David S. Miller [Fri, 20 Jan 2006 12:31:34 +0000 (04:31 -0800)]
[PATCH] Make second arg to skb_reserved() signed.
Some subsystems, such as PPP, can send negative values
here. It just happened to work correctly on 32-bit with
an unsigned value, but on 64-bit this explodes.
Figured out by Paul Mackerras based upon several PPP crash
reports.
Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ensure a consistent value is read from the STICK register by ensuring
that both high and low are read without high changing due to a roll
over of the low register.
Various Debian/SPARC users (myself include) have noticed problems with
Hummingbird based systems. The symptoms are that the system time is
seen to jump forward 3 days, 6 hours, 11 minutes give or take a few
seconds. In many cases the system then hangs some time afterwards.
I've spotted a race condition in the code to read the STICK register.
I could not work out why 3d, 6h, 11m is important but guess that it is
due to the 2^32 jump of STICK (forwards on one read and then the next
read will seem to be backwards) during a timer interrupt. I'm guessing
that a change of -2^32 will get converted to a large unsigned
increment after the arithmetic manipulation between STICK,
nanoseconds, jiffies etc.
I did a test where I modified __hbird_read_stick to artificially
inject rollover faults forcefully every few seconds. With this I saw
the clock jump over 6 times in 12 hours compared to once every month
or so.
Signed-off-by: Richard Mortimer <richm@oldelvet.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Evgeniy [Fri, 13 Jan 2006 15:12:15 +0000 (18:12 +0300)]
[PATCH] Fix oops in ufs_fill_super at mount time
There's a lack of parenthesis in fs/ufs/utils.h, so instead of the 512th
byte of buffer, the usb2 pointer will point to the nth structure of type
ufs_super_block_second.
This can cause a mount-time oops if you're unlucky (especially with
DEBUG_PAGEALLOC, which is how Alexey Dobriyan saw this problem)
Alexander Viro [Sat, 14 Jan 2006 20:29:55 +0000 (15:29 -0500)]
[PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open (CVE-2005-3356)
Fixed the refcounting on failure exits in sys_mq_open() and
cleaned the logics up. Rules are actually pretty simple - dentry_open()
expects vfsmount and dentry to be pinned down and it either transfers
them into created struct file or drops them. Old code had been very
confused in that area - if dentry_open() had failed either in do_open()
or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
by dentry_open() cleanup and then by sys_mq_open().
Fix consists of making the rules for do_create() and do_open()
same as for dentry_open() and updating the sys_mq_open() accordingly;
that actually leads to more straightforward code and less work on
normal path.
Signed-off-by: Al Viro <aviro@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jens Axboe [Mon, 9 Jan 2006 19:15:33 +0000 (11:15 -0800)]
[PATCH] Kill blk_attempt_remerge()
[BLOCK] Kill blk_attempt_remerge()
It's a broken interface, it's done way too late. And apparently it triggers
slab problems in recent kernels as well (most likely after the generic dispatch
code was merged). So kill it, ide-cd is the only user of it.
Signed-off-by: Jens Axboe <axboe@suse.de>
chrisw: backport to 2.6.15 tree Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clemens Ladisch [Thu, 12 Jan 2006 08:44:29 +0000 (09:44 +0100)]
[PATCH] usb-audio: don't use empty packets at start of playback
Some widespread USB interface chips with adaptive iso endpoints hang
after receiving a series of empty packets when they expect data. This
completely disables audio playback on those devices. To avoid this, we
have to send packets containing silence (zero samples) instead.
Martin Murray [Wed, 11 Jan 2006 05:02:29 +0000 (21:02 -0800)]
[PATCH] Fix DoS in netlink_rcv_skb() (CVE-2006-0035)
Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can
cause infinite loop in kernel, effectively DoSing machine. Noted by
Martin Murray.
Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Problem narrowed down by Luis F. Ortiz and Richard Mortimer.
I tried using %l2 as suggested by Luis and that works for me.
Looking at the code I wonder if it makes sense to simplify the code
a little bit. The following works for me but I'm not sure how to
exercise the "NOERROR" codepath.
Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Bart De Schuymer [Tue, 10 Jan 2006 21:13:45 +0000 (13:13 -0800)]
[PATCH] Don't match tcp/udp source/destination port for IP fragments
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Patrick McHardy [Tue, 10 Jan 2006 01:00:07 +0000 (02:00 +0100)]
[PATCH] Fix another crash in ip_nat_pptp (CVE-2006-0037)
The PPTP NAT helper calculates the offset at which the packet needs
to be mangled as difference between two pointers to the header. With
non-linear skbs however the pointers may point to two seperate buffers
on the stack and the calculation results in a wrong offset beeing
used.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Patrick McHardy [Tue, 10 Jan 2006 01:00:07 +0000 (02:00 +0100)]
[PATCH] Fix crash in ip_nat_pptp (CVE-2006-0036)
When an inbound PPTP_IN_CALL_REQUEST packet is received the
PPTP NAT helper uses a NULL pointer in pointer arithmentic to
calculate the offset in the packet which needs to be mangled
and corrupts random memory or crashes.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Kirill Korotaev [Mon, 9 Jan 2006 14:42:42 +0000 (17:42 +0300)]
[PATCH] netlink oops fix due to incorrect error code
Fixed oops after failed netlink socket creation.
Wrong parathenses in if() statement caused err to be 1,
instead of negative value.
Trivial fix, not trivial to find though.
Nathan Lynch [Sun, 8 Jan 2006 09:05:12 +0000 (01:05 -0800)]
[PATCH] fix workqueue oops during cpu offline
Use first_cpu(cpu_possible_map) for the single-thread workqueue case. We
used to hardcode 0, but that broke on systems where !cpu_possible(0) when
workqueue_struct->cpu_workqueue_struct was changed from a static array to
alloc_percpu.
Commit id bce61dd49d6ba7799be2de17c772e4c701558f14 ("Fix hardcoded cpu=0 in
workqueue for per_cpu_ptr() calls") fixed that for Ben's funky sparc64
system, but it regressed my Power5. Offlining cpu 0 oopses upon the next
call to queue_work for a single-thread workqueue, because now we try to
manipulate per_cpu_ptr(wq->cpu_wq, 1), which is uninitialized.
So we need to establish an unchanging "slot" for single-thread workqueues
which will have a valid percpu allocation. Since alloc_percpu keys off of
cpu_possible_map, which must not change after initialization, make this
slot == first_cpu(cpu_possible_map).
Signed-off-by: Nathan Lynch <ntl@pobox.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Samuel Thibault [Sun, 15 Jan 2006 06:15:28 +0000 (22:15 -0800)]
[PATCH] vgacon: fix doublescan mode
When doublescan mode is in use, scanlines must be doubled.
Thanks to Jason Dravet <dravet@hotmail.com> for reporting and testing.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
It still compiles as there's a weak definition of the function in
misc-embedded.c, but the kernel crashes as the bd_t fixup isn't performed.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Luis F. Ortiz [Thu, 5 Jan 2006 21:19:46 +0000 (13:19 -0800)]
[PATCH] Fix onboard video on SPARC Blade 100 for 2.6.{13,14,15}
I have recently been switching from using 2.4.32 on my trusty
old Sparc Blade 100 to using 2.6.15 . Some of the problems I ran into
were distorted video when the console was active (missing first
character, skipped dots) and when running X windows (colored snow,
stripes, missing pixels). A quick examination of the 2.6 versus 2.4
source for the ATY driver revealed alot of changes.
A closer look at the code/data for the 64GR/XL chip revealed
two minor "typos" that the rewriter(s) of the code made. The first is
a incorrect clock value (230 .vs. 235) and the second is a missing
flag (M64F_SDRAM_MAGIC_PLL). Making both these changes seems to have
fixed my problem. I tend to think the 235 value is the correct one,
as there is a 29.4 Mhz clock crystal close to the video chip and 235.2
(29.4*8) is too close to 235 to make it a coincidence.
The flag for M64F_SDRAM_MAGIC_PLL was dropped during the
changes made by adaplas in file revision 1.72 on the old bitkeeper
repository.
The change relating to the clock rate has been there forever,
at least in the 2.6 tree. I'm not sure where to look for the old 2.5
tree or if anyone cares when it happened.
On SPARC Blades 100's, which use the ATY MACH64GR video chipset, the
clock crystal frequency is 235.2 Mhz, not 230 Mhz. The chipset also
requires the use of M64F_SDRAM_MAGIC_PLL in order to setup the PLL
properly for the DRAM.
Signed-off-by: Luis F. Ortiz <lfo@Polyad.Org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] skge: handle out of memory on ring changes
Please consider this for 2.6.15.1; it fixes several cases where
the skge driver can get in a bad state and later crash; if an
admin operation that causes a restart fails from out of memory.
Such as changing the MTU or increasing the ring size.
The fixes involve checking the return value and doing necessary
unwinds. Or in some cases avoiding doing a full restart.
The same code is the netdev-2.6 tree for 2.6.16 but as separate pieces
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] BRIDGE: Fix faulty check in br_stp_recalculate_bridge_id()
There is a regression in 2.6.15.
One of the conversions from memcmp to compare_ether_addr is incorrect.
We need to do relative comparison to determine min MAC address to
use in bridge id. This will cause the wrong bridge id to be chosen
which violates 802.1d Spanning Tree Protocol, and may create forwarding
loops.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
However, asm/param.h is sometimes used in userland (it is included
indirectly from <sys/param.h>), so your commit pollutes the userland
namespace with tons of CONFIG_FOO macros. This greatly confuses
software packages (such as BusyBox) which use CONFIG_FOO macros
themselves to control the inclusion of optional features.
After a short exchange, Christoph approved this patch
Some G5s still occasionally experience shutdowns due to overtemp
conditions despite the recent fix. After analyzing logs from such
machines, it appears that the overtemp code is a bit too quick at
shutting the machine down when reaching the critical temperature (tmax +
8) and doesn't leave the fan enough time to actually cool it down. This
happens if the temperature of a CPU suddenly rises too high in a very
short period of time, or occasionally on boot (that is the CPUs are
already overtemp by the time the driver loads).
This patches makes the code a bit more relaxed, leaving a few seconds to
the fans to do their job before kicking the machine shutown.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Sun, 1 Jan 2006 01:00:29 +0000 (17:00 -0800)]
sysctl: make sure to terminate strings with a NUL
This is a slightly more complete fix for the previous minimal sysctl
string fix. It always terminates the returned string with a NUL, even
if the full result wouldn't fit in the user-supplied buffer.
The returned length is the full untruncated length, so that you can
tell when truncation has occurred.
Yi Yang [Fri, 30 Dec 2005 08:37:10 +0000 (16:37 +0800)]
[PATCH] Fix false old value return of sysctl
For the sysctl syscall, if the user wants to get the old value of a
sysctl entry and set a new value for it in the same syscall, the old
value is always overwritten by the new value if the sysctl entry is of
string type and if the user sets its strategy to sysctl_string. This
issue lies in the strategy being run twice if the strategy is set to
sysctl_string, the general strategy sysctl_string always returns 0 if
success.
Such strategy routines as sysctl_jiffies and sysctl_jiffies_ms return 1
because they do read and write for the sysctl entry.
The strategy routine sysctl_string return 0 although it actually read
and write the sysctl entry.
According to my analysis, if a strategy routine do read and write, it
should return 1, if it just does some necessary check but not read and
write, it should return 0, for example sysctl_intvec.
Signed-off-by: Yi Yang <yang.y.yi@gmail.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Sat, 31 Dec 2005 01:18:53 +0000 (17:18 -0800)]
sysctl: don't overflow the user-supplied buffer with '\0'
If the string was too long to fit in the user-supplied buffer,
the sysctl layer would zero-terminate it by writing past the
end of the buffer. Don't do that.
Linus Torvalds [Fri, 30 Dec 2005 16:39:10 +0000 (08:39 -0800)]
Insanity avoidance in /proc
The old /proc interfaces were never updated to use loff_t, and are just
generally broken. Now, we should be using the seq_file interface for
all of the proc files, but converting the legacy functions is more work
than most people care for and has little upside..
But at least we can make the non-LFS rules explicit, rather than just
insanely wrapping the offset or something.
Erik Hovland [Fri, 30 Dec 2005 15:57:35 +0000 (15:57 +0000)]
[ARM] 3216/1: indent and typo in drivers/serial/pxa.c
Patch from Erik Hovland
This patch provides two changes. An indent is supplied for an if/else clause so that it is more readable. An acronym is incorrectly typed as UER when it should be IER.
Signed-off-by: Erik Hovland <erik@hovland.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jean Delvare [Thu, 29 Dec 2005 21:07:30 +0000 (22:07 +0100)]
[PATCH] Simplify the VIDEO_SAA7134_OSS Kconfig dependency line
Thanks to Roman Zippel for the suggestion.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
[ Short explanation: Kconfig uses ternary math: n/m/y, and !m is m ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
that changed the GART VM start offset. It fixed some machines, but
seems to continually interact badly with some X versions.
Quoth Ben Herrenschmidt:
"So I think at this point, the best is that we keep the old bogus code
that at least is consistent with the bug in the server. I'm working on a
big patch to X that reworks the memory map stuff completely and fixes
those issues on the server side, I'll do a DRM patch matching this X fix
as well so that the memory map is only ever set in one place and with
what I hope is a correct algorithm..."
Anton Blanchard [Wed, 28 Dec 2005 23:46:29 +0000 (10:46 +1100)]
[PATCH] ppc64: htab_initialize_secondary cannot be marked __init
Sonny has noticed hotplug CPU on ppc64 is broken in 2.6.15-*. One of the
problems is that htab_initialize_secondary is called when a cpu is being
brought up, but it is marked __init.
Signed-off-by: Anton Blanchard <anton@samba.org> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Dave Jones [Thu, 29 Dec 2005 01:01:04 +0000 (20:01 -0500)]
[PATCH] fix ia64 compile failure with gcc4.1
__get_unaligned creates a typeof the var its passed, and writes to it,
which on gcc4.1, spits out the following error:
drivers/char/vc_screen.c: In function 'vcs_write':
drivers/char/vc_screen.c:422: error: assignment of read-only variable 'val'
Signed-off-by: Dave Jones <davej@redhat.com>
[ The "right" fix would be to try to fix <asm-generic/unaligned.h>
but that's hard to do with the tools gcc gives us. So this
simpler patch is preferable -- Linus ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml: fix compilation with CONFIG_MODE_TT disabled
Fix UML compilation when SKAS mode is disabled. Indeed, we were compiling
SKAS-only object files, which failed due to some SKAS-only headers being
excluded from the search path.
Thanks to the bug report from Pekka J Enberg.
Acked-by: Pekka J Enberg <penberg (at) cs ! helsinki ! fi> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Hostfs: update for new glibc - add missing symbol exports
Today, when compiling UML, I got warnings for two used unexported symbols:
readdir64 and truncate64. Indeed, my glibc headers are aliasing readdir to
readdir64 and truncate to truncate64 (and so on).
I'm then adding additional exports. Since I've no idea if the symbols where
always provided in the supported glibc's, I've added weak definitions too.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml: hostfs - fix possible PAGE_CACHE_SHIFT overflows
Prevent page->index << PAGE_CACHE_SHIFT from overflowing.
There is a casting there, but was added without care, so it's at the wrong
place. Note the extra parens around the shift - "+" is higher precedence than
"<<", leading to a GCC warning which saved all us.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Trivial removal of unused variable from this file - doesn't even change the
generated assembly code, in fact (gcc should trigger a warning for unused value
here).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Don't use printk() where "current_thread_info()" is crap.
Until when we switch to running on init_stack, current_thread_info() evaluates
to crap. Printk uses "current" at times (in detail, ¤t is evaluated with
CONFIG_DEBUG_SPINLOCK to check the spinlock owner task).
And this leads to random segmentation faults.
Exactly, what happens is that ¤t = *(current_thread_info()), i.e. round
down $esp and dereference the value. I.e. access the stack below $esp, which
causes SIGSEGV on a VM_GROWSDOWN vma (see arch/i386/mm/fault.c).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Wed, 28 Dec 2005 21:27:04 +0000 (13:27 -0800)]
[SERMOUSE]: Sun mice speak 5-byte protocol too.
Noticed by Christophe Zimmerman, this explains the slow mouse movement
with 2.6.x kernels.
And checking the 2.4.x drivers/sbus/char/sunmouse.c driver shows we
always used a 5-byte protocol with Sun mice in the past. I have no
idea how the 3-byte thing got into the 2.6.x driver, but it's surely
wrong.
Signed-off-by: David S. Miller <davem@davemloft.net>
Chris Elmquist [Tue, 20 Dec 2005 21:25:19 +0000 (13:25 -0800)]
[TG3]: ethtool -d hangs PCIe systems
Resubmitting after recommendation to use GET_REG32_1() instead of
GET_REG32_LOOP(..., 1). Retested. Problem remains fixed.
Prevent tg3_get_regs() from reading reserved and undocumented registers
at RX_CPU_BASE and TX_CPU_BASE offsets which caused hostile behavior
on PCIe platforms.
Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] Fix more radeon GART start calculation cases
As reported by Jules Villard <jvillard@ens-lyon.fr> and some others, the
recent GART aperture start reconfiguration causes problems on some
setups.
What I _think_ might be happening is that the X server is also trying to
muck around with the card memory map and is forcing it back into a wrong
setting that also happens to no longer match what the DRM wants to do
and blows up. There are bugs all over the place in that code (and still
some bugs in the DRM as well anyway).
This patch attempts to avoid that by using the largest of the 2 values,
which I think will cause it to behave as it used to for you and will
still fix the problem with machines that have an aperture size smaller
than the video memory.
David L Stevens [Tue, 27 Dec 2005 22:03:00 +0000 (14:03 -0800)]
[IPV6] mcast: Fix multiple issues in MLDv2 reports.
The below "jumbo" patch fixes the following problems in MLDv2.
1) Add necessary "ntohs" to recent "pskb_may_pull" check [breaks
all nonzero source queries on little-endian (!)]
2) Add locking to source filter list [resend of prior patch]
3) fix "mld_marksources()" to
a) send nothing when all queried sources are excluded
b) send full exclude report when source queried sources are
not excluded
c) don't schedule a timer when there's nothing to report
NOTE: RFC 3810 specifies the source list should be saved and each
source reported individually as an IS_IN. This is an obvious DOS
path, requiring the host to store and then multicast as many sources
as are queried (e.g., millions...). This alternative sends a full,
relevant report that's limited to number of sources present on the
machine.
4) fix "add_grec()" to send empty-source records when it should
The original check doesn't account for a non-empty source
list with all sources inactive; the new code keeps that
short-circuit case, and also generates the group header
with an empty list if needed.
5) fix mca_crcount decrement to be after add_grec(), which needs
its original value
These issues (other than item #1 ;-) ) were all found by Yan Zheng,
much thanks!
Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David Kimdon [Tue, 27 Dec 2005 01:27:10 +0000 (17:27 -0800)]
[BR_NETFILTER]: Fix leak if skb traverses > 1 bridge
Call nf_bridge_put() before allocating a new nf_bridge structure and
potentially overwriting the pointer to a previously allocated one.
This fixes a memory leak which can occur when the bridge topology
allows for an skb to traverse more than one bridge.
Signed-off-by: David Kimdon <david.kimdon@devicescape.com> Signed-off-by: David S. Miller <davem@davemloft.net>
James Bottomley [Mon, 26 Dec 2005 15:58:49 +0000 (09:58 -0600)]
[PATCH] Fix Fibre Channel boot oops
The oops is characteristic of the underlying device being removed from
visibility before the class device, and sure enough we do device_del()
before transport_unregister() in the scsi_target_reap() routines. I've
no idea why this is suddenly showing up, since the code has been in
there since that function was first invented. However, I've confirmed
this fixes Andrew Vasquez's boot oops.
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Kurt Huwig [Sat, 24 Dec 2005 23:13:08 +0000 (00:13 +0100)]
[PATCH] n_r3964: fixed usage of HZ; removed bad include
Fix n_r3964 timeouts (hardcoded for 100Hz)
Also the include of <asm/termios.h> in 'n_r3964.h' is unnecessary and
prevents using the header file in any application that has to include
<termios.h> due to duplicate definition of 'struct termio'.
[PATCH] x86_64/ia64 : Fix compilation error for node_to_first_cpu
Fixes a compiler error in node_to_first_cpu, __ffs expects unsigned long as
a parameter; instead cpumask_t was being passed. The macro
node_to_first_cpu was not yet used in x86_64 and ia64 arches, and so we never
hit this. This patch replaces __ffs with first_cpu macro, similar to other
arches.
Signed-off-by: Alok N Kataria <alokk@calsoftinc.com> Signed-off-by: Ravikiran G Thirumalai <kiran@scalex86.org> Signed-off-by: Shai Fultheim <shai@scalex86.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Sat, 24 Dec 2005 03:54:46 +0000 (19:54 -0800)]
[PATCH] Fix memory ordering problem in wake_futex()
Fix a memory ordering problem that occurs on IA64. The "store" to q->lock_ptr
in wake_futex() can become visible before wake_up_all() clears the lock in the
futex_q.
Manfred Spraul [Sat, 24 Dec 2005 13:19:24 +0000 (14:19 +0100)]
[PATCH] forcedeth: fix random memory scribbling bug
Two critical bugs were found in forcedeth 0.47:
- TSO doesn't work.
- pci_map_single() for the rx buffers is called with size==0. This bug
is critical, it causes random memory corruptions on systems with an
iommu.
Below is a minimal fix for both bugs, for 2.6.15.
TSO will be fixed properly in the next version. Tested on x86-64.
Frank Pavlic [Tue, 13 Dec 2005 07:22:30 +0000 (08:22 +0100)]
[PATCH] s390: minor qeth network driver fixes
[patch 2/3] s390: minor qeth network driver fixes
From: Frank Pavlic <pavlic@de.ibm.com>
- use netif_carrier_on/off calls to tell network stack
link carrier state
- fix possible kfree on NULL
- PDU_LEN2 is at offset 0x29 otherwise OSN chpid won't initialize
Frank Pavlic [Tue, 13 Dec 2005 07:21:47 +0000 (08:21 +0100)]
[PATCH] s390: some minor qeth driver fixes
[patch 1/3] s390: some minor qeth driver fixes
From: Frank Pavlic <pavlic@de.ibm.com>
- let's have just one function for both ,input and output queue
to check qdio errors
- add /proc/s390dbf/qeth_qerr entries for outbound processing
- check removed for layer2 device in qeth_add_multicast_ipv6
- NULL pointer dereference with bonding and VLAN device fixed
- minimum length check for portname fixed
Tony Battersby [Wed, 21 Dec 2005 21:35:44 +0000 (16:35 -0500)]
[PATCH] fix libata inquiry VPD for ATAPI devices
The following patch prevents libata from incorrectly modifying inquiry
VPD pages and command support data from ATAPI devices. I have tested
the patch with a SATA ATAPI tape drive on an AHCI controller.
Patch is against kernel 2.4.32 with 2.4.32-libata1.patch applied.
David S. Miller [Fri, 23 Dec 2005 07:04:39 +0000 (23:04 -0800)]
[SPARC]: Kill CHILD_MAX.
It's definition is wrong (-1 means "no limit" not 999),
only the Sparc SunOS/Solaris compat code uses it, so
let's just kill it off completely from limits.h and
all referencing code.
Noticed by Ulrich Drepper.
Signed-off-by: David S. Miller <davem@davemloft.net>