Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 16, 2010
  1. Merge branch 'configs-2.6.36' into pf-2.6.36

    Oleksandr Natalenko authored
  2. configs-2.6.36: update config for Dell Inspiron 1525

    Oleksandr Natalenko authored
  3. Merge branch 'version-2.6.36' into pf-2.6.36

    Oleksandr Natalenko authored
  4. version-2.6.36: bump to v2.6.36-pf4

    Oleksandr Natalenko authored
  5. Merge branch 'ck-2.6.36' into pf-2.6.36

    Oleksandr Natalenko authored
  6. ck-2.6.36: update BFS to v360

    Oleksandr Natalenko authored
Commits on Dec 10, 2010
  1. Merge branch 'configs-2.6.36' into pf-2.6.36

    Oleksandr Natalenko authored
  2. configs-2.6.36: update config for Dell Inspiron 1525

    Oleksandr Natalenko authored
  3. Merge branch 'version-2.6.36' into pf-2.6.36

    Oleksandr Natalenko authored
  4. version-2.6.36: bump to v2.6.36-pf3

    Oleksandr Natalenko authored
  5. Merge remote branch 'tuxonice-2.6.36/combined' into pf-2.6.36

    Oleksandr Natalenko authored
  6. fix merge conflict

    Oleksandr Natalenko authored
  7. @NigelCunningham
Commits on Dec 9, 2010
  1. @gregkh

    Linux 2.6.36.2

    gregkh authored
  2. @torvalds @gregkh

    Un-inline get_pipe_info() helper function

    torvalds authored gregkh committed
    commit 7208364 upstream.
    
    This avoids some include-file hell, and the function isn't really
    important enough to be inlined anyway.
    
    Reported-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  3. @torvalds @gregkh

    Export 'get_pipe_info()' to other users

    torvalds authored gregkh committed
    commit c66fb34 upstream.
    
    And in particular, use it in 'pipe_fcntl()'.
    
    The other pipe functions do not need to use the 'careful' version, since
    they are only ever called for things that are already known to be pipes.
    
    The normal read/write/ioctl functions are called through the file
    operations structures, so if a file isn't a pipe, they'd never get
    called.  But pipe_fcntl() is special, and called directly from the
    generic fcntl code, and needs to use the same careful function that the
    splice code is using.
    
    Cc: Jens Axboe <jaxboe@fusionio.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Dave Jones <davej@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  4. @torvalds @gregkh

    Rename 'pipe_info()' to 'get_pipe_info()'

    torvalds authored gregkh committed
    commit 71993e6 upstream.
    
    .. and change it to take the 'file' pointer instead of an inode, since
    that's what all users want anyway.
    
    The renaming is preparatory to exporting it to other users.  The old
    'pipe_info()' name was too generic and is already used elsewhere, so
    before making the function public we need to use a more specific name.
    
    Cc: Jens Axboe <jaxboe@fusionio.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Dave Jones <davej@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  5. @gregkh

    nmi: fix clock comparator revalidation

    Heiko Carstens authored gregkh committed
    commit e8129c6 upstream.
    
    On each machine check all registers are revalidated. The save area for
    the clock comparator however only contains the upper most seven bytes
    of the former contents, if valid.
    Therefore the machine check handler uses a store clock instruction to
    get the current time and writes that to the clock comparator register
    which in turn will generate an immediate timer interrupt.
    However within the lowcore the expected time of the next timer
    interrupt is stored. If the interrupt happens before that time the
    handler won't be called. In turn the clock comparator won't be
    reprogrammed and therefore the interrupt condition stays pending which
    causes an interrupt loop until the expected time is reached.
    
    On NOHZ machines this can result in unresponsive machines since the
    time of the next expected interrupted can be a couple of days in the
    future.
    
    To fix this just revalidate the clock comparator register with the
    expected value.
    In addition the special handling for udelay must be changed as well.
    
    Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @gregkh

    r8169: fix checksum broken

    Shan Wei authored gregkh committed
    commit d5d3ebe upstream.
    
    If r8196 received packets with invalid sctp/igmp(not tcp, udp) checksum, r8196 set skb->ip_summed
    wit CHECKSUM_UNNECESSARY. This cause that upper protocol don't check checksum field.
    
    I am not family with r8196 driver. I try to guess the meaning of RxProtoIP and IPFail.
    RxProtoIP stands for received IPv4 packet that upper protocol is not tcp and udp.
    !(opts1 & IPFail) is true means that driver correctly to check checksum in IPv4 header.
    
    If it's right, I think we should not set ip_summed wit CHECKSUM_UNNECESSARY for my sctp packets
    with invalid checksum.
    
    If it's not right, please tell me.
    
    Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
    Acked-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    r8169: revert "Handle rxfifo errors on 8168 chips"

    françois romieu authored gregkh committed
    commit 53f5735 upstream.
    
    The original patch helps under obscure conditions (no pun) but
    some 8168 do not like it. The change needs to be tightened with
    a specific 8168 version.
    
    This reverts commit 801e147
    ("r8169: Handle rxfifo errors on 8168 chips").
    
    Regression at https://bugzilla.kernel.org/show_bug.cgi?id=20882
    
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Tested-by: Andreas Radke <a.radke@arcor.de>
    Cc: Matthew Garrett <mjg@redhat.com>
    Cc: Daniel J Blueman <daniel.blueman@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @sgruszka @gregkh

    r8169: (re)init phy on resume

    sgruszka authored gregkh committed
    commit fccec10 upstream.
    
    Fix switching device to low-speed mode after resume reported in:
    https://bugzilla.redhat.com/show_bug.cgi?id=502974
    
    Reported-and-tested-by: Laurentiu Badea <bugzilla-redhat@wotevah.com>
    Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Cc: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @gregkh

    r8169: fix rx checksum offload

    Eric Dumazet authored gregkh committed
    commit adea1ac upstream.
    
    While porting GRO to r8169, I found this driver has a bug in its rx
    path.
    
    All skbs given to network stack had their ip_summed set to
    CHECKSUM_NONE, while hardware said they had correct TCP/UDP checksums.
    
    The reason is driver sets skb->ip_summed on the original skb before the
    copy eventually done by copybreak. The fresh skb gets the ip_summed =
    CHECKSUM_NONE value, forcing network stack to recompute checksum, and
    preventing my GRO patch to work.
    
    Fix is to make the ip_summed setting after skb copy.
    
    Note : rx_copybreak current value is 16383, so all frames are copied...
    
    Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
    Acked-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    msp3400: fix mute audio regression

    Hans Verkuil authored gregkh committed
    commit 0310871 upstream.
    
    The switch to the new control framework caused a regression where the audio was
    no longer unmuted after the carrier scan finished.
    
    The original code attempted to set the volume control to its current value in
    order to have the set-volume control code to be called that handles the volume
    and muting. However, the framework will not call that code unless the new volume
    value is different from the old.
    
    Instead we now call msp_s_ctrl directly.
    
    It is a bit of a hack: we really need a v4l2_ctrl_refresh_ctrl function for this
    (or something along those lines).
    
    Thanks to Andy Walls for bisecting this and to Shane Shrybman for reporting it!
    
    Reported-by: Shane Shrybman <shrybman@teksavvy.com>
    Thanks-to: Andy Walls <awalls@md.metrocast.net>
    Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @gregkh

    qla2xxx: Add module parameter to enable/disable GFF_ID device type ch…

    Chad Dupuis authored gregkh committed
    …eck.
    
    commit 4da26e1 upstream.
    
    Add the module parameter ql2xgffidenable to disable/enable the use of the
    GFF_ID name server command to prevent non FCP SCSI devices from being added to
    the driver's internal fc_port database.
    
    Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
    Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
    Signed-off-by: James Bottomley <James.Bottomley@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @gregkh

    cfg80211: fix extension channel checks to initiate communication

    Luis R. Rodriguez authored gregkh committed
    commit 9236d83 upstream.
    
    When operating in a mode that initiates communication and using
    HT40 we should fail if we cannot use both primary and secondary
    channels to initiate communication. Our current ht40 allowmap
    only covers STA mode of operation, for beaconing modes we need
    a check on the fly as the mode of operation is dynamic and
    there other flags other than disable which we should read
    to check if we can initiate communication.
    
    Do not allow for initiating communication if our secondary HT40
    channel has is either disabled, has a passive scan flag, a
    no-ibss flag or is a radar channel. Userspace now has similar
    checks but this is also needed in-kernel.
    
    Reported-by: Jouni Malinen <jouni.malinen@atheros.com>
    Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @gregkh

    rds: Integer overflow in RDS cmsg handling

    Dan Rosenberg authored gregkh committed
    commit 218854a upstream.
    
    In rds_cmsg_rdma_args(), the user-provided args->nr_local value is
    restricted to less than UINT_MAX.  This seems to need a tighter upper
    bound, since the calculation of total iov_size can overflow, resulting
    in a small sock_kmalloc() allocation.  This would probably just result
    in walking off the heap and crashing when calling rds_rdma_pages() with
    a high count value.  If it somehow doesn't crash here, then memory
    corruption could occur soon after.
    
    Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @philb @gregkh

    econet: fix CVE-2010-3848

    philb authored gregkh committed
    commit a27e13d upstream.
    
    Don't declare variable sized array of iovecs on the stack since this
    could cause stack overflow if msg->msgiovlen is large.  Instead, coalesce
    the user-supplied data into a new buffer and use a single iovec for it.
    
    Signed-off-by: Phil Blundell <philb@gnu.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15. @philb @gregkh

    econet: fix CVE-2010-3850

    philb authored gregkh committed
    commit 16c4174 upstream.
    
    Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.
    
    Signed-off-by: Phil Blundell <philb@gnu.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16. @philb @gregkh

    econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849

    philb authored gregkh committed
    commit fa0e846 upstream.
    
    Later parts of econet_sendmsg() rely on saddr != NULL, so return early
    with EINVAL if NULL was passed otherwise an oops may occur.
    
    Signed-off-by: Phil Blundell <philb@gnu.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17. @sergey-senozhatsky @gregkh

    ext4: fix NULL pointer dereference in print_daily_error_info()

    sergey-senozhatsky authored gregkh committed
    commit a1c6c56 upstream.
    
    Fix NULL pointer dereference in print_daily_error_info, when
    called on unmounted fs (EXT4_SB(sb) returns NULL), by removing error
    reporting timer in ext4_put_super.
    
    Google-Bug-Id: 3017663
    
    Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
    Cc: Thomas Meyer <thomas@m3y3r.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @herbertx @gregkh

    crypto: padlock - Fix AES-CBC handling on odd-block-sized input

    herbertx authored gregkh committed
    commit c054a07 upstream.
    
    On certain VIA chipsets AES-CBC requires the input/output to be
    a multiple of 64 bytes.  We had a workaround for this but it was
    buggy as it sent the whole input for processing when it is meant
    to only send the initial number of blocks which makes the rest
    a multiple of 64 bytes.
    
    As expected this causes memory corruption whenever the workaround
    kicks in.
    
    Reported-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @gregkh

    x25: Prevent crashing when parsing bad X.25 facilities

    Dan Rosenberg authored gregkh committed
    commit 5ef4130 upstream.
    
    Now with improved comma support.
    
    On parsing malformed X.25 facilities, decrementing the remaining length
    may cause it to underflow.  Since the length is an unsigned integer,
    this will result in the loop continuing until the kernel crashes.
    
    This patch adds checks to ensure decrementing the remaining length does
    not cause it to wrap around.
    
    Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @hartkopp @gregkh

    can-bcm: fix minor heap overflow

    hartkopp authored gregkh committed
    commit 0597d1b upstream.
    
    On 64-bit platforms the ASCII representation of a pointer may be up to 17
    bytes long. This patch increases the length of the buffer accordingly.
    
    http://marc.info/?l=linux-netdev&m=128872251418192&w=2
    
    Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
    CC: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @davem330 @gregkh

    filter: make sure filters dont read uninitialized memory

    davem330 authored gregkh committed
    commit 57fe93b upstream.
    
    There is a possibility malicious users can get limited information about
    uninitialized stack mem array. Even if sk_run_filter() result is bound
    to packet length (0 .. 65535), we could imagine this can be used by
    hostile user.
    
    Initializing mem[] array, like Dan Rosenberg suggested in his patch is
    expensive since most filters dont even use this array.
    
    Its hard to make the filter validation in sk_chk_filter(), because of
    the jumps. This might be done later.
    
    In this patch, I use a bitmap (a single long var) so that only filters
    using mem[] loads/stores pay the price of added security checks.
    
    For other filters, additional cost is a single instruction.
    
    [ Since we access fentry->k a lot now, cache it in a local variable
      and mark filter entry pointer as const. -DaveM ]
    
    Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @lacombar @gregkh

    kbuild: use getopt_long(), not its _only() variant

    lacombar authored gregkh committed
    commit c94d3fb upstream.
    
    NetBSD lacks getopt_long_only() whereas getopt_long() works just fine.
    
    Signed-off-by: Arnaud Lacombe <lacombar@gmail.com>
    Acked-by: Sam Ravnborg <sam@ravnborg.org>
    Signed-off-by: Michal Marek <mmarek@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.