aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-02-08Linux 2.6.23.15v2.6.23.15Greg Kroah-Hartman
2008-02-08splice: missing user pointer access verification (CVE-2008-0009/10)Jens Axboe
patch 8811930dc74a503415b35c4a79d14fb0b408a361 in mainline. vmsplice_to_user() must always check the user pointer and length with access_ok() before copying. Likewise, for the slow path of copy_from_user_mmap_sem() we need to check that we may read from the user region. Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Cc: Wojciech Purczynski <cliph@research.coseinc.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08PCI: Fix fakephp deadlockIan Abbott
This patch works around a problem in the fakephp driver when a process writing "0" to a "power" sysfs file to fake removal of a PCI device ends up deadlocking itself in the sysfs code. The patch is functionally identical to the one in Linus' tree post 2.6.24: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff I have tested it on a 2.6.23 kernel. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ACPI: sync blacklist w/ latestLen Brown
This patch is appropriate for supporting a 2.6.23-based products. Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08atl1: fix frame length bugJay Cliburn
Upstream commit: 2a49128f0a6edee337174ea341c1d6d7565be350 The driver sets up the hardware to accept a frame with max length equal to MTU + Ethernet header + FCS + VLAN tag, but we neglect to add the VLAN tag size to the ingress buffer. When a VLAN-tagged frame arrives, the hardware passes it, but bad things happen because the buffer is too small. This patch fixes that. Thanks to David Harris for reporting the bug and testing the fix. Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net> Tested-by: David Harris <david.harris@cpni-inc.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08forcedeth: mac address mcp77/79Ayaz Abdulla
patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline. This patch is a critical fix for MCP77 and MCP79 devices. The feature flags were missing the define for correct mac address (DEV_HAS_CORRECT_MACADDR). Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Fix dirty page accounting leak with ext3 data=journalBjörn Steinbrink
patch a2b345642f530054a92b8d2b5108436225a8093e in mainline. In 46d2277c796f9f4937bfa668c40b2e3f43e93dd0, try_to_free_buffers was changed to bail out if the page was dirty. That caused truncate_complete_page to leak massive amounts of memory, because the dirty bit was only cleared after the call to try_to_free_buffers. So the call to cancel_dirty_page was moved up to have the dirty bit cleared early in 3e67c0987d7567ad666641164a153dca9a43b11d. The problem with that fix is, that the page can be redirtied after cancel_dirty_page was called, eg. like this: truncate_complete_page() cancel_dirty_page() // PG_dirty cleared, decr. dirty pages do_invalidatepage() ext3_invalidatepage() journal_invalidatepage() journal_unmap_buffer() __dispose_buffer() __journal_unfile_buffer() __journal_temp_unlink_buffer() mark_buffer_dirty(); // PG_dirty set, incr. dirty pages And then we end up with dirty pages being wrongly accounted. In ecdfc9787fe527491baefc22dce8b2dbd5b2908d the changes to try_to_free_buffers were reverted, so the original reason for the massive memory leak is gone, so we can also revert the move of the call to cancel_dirty_page from truncate_complete_page and get the accounting right again. Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Tested-by: Zaid D. <zaid.box@gmail.com> Cc: Jan Kara <jack@ucw.cz> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Thomas Osterried <osterried@jesse.de> Cc: Kerin Millar <kerframil@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Netfilter: bridge-netfilter: fix net_device refcnt leaksPatrick McHardy
[NETFILTER]: bridge-netfilter: fix net_device refcnt leaks Upstream commit 2dc2f207fb251666d2396fe1a69272b307ecc333 When packets are flood-forwarded to multiple output devices, the bridge-netfilter code reuses skb->nf_bridge for each clone to store the bridge port. When queueing packets using NFQUEUE netfilter takes a reference to skb->nf_bridge->physoutdev, which is overwritten when the packet is forwarded to the second port. This causes refcount unterflows for the first device and refcount leaks for all others. Additionally this provides incorrect data to the iptables physdev match. Unshare skb->nf_bridge by copying it if it is shared before assigning the physoutdev device. Reported, tested and based on initial patch by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Netfilter: bridge: fix double POST_ROUTING invocationPatrick McHardy
[NETFILTER]: bridge: fix double POST_ROUTING invocation Upstream commit 2948d2ebbb98747b912ac6d0c864b4d02be8a6f5 The bridge code incorrectly causes two POST_ROUTING hook invocations for DNATed packets that end up on the same bridge device. This happens because packets with a changed destination address are passed to dst_output() to make them go through the neighbour output function again to build a new destination MAC address, before they will continue through the IP hooks simulated by bridge netfilter. The resulting hook order is: PREROUTING (bridge netfilter) POSTROUTING (dst_output -> ip_output) FORWARD (bridge netfilter) POSTROUTING (bridge netfilter) The deferred hooks used to abort the first POST_ROUTING invocation, but since the only thing bridge netfilter actually really wants is a new MAC address, we can avoid going through the IP stack completely by simply calling the neighbour output function directly. Tested, reported and lots of data provided by: Damien Thebault <damien.thebault@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08fix oops on rmmod capidrvKarsten Keil
patch eb36f4fc019835cecf0788907f6cab774508087b in mainline. Fix overwriting the stack with the version string (it is currently 10 bytes + zero) when unloading the capidrv module. Safeguard against overwriting it should the version string grow in the future. Should fix Kernel Bug Tracker Bug 9696. Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08libata: port and host should be stopped before hardware resources are releasedTejun Heo
This is backport of 32ebbc0c0d5d18c0135b55d1eb0029f48c54aff0 and fixes oops on driver module unload. Port / host stop calls used to be made from ata_host_release() which is called after all hardware resources acquired after host allocation are released. This is wrong as port and host stop routines often access the hardware. Add separate devres for port / host stop which is invoked right after IRQ is released but with all other hardware resources intact. The devres is added iff ->host_stop and/or ->port_stop exist. This problem has been spotted by Mark Lord. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Mark Lord <liml@rtr.ca> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08spi: omap2_mcspi PIO RX fixKalle Valo
patch feed9bab7b14b77be8d796bcee95e2343fb82955 in mainline. Before transmission of the last word in PIO RX_ONLY mode rx+tx mode is enabled: /* prevent last RX_ONLY read from triggering * more word i/o: switch to rx+tx */ if (c == 0 && tx == NULL) mcspi_write_cs_reg(spi, OMAP2_MCSPI_CHCONF0, l); But because c is decremented after the test, c will never be zero and rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers. Fix it by decrementing c in the beginning of the various I/O loops. Signed-off-by: Kalle Valo <kalle.valo@nokia.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Fix unbalanced helper_lock in kernel/kmod.cNigel Cunningham
patch 784680336b616dcc4c17cbd25add3b49c555cdeb in mainline. call_usermodehelper_exec() has an exit path that can leave the helper_lock() call at the top of the routine unbalanced. The attached patch fixes this issue. Signed-off-by: Nigel Cunningham <nigel@tuxonice.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ia64: Fix unaligned handler for floating point instructions with base updateLuck, Tony
commit 1a499150e4ec1299232e24389f648d059ce5617a in mainline. [IA64] Fix unaligned handler for floating point instructions with base update The compiler team did the hard work for this distilling a problem in large fortran application which showed up when applied to a 290MB input data set down to this instruction: ldfd f34=[r17],-8 Which they noticed incremented r17 by 0x10 rather than decrementing it by 8 when the value in r17 caused an unaligned data fault. I tracked it down to some bad instruction decoding in unaligned.c. The code assumes that the 'x' bit can determine whether the instruction is an "ldf" or "ldfp" ... which it is for opcode=6 (see table 4-29 on page 3:302 of the SDM). But for opcode=7 the 'x' bit is irrelevent, all variants are "ldf" instructions (see table 4-36 on page 3:306). Note also that interpreting the instruction as "ldfp" means that the "paired" floating point register (f35 in the example here) will also be corrupted. Signed-off-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08sata_promise: ASIC PRD table bug workaroundMikael Pettersson
patch 03116d67e0973bb493fe9307e28973a24a272bcc in mainline. Second-generation Promise SATA controllers have an ASIC bug which can trigger if the last PRD entry is larger than 164 bytes, resulting in intermittent errors and possible data corruption. Work around this by replacing calls to ata_qc_prep() with a private version that fills the PRD, checks the size of the last entry, and if necessary splits it to avoid the bug. Also reduce sg_tablesize by 1 to accommodate the new entry. Tested on the second-generation SATA300 TX4 and SATA300 TX2plus, and the first-generation PDC20378. Thanks to Alexander Sabourenkov for verifying the bug by studying the vendor driver, and for writing the initial patch upon which this one is based. Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)Nick Piggin
Drivers that register a ->fault handler, but do not range-check the offset argument, must set VM_DONTEXPAND in the vm_flags in order to prevent an expanding mremap from overflowing the resource. I've audited the tree and attempted to fix these problems (usually by adding VM_DONTEXPAND where it is not obvious). Signed-off-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08knfsd: Allow NFSv2/3 WRITE calls to succeed when krb5i etc is used.NeilBrown
patch ba67a39efde8312e386c6f603054f8945433d91f in mainline. When RPCSEC/GSS and krb5i is used, requests are padded, typically to a multiple of 8 bytes. This can make the request look slightly longer than it really is. As of f34b95689d2ce001c "The NFSv2/NFSv3 server does not handle zero length WRITE request correctly", the xdr decode routines for NFSv2 and NFSv3 reject requests that aren't the right length, so krb5i (for example) WRITE requests can get lost. This patch relaxes the appropriate test and enhances the related comment. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: Peter Staubach <staubach@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08md: fix data corruption when a degraded raid5 array is reshapedDan Williams
patch 0f94e87cdeaaac9f0f9a28a5dd2a5070b87cd3e8 in mainline. We currently do not wait for the block from the missing device to be computed from parity before copying data to the new stripe layout. The change in the raid6 code is not techincally needed as we don't delay data block recovery in the same way for raid6 yet. But making the change now is safer long-term. This bug exists in 2.6.23 and 2.6.24-rc Signed-off-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08security: protect from stack expantion into low vm addressesEric Paris
patch 8869477a49c3e99def1fcdadd6bbc407fea14b45 in mainline. Add security checks to make sure we are not attempting to expand the stack into memory protected by mmap_min_addr Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08VM/Security: add security hook to do_brk (CVE-2007-6434)Eric Paris
patch ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5 in mainline. VM/Security: add security hook to do_brk Given a specifically crafted binary do_brk() can be used to get low pages available in userspace virtual memory and can thus be used to circumvent the mmap_min_addr low memory protection. Add security checks in do_brk(). Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Alan Cox <alan@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: maximilian attems <max@stro.at> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08m68k: Export cachectl.hMatthew Wilcox
patch e92042e5c009d84ba741ec4a978a13f260e6ee24 in mainline. m68k: Export cachectl.h libffi in GCC 4.2 needs cachectl.h to do its cache flushing. But we don't currently export it. I believe this patch should do the trick. Signed-off-by: Matthew Wilcox <matthew@wil.cx> Cc: maximilian attems <max@stro.at> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08CIFS: Respect umask when using POSIX mkdirSteve French
patch a8cd925f74c3b1b6d1192f9e75f9d12cc2ab148a in mainline. [CIFS] Respect umask when using POSIX mkdir When making a directory with POSIX mkdir calls, cifs_mkdir does not respect the umask. This patch causes the new POSIX mkdir to create with the right mode Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com> Cc: maximilian attems <max@stro.at> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: fix open count handling in input interfacesOliver Neukum
patch 064450140f1eab959bd0eca0245f449993216074 in mainline. If input_open_device() fails we should not leave interfaces marked as opened. Signed-off-by: Oliver Neukum <oneukum@suse.de> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: tsdev - implement proper lockingDmitry Torokhov
patch b9d2d110b10f7b4788d0fdd328cf57e34b767817 in mainline. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: joydev - implement proper lockingDmitry Torokhov
patch b126207ccdfe492fbc339c18d4898b1b5353fc6b in mainline. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: mousedev - implement proper lockingDmitry Torokhov
patch 464b241575f3700e14492e34f26bcd1794280f55 in mainline. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: evdev - implement proper lockingDmitry Torokhov
patch 6addb1d6de1968b84852f54561cc9a999909b5a9 in mainline. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Input: implement proper locking in input coreDmitry Torokhov
patch 8006479c9b75fb6594a7b746af3d7f1fbb68f18f in mainline. Also add some kerneldoc documentation to input.h Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08cxgb: fix statsDivy Le Ray
patch e0348b9ae5374f9a24424ae680bcd80724415f60 in mainline. Fix MAC stats accounting. Fix get_stats. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08cxgb: fix T2 GSODivy Le Ray
patch 7832ee034b6ef78aab020c9ec1348544cd65ccbd in mainline. The patch ensures that a GSO skb has enough headroom to push an encapsulating cpl_tx_pkt_lso header. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08chelsio: Fix skb->dev settingDivy Le Ray
patch 7de6af0f23b25df8da9719ecae1916b669d0b03d in mainline. eth_type_trans() now sets skb->dev. Access skb->def after it gets set. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08quicklists: Only consider memory that can be used with GFP_KERNELChristoph Lameter
patch 96990a4ae979df9e235d01097d6175759331e88c in mainline. Quicklists calculates the size of the quicklists based on the number of free pages. This must be the number of free pages that can be allocated with GFP_KERNEL. node_page_state() includes the pages in ZONE_HIGHMEM and ZONE_MOVABLE which may lead the quicklists to become too large causing OOM. Signed-off-by: Christoph Lameter <clameter@sgi.com> Tested-by: Dhaval Giani <dhaval@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08quicklists: do not release off node pages earlyChristoph Lameter
patch ed367fc3a7349b17354c7acef551533337764859 in mainline. quicklists must keep even off node pages on the quicklists until the TLB flush has been completed. Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Dhaval Giani <dhaval@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08vfs: coredumping fix (CVE-2007-6206)Ingo Molnar
vfs: coredumping fix patch c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in mainline fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043 only allow coredumping to the same uid that the coredumping task runs under. Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Alan Cox <alan@redhat.com> Acked-by: Christoph Hellwig <hch@lst.de> Acked-by: Al Viro <viro@ftp.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: maximilian attems <max@stro.at> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08Freezer: Fix APM emulation breakageRafael J. Wysocki
The APM emulation is currently broken as a result of commit 831441862956fffa17b9801db37e6ea1650b0f69 "Freezer: make kernel threads nonfreezable by default" that removed the PF_NOFREEZE annotations from apm_ioctl() without adding the appropriate freezer hooks. Fix it and remove the unnecessary variable flags from apm_ioctl(). This problem has been fixed in the mainline by commit cb43c54ca05c01533c45e4d3abfe8f99b7acf624 "Freezer: Fix APM emulation breakage". Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08clockevents: fix reprogramming decision in oneshot broadcastThomas Gleixner
patch cdc6f27d9e3c2f7ca1a3e19c6eabb1ad6a2add5d in mainline. A previous version of the code did the reprogramming of the broadcast device in the return from idle code. This was removed, but the logic in tick_handle_oneshot_broadcast() was kept the same. When a broadcast interrupt happens we signal the expiry to all CPUs which have an expired event. If none of the CPUs has an expired event, which can happen in dyntick mode, then we reprogram the broadcast device. We do not reprogram otherwise, but this is only correct if all CPUs, which are in the idle broadcast state have been woken up. The code ignores, that there might be pending not yet expired events on other CPUs, which are in the idle broadcast state. So the delivery of those events can be delayed for quite a time. Change the tick_handle_oneshot_broadcast() function to check for CPUs, which are in broadcast state and are not woken up by the current event, and enforce the rearming of the broadcast device for those CPUs. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-08USB: update sierra.c with latest device ids that are in 2.6.24-rc7Greg Kroah-Hartman
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08CRYPTO: padlock: Fix spurious ECB page faultHerbert Xu
[CRYPTO] padlock: Fix spurious ECB page fault [ Upstream commit: d4a7dd8e637b322faaa934ffcd6dd07711af831f ] [ Upstream commit: 490fe3f05be3f7c87d7932bcb6e6e53e3db2cd9c ] The xcryptecb instruction always processes an even number of blocks so we need to ensure th existence of an extra block if we have to process an odd number of blocks. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08PM: ACPI and APM must not be enabled at the same timeLen Brown
patch 9f9adecd2d0e4f88fa0e8cb06c6ec207748df70a in mainline. ACPI and APM used "pm_active" to guarantee that they would not be simultaneously active. But pm_active was recently moved under CONFIG_PM_LEGACY, so that without CONFIG_PM_LEGACY, pm_active became a NOP -- allowing ACPI and APM to both be simultaneously enabled. This caused unpredictable results, including boot hangs. Further, the code under CONFIG_PM_LEGACY is scheduled for removal. So replace pm_active with pm_flags. pm_flags depends only on CONFIG_PM, which is present for both CONFIG_APM and CONFIG_ACPI. http://bugzilla.kernel.org/show_bug.cgi?id=9194 Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ACPI: apply quirk_ich6_lpc_acpi to more ICH8 and ICH9Zhao Yakui
patch d1ec7298fcefd7e4d1ca612da402ce9e5d5e2c13 in mainline. It is important that these resources be reserved to avoid conflicts with well known ACPI registers. Signed-off-by: Zhao Yakui <yakui.zhao@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ACPICA: fix acpi_serialize hang regressionBob Moore
patch 014d433f35d7f34b55dcc7b57c7635aaefc3757f in mainline. http://bugzilla.kernel.org/show_bug.cgi?id=8171 Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ACPI: Not register gsi for PCI IDE controller in legacy modeAlan Cox
patch 96c2a8766bf4fe91abac863749c11637fabcc64f in mainline. When PCI IDE controller works in legacy mode and no PRT entry is found in ACPI PRT table, OSPM will neither read the irq number from the IDE PCI configuration space nor call the function of acpi_register_gsi to register gsi. http://bugzilla.kernel.org/show_bug.cgi?id=5637 Signed-off-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Zhao Yakui <yakui.zhao@intel.com> Signed-off-by: Zhang Rui <rui.zhang@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08ACPICA: fix acpi-cpufreq boot crash due to _PSD return-by-referenceBob Moore
patch 152c300d007c70c4a1847dad39ecdaba22e7d457 in mainline. Changed resolution of named references in packages Fixed a problem with the Package operator where all named references were created as object references and left otherwise unresolved. According to the ACPI specification, a Package can only contain Data Objects or references to control methods. The implication is that named references to Data Objects (Integer, Buffer, String, Package, BufferField, Field) should be resolved immediately upon package creation. This is the approach taken with this change. References to all other named objects (Methods, Devices, Scopes, etc.) are all now properly created as reference objects. http://bugzilla.kernel.org/show_bug.cgi?id=5328 http://bugzilla.kernel.org/show_bug.cgi?id=9429 Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08SPARC64: Implement pci_resource_to_user()David Miller
[SPARC64]: Implement pci_resource_to_user() [ Upstream commit: bcea1db16ba1c45ccebb3bfb8441642d1342c4d5 ] This makes libpciaccess able to mmap() resources of the device properly. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08SPARC64: Fix OOPS in dma_sync_*_for_device()David Miller
[SPARC64]: Fix OOPS in dma_sync_*_for_device() [ Upstream commit: 36bb61346d9e64b55285f27363e93a6e96f2abba ] I included these operations vector cases for situations where we never need to do anything, the entries aren't filled in by any implementation, so we OOPS trying to invoke NULL pointer functions. Really make them NOPs, to fix the bug. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08CASSINI: Set skb->truesize properly on receive packets.David Miller
[ Upstream commit: d011a231675b240157a3c335dd53e9b849d7d30d ] skb->truesize was not being incremented at all to reflect the page based data added to RX SKBs. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08CASSINI: Revert 'dont touch page_count'.David Miller
[ Upstream commit: 9de4dfb4c7176e5bb232a21cdd8df78da2b15cac ] This reverts changeset fa4f0774d7c6cccb4d1fda76b91dd8eddcb2dd6a ([CASSINI]: dont touch page_count) because it breaks the driver. The local page counting added by this changeset did not account for the asynchronous page count changes done by kfree_skb() and friends. The change adds extra atomics and on top of it all appears to be totally unnecessary as well. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08CASSINI: Fix endianness bug.Al Viro
[ Upstream commit: e5e025401f6e926c1d9dc3f3f2813cf98a2d8708 ] Here's proposed fix for RX checksum handling in cassini; it affects little-endian working with half-duplex gigabit, but obviously needs testing on big-endian too. The problem is, we need to convert checksum to fixed-endian *before* correcting for (unstripped) FCS. On big-endian it won't matter (conversion is no-op), on little-endian it will, but only if FCS is not stripped by hardware; i.e. in half-duplex gigabit mode when ->crc_size is set. cassini.c part is that fix, cassini.h one consists of trivial endianness annotations. With that applied the sucker is endian-clean, according to sparse. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08IPV4: ip_gre: set mac_header correctly in receive pathTimo Teras
[IPV4] ip_gre: set mac_header correctly in receive path [ Upstream commit: 1d0691674764098304ae4c63c715f5883b4d3784 ] mac_header update in ipgre_recv() was incorrectly changed to skb_reset_mac_header() when it was introduced. Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-08NET: Correct two mistaken skb_reset_mac_header() conversions.David Miller
[NET]: Correct two mistaken skb_reset_mac_header() conversions. [ Upstream commit: c6e6ca712b5cc06a662f900c0484d49d7334af64 ] This operation helper abstracts: skb->mac_header = skb->data; but it was done in two more places which were actually: skb->mac_header = skb->network_header; and those are corrected here. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>