: DMA: Errata i541: sDMA FIFO draining does not finish

    Peter Ujfalusi committed with gregkh Oct 11, 2010
    commit 0e4905c upstream.
    Implement the suggested workaround for OMAP3 regarding to sDMA draining
    issue, when the channel is disabled on the fly.
    This errata affects the following configuration:
    sDMA transfer is source synchronized
    Buffering is enabled
    SmartStandby is selected.
    The issue can be easily reproduced by creating overrun situation while
    recording audio.
    Either introduce load to the CPU:
    nice -19 arecord -D hw:0 -M -B 10000 -F 5000 -f dat > /dev/null & \
    dd if=/dev/urandom of=/dev/null
    or suspending the arecord, and resuming it:
    arecord -D hw:0 -M -B 10000 -F 5000 -f dat > /dev/null
    CTRL+Z; fg; CTRL+Z; fg; ...
    In case of overrun audio stops DMA, and restarts it (without reseting
    the sDMA channel). When we hit this errata in stop case (sDMA drain did
    not complete), at the coming start the sDMA will not going to be
    operational (it is still draining).
    This leads to DMA stall condition.
    On OMAP3 we can recover with sDMA channel reset, it has been observed
    that by introducing unrelated sDMA activity might also help (reading
    from MMC for example).
    The same errata exists for OMAP2, where the suggestion is to disable the
    buffering to avoid this type of error.
    On OMAP3 the suggestion is to set sDMA to NoStandby before disabling
    the channel, and wait for the drain to finish, than configure sDMA to
    SmartStandby again.
    Signed-off-by: Peter Ujfalusi <>
    Acked-by: Jarkko Nikula <>
    Acked-by : Santosh Shilimkar <>
    Acked-by : Manjunath Kondaiah G <>
    Signed-off-by: Tony Lindgren <>
    Signed-off-by: Greg Kroah-Hartman <>
  26. @gregkh

    omap: dma: Fix buffering disable bit setting for omap24xx

    Jarkko Nikula committed with gregkh Oct 11, 2010
    commit 3e57f16 upstream.
    An errata workaround for omap24xx is not setting the buffering disable bit
    25 what is the purpose but channel enable bit 7 instead.
    Background for this fix is the DMA stalling issue with ASoC omap-mcbsp
    driver. Peter Ujfalusi <> has found an issue in
    recording that the DMA stall could happen if there were a buffer overrun
    detected by ALSA and the DMA was stopped and restarted due that. This
    problem is known to occur on both OMAP2420 and OMAP3. It can recover on
    OMAP3 after dma free, dma request and reconfiguration cycle. However, on
    OMAP2420 it seems that only way to recover is a reset.
    Problem was not visible before the commit c12abc0. That commit changed that
    the McBSP transmitter/receiver is released from reset only when needed. That
    is, only enabled McBSP transmitter without transmission was able to prevent
    this DMA stall problem in receiving side and underlying problem did not show
    up until now. McBSP transmitter itself seems to no be reason since DMA
    stall does not recover by enabling the transmission after stall.
    Debugging showed that there were a DMA write active during DMA stop time and
    it never completed even when restarting the DMA. Experimenting showed that
    the DMA buffering disable bit could be used to avoid stalling when using
    source synchronized transfers. However that could have performance hit and
    OMAP3 TRM states that buffering disable is not allowed for destination
    synchronized transfers so subsequent patch will implement a method to
    complete DMA writes when stopping.
    This patch is based on assumtion that complete lock-up on OMAP2420 is
    different but related problem. I don't have access to OMAP2420 errata but
    I believe this old workaround here is put for a reason but unfortunately
    a wrong bit was typed and problem showed up only now.
    Signed-off-by: Jarkko Nikula <>
    Signed-off-by: Peter Ujfalusi <>
    Acked-by: Manjunath Kondaiah G <>
    Signed-off-by: Tony Lindgren <>
    Signed-off-by: Greg Kroah-Hartman <>
  27. @dtor @gregkh

    Input: i8042 - add Sony VAIO VPCZ122GX to nomux list

    dtor committed with gregkh Nov 4, 2010
    [Note that the mainline will not have this particular fix but rather
    will blacklist entire VAIO line based off DMI board name. For stable
    I am being a bit more cautious and blacklist one particular product.]
    Trying to query/activate active multiplexing mode on this VAIO makes
    both keyboard and touchpad inoperable. Futher kernels will blacklist
    entire VAIO line, however here we blacklist just one particular model.
    Reported-by: Jesse Barnes <>
    Signed-off-by: Dmitry Torokhov <>
    Signed-off-by: Greg Kroah-Hartman <>
  28. @davem330 @gregkh

    net: Limit socket I/O iovec total length to INT_MAX.

    davem330 committed with gregkh Oct 28, 2010
    commit 8acfe46 upstream.
    This helps protect us from overflow issues down in the
    individual protocol sendmsg/recvmsg handlers.  Once
    we hit INT_MAX we truncate out the rest of the iovec
    by setting the iov_len members to zero.
    This works because:
    1) For SOCK_STREAM and SOCK_SEQPACKET sockets, partial
       writes are allowed and the application will just continue
       with another write to send the rest of the data.
    2) For datagram oriented sockets, where there must be a
       one-to-one correspondance between write() calls and
       packets on the wire, INT_MAX is going to be far larger
       than the packet size limit the protocol is going to
       check for and signal with -EMSGSIZE.
    Based upon a patch by Linus Torvalds.
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
Something went wrong with that request. Please try again.