| From greg@blue.kroah.org Thu Apr 20 21:34:41 2006 |
| Message-Id: <20060421043441.285173000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:54 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| James Bottomley <James.Bottomley@SteelEye.com>, |
| linuxraid@amcc.com, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 01/22] 3ware: kmap_atomic() fix |
| Content-Disposition: inline; filename=3ware-kmap_atomic-fix.patch |
| Status: RO |
| Content-Length: 1275 |
| Lines: 44 |
| |
| |
| From: Andrew Morton <akpm@osdl.org> |
| |
| We must disable local IRQs while holding KM_IRQ0 or KM_IRQ1. Otherwise, an |
| IRQ handler could use those kmap slots while this code is using them, |
| resulting in memory corruption. |
| |
| Thanks to Nick Orlov <bugfixer@list.ru> for reporting. |
| |
| Cc: <linuxraid@amcc.com> |
| Cc: James Bottomley <James.Bottomley@SteelEye.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/3w-xxxx.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- linux-2.6.16.9.orig/drivers/scsi/3w-xxxx.c |
| +++ linux-2.6.16.9/drivers/scsi/3w-xxxx.c |
| @@ -1508,10 +1508,12 @@ static void tw_transfer_internal(TW_Devi |
| struct scsi_cmnd *cmd = tw_dev->srb[request_id]; |
| void *buf; |
| unsigned int transfer_len; |
| + unsigned long flags = 0; |
| |
| if (cmd->use_sg) { |
| struct scatterlist *sg = |
| (struct scatterlist *)cmd->request_buffer; |
| + local_irq_save(flags); |
| buf = kmap_atomic(sg->page, KM_IRQ0) + sg->offset; |
| transfer_len = min(sg->length, len); |
| } else { |
| @@ -1526,6 +1528,7 @@ static void tw_transfer_internal(TW_Devi |
| |
| sg = (struct scatterlist *)cmd->request_buffer; |
| kunmap_atomic(buf - sg->offset, KM_IRQ0); |
| + local_irq_restore(flags); |
| } |
| } |
| |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:41 2006 |
| Message-Id: <20060421043441.483596000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:55 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| "James Bottomley" <James.Bottomley@steeleye.com> |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Adam Radford <linuxraid@amcc.com>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 02/22] 3ware 9000 disable local irqs during kmap_atomic |
| Content-Disposition: inline; filename=3ware-9000-disable-local-irqs-during-kmap_atomic.patch |
| Status: RO |
| Content-Length: 1294 |
| Lines: 40 |
| |
| |
| The attached patch for 2.6.17-rc2 updates the 3ware 9000 driver: |
| |
| - Disable local interrupts during kmap/unmap_atomic(). |
| |
| Signed-off-by: Adam Radford <linuxraid@amcc.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/3w-9xxx.c | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/scsi/3w-9xxx.c |
| +++ linux-2.6.16.9/drivers/scsi/3w-9xxx.c |
| @@ -85,7 +85,7 @@ |
| #include "3w-9xxx.h" |
| |
| /* Globals */ |
| -#define TW_DRIVER_VERSION "2.26.02.005" |
| +#define TW_DRIVER_VERSION "2.26.02.007" |
| static TW_Device_Extension *twa_device_extension_list[TW_MAX_SLOT]; |
| static unsigned int twa_device_extension_count; |
| static int twa_major = -1; |
| @@ -1944,9 +1944,13 @@ static void twa_scsiop_execute_scsi_comp |
| } |
| if (tw_dev->srb[request_id]->use_sg == 1) { |
| struct scatterlist *sg = (struct scatterlist *)tw_dev->srb[request_id]->request_buffer; |
| - char *buf = kmap_atomic(sg->page, KM_IRQ0) + sg->offset; |
| + char *buf; |
| + unsigned long flags = 0; |
| + local_irq_save(flags); |
| + buf = kmap_atomic(sg->page, KM_IRQ0) + sg->offset; |
| memcpy(buf, tw_dev->generic_buffer_virt[request_id], sg->length); |
| kunmap_atomic(buf - sg->offset, KM_IRQ0); |
| + local_irq_restore(flags); |
| } |
| } |
| } /* End twa_scsiop_execute_scsi_complete() */ |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:41 2006 |
| Message-Id: <20060421043441.681515000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:56 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Benjamin Herrenschmidt <benh@kernel.crashing.org>, |
| Brian Hinz <bphinz@hotmail.com>, |
| H Peter Anvin <hpa@zytor.com>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 03/22] efficeon-agp: Add missing memory mask |
| Content-Disposition: inline; filename=efficeon-agp-add-missing-memory-mask.patch |
| Status: RO |
| Content-Length: 1161 |
| Lines: 37 |
| |
| Original patch by Benjamin Herrenschmidt after debugging by Brian Hinz. |
| |
| Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
| Cc: Brian Hinz <bphinz@hotmail.com> |
| Signed-off-by: H Peter Anvin <hpa@zytor.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/char/agp/efficeon-agp.c | 8 +++++++- |
| 1 file changed, 7 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/drivers/char/agp/efficeon-agp.c |
| +++ linux-2.6.16.9/drivers/char/agp/efficeon-agp.c |
| @@ -64,6 +64,12 @@ static struct gatt_mask efficeon_generic |
| {.mask = 0x00000001, .type = 0} |
| }; |
| |
| +/* This function does the same thing as mask_memory() for this chipset... */ |
| +static inline unsigned long efficeon_mask_memory(unsigned long addr) |
| +{ |
| + return addr | 0x00000001; |
| +} |
| + |
| static struct aper_size_info_lvl2 efficeon_generic_sizes[4] = |
| { |
| {256, 65536, 0}, |
| @@ -251,7 +257,7 @@ static int efficeon_insert_memory(struct |
| last_page = NULL; |
| for (i = 0; i < count; i++) { |
| int index = pg_start + i; |
| - unsigned long insert = mem->memory[i]; |
| + unsigned long insert = efficeon_mask_memory(mem->memory[i]); |
| |
| page = (unsigned int *) efficeon_private.l1_table[index >> 10]; |
| |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:42 2006 |
| Message-Id: <20060421043441.878914000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:57 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Herbert Xu <herbert@gondor.apana.org.au>, |
| David Miller <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 04/22] : Fix truesize underflow |
| Content-Disposition: inline; filename=fix-bug.patch |
| Status: RO |
| Content-Length: 1357 |
| Lines: 41 |
| |
| |
| From: Herbert Xu <herbert@gondor.apana.org.au> |
| |
| [TCP]: Fix truesize underflow |
| |
| There is a problem with the TSO packet trimming code. The cause of |
| this lies in the tcp_fragment() function. |
| |
| When we allocate a fragment for a completely non-linear packet the |
| truesize is calculated for a payload length of zero. This means that |
| truesize could in fact be less than the real payload length. |
| |
| When that happens the TSO packet trimming can cause truesize to become |
| negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE |
| which would trigger the warning. |
| |
| I've copied the code DaveM used in tso_fragment which should work here. |
| |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: David Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv4/tcp_output.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/net/ipv4/tcp_output.c |
| +++ linux-2.6.16.9/net/ipv4/tcp_output.c |
| @@ -537,7 +537,9 @@ int tcp_fragment(struct sock *sk, struct |
| buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC); |
| if (buff == NULL) |
| return -ENOMEM; /* We'll just try again later. */ |
| - sk_charge_skb(sk, buff); |
| + |
| + buff->truesize = skb->len - len; |
| + skb->truesize -= buff->truesize; |
| |
| /* Correct the sequence numbers. */ |
| TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:42 2006 |
| Message-Id: <20060421043442.075998000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:58 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Alexander Patrakov <patrakov@ums.usu.ru>, |
| David Miller <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 05/22] : Fix hotplug race during device registration |
| Content-Disposition: inline; filename=fix-hotplug-race-during-device-registration.patch |
| Status: RO |
| Content-Length: 1289 |
| Lines: 39 |
| |
| From: Thomas de Grenier de Latour <degrenier@easyconnect.fr> |
| |
| On Sun, 9 Apr 2006 21:56:59 +0400, |
| Sergey Vlasov <vsu@altlinux.ru> wrote: |
| > However, show_address() does not output anything unless |
| > dev->reg_state == NETREG_REGISTERED - and this state is set by |
| > netdev_run_todo() only after netdev_register_sysfs() returns, so in |
| > the meantime (while netdev_register_sysfs() is busy adding the |
| > "statistics" attribute group) some process may see an empty "address" |
| > attribute. |
| |
| I've tried the attached patch, suggested by Sergey Vlasov on |
| hotplug-devel@, and as far as i can test it works just fine. |
| |
| Signed-off-by: Alexander Patrakov <patrakov@ums.usu.ru> |
| Signed-off-by: David Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/core/dev.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/net/core/dev.c |
| +++ linux-2.6.16.9/net/core/dev.c |
| @@ -2932,11 +2932,11 @@ void netdev_run_todo(void) |
| |
| switch(dev->reg_state) { |
| case NETREG_REGISTERING: |
| + dev->reg_state = NETREG_REGISTERED; |
| err = netdev_register_sysfs(dev); |
| if (err) |
| printk(KERN_ERR "%s: failed sysfs registration (%d)\n", |
| dev->name, err); |
| - dev->reg_state = NETREG_REGISTERED; |
| break; |
| |
| case NETREG_UNREGISTERING: |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:42 2006 |
| Message-Id: <20060421043442.282447000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:59 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Jean Delvare <khali@linux-fr.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 06/22] i2c-i801: Fix resume when PEC is used |
| Content-Disposition: inline; filename=i2c-i801-fix-resume-when-pec-is-used.patch |
| Status: RO |
| Content-Length: 1025 |
| Lines: 33 |
| |
| Fix for bug #6395: |
| Fail to resume on Tecra M2 with ADM1032 and Intel 82801DBM |
| |
| The BIOS of the Tecra M2 doesn't like it when it has to reboot or |
| resume after the i2c-i801 driver has left the SMBus in PEC mode. |
| I have a more complete fix for 2.6.17 but the simple approach of |
| leaving the SMBus in non-PEC mode after every transaction should do |
| for -stable. That's what the i2c-i801 driver was doing up to 2.6.15 |
| (inclusive). |
| |
| Signed-off-by: Jean Delvare <khali@linux-fr.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/i2c/busses/i2c-i801.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- linux-2.6.16.9.orig/drivers/i2c/busses/i2c-i801.c |
| +++ linux-2.6.16.9/drivers/i2c/busses/i2c-i801.c |
| @@ -478,6 +478,11 @@ static s32 i801_access(struct i2c_adapte |
| ret = i801_transaction(); |
| } |
| |
| + /* Some BIOSes don't like it when PEC is enabled at reboot or resume |
| + time, so we forcibly disable it after every transaction. */ |
| + if (hwpec) |
| + outb_p(0, SMBAUXCTL); |
| + |
| if(block) |
| return ret; |
| if(ret) |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:42 2006 |
| Message-Id: <20060421043442.480180000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:00 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| "Artem B. Bityutskiy" <dedekind@yandex.ru>, |
| dwmw2@infradead.org, |
| Adrian Bunk <bunk@stusta.de>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 07/22] MTD_NAND_SHARPSL and MTD_NAND_NANDSIM should be tristates |
| Content-Disposition: inline; filename=mtd_nand_sharpsl-and-mtd_nand_nandsim-should-be-tristate-s.patch |
| Status: RO |
| Content-Length: 1444 |
| Lines: 48 |
| |
| MTD_NAND=m and MTD_NAND_SHARPSL=y or MTD_NAND_NANDSIM=y are illegal |
| combinations that mustn't be allowed. |
| |
| This patch fixes this bug by making MTD_NAND_SHARPSL and MTD_NAND_NANDSIM |
| tristate's. |
| |
| Additionally, it fixes some whitespace damage at these options. |
| |
| This patch was already included in Linus' tree. |
| |
| Signed-off-by: Adrian Bunk <bunk@stusta.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| --- |
| drivers/mtd/nand/Kconfig | 17 ++++++++--------- |
| 1 file changed, 8 insertions(+), 9 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/mtd/nand/Kconfig |
| +++ linux-2.6.16.9/drivers/mtd/nand/Kconfig |
| @@ -178,17 +178,16 @@ config MTD_NAND_DISKONCHIP_BBTWRITE |
| Even if you leave this disabled, you can enable BBT writes at module |
| load time (assuming you build diskonchip as a module) with the module |
| parameter "inftl_bbt_write=1". |
| - |
| - config MTD_NAND_SHARPSL |
| - bool "Support for NAND Flash on Sharp SL Series (C7xx + others)" |
| - depends on MTD_NAND && ARCH_PXA |
| - |
| - config MTD_NAND_NANDSIM |
| - bool "Support for NAND Flash Simulator" |
| - depends on MTD_NAND && MTD_PARTITIONS |
| |
| +config MTD_NAND_SHARPSL |
| + tristate "Support for NAND Flash on Sharp SL Series (C7xx + others)" |
| + depends on MTD_NAND && ARCH_PXA |
| + |
| +config MTD_NAND_NANDSIM |
| + tristate "Support for NAND Flash Simulator" |
| + depends on MTD_NAND && MTD_PARTITIONS |
| help |
| The simulator may simulate verious NAND flash chips for the |
| MTD nand layer. |
| - |
| + |
| endmenu |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:42 2006 |
| Message-Id: <20060421043442.677627000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:01 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| benh@kernel.crashing.org, |
| Guido Guenther <agx@sigxcpu.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 08/22] PPC: fix oops in alsa powermac driver |
| Content-Disposition: inline; filename=re-ppc-fix-oops-in-alsa-powermac-driver.patch |
| Status: RO |
| Content-Length: 2095 |
| Lines: 65 |
| |
| this fixes an oops in 2.6.16.X when loading the snd_powermac module. The |
| name of the requested module changed during the 2.6.16 development cycle |
| from i2c-keylargo to i2c-powermac: |
| |
| Signed-off-by: Guido Guenther <agx@sigxcpu.org> |
| Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/macintosh/therm_adt746x.c | 4 ++-- |
| sound/oss/dmasound/tas_common.c | 4 ++-- |
| sound/ppc/daca.c | 2 +- |
| sound/ppc/tumbler.c | 2 +- |
| 4 files changed, 6 insertions(+), 6 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/macintosh/therm_adt746x.c |
| +++ linux-2.6.16.9/drivers/macintosh/therm_adt746x.c |
| @@ -627,8 +627,8 @@ thermostat_init(void) |
| if(therm_type == ADT7460) |
| device_create_file(&of_dev->dev, &dev_attr_sensor2_fan_speed); |
| |
| -#ifndef CONFIG_I2C_KEYWEST |
| - request_module("i2c-keywest"); |
| +#ifndef CONFIG_I2C_POWERMAC |
| + request_module("i2c-powermac"); |
| #endif |
| |
| return i2c_add_driver(&thermostat_driver); |
| --- linux-2.6.16.9.orig/sound/oss/dmasound/tas_common.c |
| +++ linux-2.6.16.9/sound/oss/dmasound/tas_common.c |
| @@ -195,8 +195,8 @@ tas_init(int driver_id, const char *driv |
| |
| printk(KERN_INFO "tas driver [%s])\n", driver_name); |
| |
| -#ifndef CONFIG_I2C_KEYWEST |
| - request_module("i2c-keywest"); |
| +#ifndef CONFIG_I2C_POWERMAC |
| + request_module("i2c-powermac"); |
| #endif |
| tas_node = find_devices("deq"); |
| if (tas_node == NULL) |
| --- linux-2.6.16.9.orig/sound/ppc/daca.c |
| +++ linux-2.6.16.9/sound/ppc/daca.c |
| @@ -256,7 +256,7 @@ int __init snd_pmac_daca_init(struct snd |
| |
| #ifdef CONFIG_KMOD |
| if (current->fs->root) |
| - request_module("i2c-keywest"); |
| + request_module("i2c-powermac"); |
| #endif /* CONFIG_KMOD */ |
| |
| mix = kmalloc(sizeof(*mix), GFP_KERNEL); |
| --- linux-2.6.16.9.orig/sound/ppc/tumbler.c |
| +++ linux-2.6.16.9/sound/ppc/tumbler.c |
| @@ -1314,7 +1314,7 @@ int __init snd_pmac_tumbler_init(struct |
| |
| #ifdef CONFIG_KMOD |
| if (current->fs->root) |
| - request_module("i2c-keywest"); |
| + request_module("i2c-powermac"); |
| #endif /* CONFIG_KMOD */ |
| |
| mix = kmalloc(sizeof(*mix), GFP_KERNEL); |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:43 2006 |
| Message-Id: <20060421043442.875624000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:02 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| torvalds@osdl.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| jmorris@redhat.com, |
| sds@tycho.nsa.gov, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 09/22] selinux: Fix MLS compatibility off-by-one bug |
| Content-Disposition: inline; filename=selinux-fix-mls-compatibility-off-by-one-bug.patch |
| Status: RO |
| Content-Length: 881 |
| Lines: 30 |
| |
| |
| From: Ron Yorston <rmy@tigress.co.uk> |
| |
| Fix an off-by-one error in the MLS compatibility code that was causing |
| contexts with a MLS suffix to be rejected, preventing sharing partitions |
| between FC4 and FC5. Bug reported in |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188068 |
| |
| Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
| Acked-by: James Morris <jmorris@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| |
| security/selinux/ss/mls.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/security/selinux/ss/mls.c |
| +++ linux-2.6.16.9/security/selinux/ss/mls.c |
| @@ -264,7 +264,7 @@ int mls_context_to_sid(char oldc, |
| |
| if (!selinux_mls_enabled) { |
| if (def_sid != SECSID_NULL && oldc) |
| - *scontext += strlen(*scontext); |
| + *scontext += strlen(*scontext)+1; |
| return 0; |
| } |
| |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:43 2006 |
| Message-Id: <20060421043443.076191000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:03 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| netdev-core@vger.kernel.org, |
| yoshfuji@linux-ipv6.org, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 10/22] IPV6: Ensure to have hop-by-hop options in our header of &sk_buff. |
| Content-Disposition: inline; filename=ipv6-ensure-to-have-hop-by-hop-options-in-our-header-of-sk_buff.patch |
| Status: RO |
| Content-Length: 935 |
| Lines: 34 |
| |
| [IPV6]: Ensure to have hop-by-hop options in our header of &sk_buff. |
| |
| Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| |
| --- |
| net/ipv6/exthdrs.c | 12 ++++++++++++ |
| 1 file changed, 12 insertions(+) |
| |
| --- linux-2.6.16.9.orig/net/ipv6/exthdrs.c |
| +++ linux-2.6.16.9/net/ipv6/exthdrs.c |
| @@ -489,6 +489,18 @@ int ipv6_parse_hopopts(struct sk_buff *s |
| { |
| struct inet6_skb_parm *opt = IP6CB(skb); |
| |
| + /* |
| + * skb->nh.raw is equal to skb->data, and |
| + * skb->h.raw - skb->nh.raw is always equal to |
| + * sizeof(struct ipv6hdr) by definition of |
| + * hop-by-hop options. |
| + */ |
| + if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) || |
| + !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) { |
| + kfree_skb(skb); |
| + return -1; |
| + } |
| + |
| opt->hop = sizeof(struct ipv6hdr); |
| if (ip6_parse_tlv(tlvprochopopt_lst, skb)) { |
| skb->h.raw += (skb->h.raw[1]+1)<<3; |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:43 2006 |
| Message-Id: <20060421043443.282051000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:04 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| netdev-core@vger.kernel.org, |
| yoshfuji@linux-ipv6.org, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 11/22] IPV6: XFRM: Dont use old copy of pointer after pskb_may_pull(). |
| Content-Disposition: inline; filename=ipv6-xfrm-don-t-use-old-copy-of-pointer-after-pskb_may_pull.patch |
| Status: RO |
| Content-Length: 1004 |
| Lines: 33 |
| |
| [IPV6] XFRM: Don't use old copy of pointer after pskb_may_pull(). |
| |
| Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| |
| --- |
| net/ipv6/xfrm6_policy.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/net/ipv6/xfrm6_policy.c |
| +++ linux-2.6.16.9/net/ipv6/xfrm6_policy.c |
| @@ -193,7 +193,7 @@ _decode_session6(struct sk_buff *skb, st |
| { |
| u16 offset = sizeof(struct ipv6hdr); |
| struct ipv6hdr *hdr = skb->nh.ipv6h; |
| - struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); |
| + struct ipv6_opt_hdr *exthdr; |
| u8 nexthdr = skb->nh.ipv6h->nexthdr; |
| |
| memset(fl, 0, sizeof(struct flowi)); |
| @@ -201,6 +201,8 @@ _decode_session6(struct sk_buff *skb, st |
| ipv6_addr_copy(&fl->fl6_src, &hdr->saddr); |
| |
| while (pskb_may_pull(skb, skb->nh.raw + offset + 1 - skb->data)) { |
| + exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); |
| + |
| switch (nexthdr) { |
| case NEXTHDR_ROUTING: |
| case NEXTHDR_HOP: |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:43 2006 |
| Message-Id: <20060421043443.480173000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:05 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| netdev-core@vger.kernel.org, |
| yoshfuji@linux-ipv6.org, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 12/22] IPV6: XFRM: Fix decoding session with preceding extension header(s). |
| Content-Disposition: inline; filename=ipv6-xfrm-fix-decoding-session-with-preceding-extension-header.patch |
| Status: RO |
| Content-Length: 1246 |
| Lines: 38 |
| |
| [IPV6] XFRM: Fix decoding session with preceding extension header(s). |
| |
| We did not correctly decode session with preceding extension |
| header(s). This was because we had already pulled preceding |
| headers, skb->nh.raw + 40 + 1 - skb->data was minus, and |
| pskb_may_pull() failed. |
| |
| We now have IP6CB(skb)->nhoff and skb->h.raw, and we can |
| start parsing / decoding upper layer protocol from current |
| position. |
| |
| Tracked down by Noriaki TAKAMIYA <takamiya@po.ntts.co.jp> |
| and tested by Kazunori Miyazawa <kazunori@miyazawa.org>. |
| |
| Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv6/xfrm6_policy.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/net/ipv6/xfrm6_policy.c |
| +++ linux-2.6.16.9/net/ipv6/xfrm6_policy.c |
| @@ -191,10 +191,10 @@ error: |
| static inline void |
| _decode_session6(struct sk_buff *skb, struct flowi *fl) |
| { |
| - u16 offset = sizeof(struct ipv6hdr); |
| + u16 offset = skb->h.raw - skb->nh.raw; |
| struct ipv6hdr *hdr = skb->nh.ipv6h; |
| struct ipv6_opt_hdr *exthdr; |
| - u8 nexthdr = skb->nh.ipv6h->nexthdr; |
| + u8 nexthdr = skb->nh.raw[IP6CB(skb)->nhoff]; |
| |
| memset(fl, 0, sizeof(struct flowi)); |
| ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr); |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:41 2006 |
| Message-Id: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:33:53 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk |
| Subject: [patch 00/22] 2.6.16-stable review cycle |
| Status: RO |
| Content-Length: 735 |
| Lines: 17 |
| |
| This is the start of the stable review cycle for the 2.6.16.10 release. |
| There are 22 patches in this series, all will be posted as a response to |
| this one. If anyone has any issues with these being applied, please let |
| us know. If anyone is a maintainer of the proper subsystem, and wants |
| to add a signed-off-by: line to the patch, please respond with it. |
| |
| These patches are sent out with a number of different people on the Cc: |
| line. If you wish to be a reviewer, please email stable@kernel.org to |
| add your name to the list. If you want to be off the reviewer list, |
| also email us. |
| |
| Responses should be made by Sunday, April 23, 03:00:00 UTC. Anything |
| received after that time, might be too late. |
| |
| thanks, |
| |
| the -stable release team |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:45 2006 |
| Message-Id: <20060421043445.480513000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:15 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 22/22] Add more prevent_tail_call() |
| Content-Disposition: inline; filename=add-more-prevent_tail_call.patch |
| Status: RO |
| Content-Length: 4609 |
| Lines: 144 |
| |
| From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> |
| |
| [PATCH] Add more prevent_tail_call() |
| |
| Those also break userland regs like following. |
| |
| 00000000 <sys_chown16>: |
| 0: 0f b7 44 24 0c movzwl 0xc(%esp),%eax |
| 5: 83 ca ff or $0xffffffff,%edx |
| 8: 0f b7 4c 24 08 movzwl 0x8(%esp),%ecx |
| d: 66 83 f8 ff cmp $0xffffffff,%ax |
| 11: 0f 44 c2 cmove %edx,%eax |
| 14: 66 83 f9 ff cmp $0xffffffff,%cx |
| 18: 0f 45 d1 cmovne %ecx,%edx |
| 1b: 89 44 24 0c mov %eax,0xc(%esp) |
| 1f: 89 54 24 08 mov %edx,0x8(%esp) |
| 23: e9 fc ff ff ff jmp 24 <sys_chown16+0x24> |
| |
| where the tailcall at the end overwrites the incoming stack-frame. |
| |
| Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| kernel/uid16.c | 59 ++++++++++++++++++++++++++++++++++++++++++++------------- |
| 1 file changed, 46 insertions(+), 13 deletions(-) |
| |
| --- linux-2.6.16.9.orig/kernel/uid16.c |
| +++ linux-2.6.16.9/kernel/uid16.c |
| @@ -20,43 +20,67 @@ |
| |
| asmlinkage long sys_chown16(const char __user * filename, old_uid_t user, old_gid_t group) |
| { |
| - return sys_chown(filename, low2highuid(user), low2highgid(group)); |
| + long ret = sys_chown(filename, low2highuid(user), low2highgid(group)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_lchown16(const char __user * filename, old_uid_t user, old_gid_t group) |
| { |
| - return sys_lchown(filename, low2highuid(user), low2highgid(group)); |
| + long ret = sys_lchown(filename, low2highuid(user), low2highgid(group)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group) |
| { |
| - return sys_fchown(fd, low2highuid(user), low2highgid(group)); |
| + long ret = sys_fchown(fd, low2highuid(user), low2highgid(group)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setregid16(old_gid_t rgid, old_gid_t egid) |
| { |
| - return sys_setregid(low2highgid(rgid), low2highgid(egid)); |
| + long ret = sys_setregid(low2highgid(rgid), low2highgid(egid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setgid16(old_gid_t gid) |
| { |
| - return sys_setgid(low2highgid(gid)); |
| + long ret = sys_setgid(low2highgid(gid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setreuid16(old_uid_t ruid, old_uid_t euid) |
| { |
| - return sys_setreuid(low2highuid(ruid), low2highuid(euid)); |
| + long ret = sys_setreuid(low2highuid(ruid), low2highuid(euid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setuid16(old_uid_t uid) |
| { |
| - return sys_setuid(low2highuid(uid)); |
| + long ret = sys_setuid(low2highuid(uid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) |
| { |
| - return sys_setresuid(low2highuid(ruid), low2highuid(euid), |
| - low2highuid(suid)); |
| + long ret = sys_setresuid(low2highuid(ruid), low2highuid(euid), |
| + low2highuid(suid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) |
| @@ -72,8 +96,11 @@ asmlinkage long sys_getresuid16(old_uid_ |
| |
| asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid) |
| { |
| - return sys_setresgid(low2highgid(rgid), low2highgid(egid), |
| - low2highgid(sgid)); |
| + long ret = sys_setresgid(low2highgid(rgid), low2highgid(egid), |
| + low2highgid(sgid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) |
| @@ -89,12 +116,18 @@ asmlinkage long sys_getresgid16(old_gid_ |
| |
| asmlinkage long sys_setfsuid16(old_uid_t uid) |
| { |
| - return sys_setfsuid(low2highuid(uid)); |
| + long ret = sys_setfsuid(low2highuid(uid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| asmlinkage long sys_setfsgid16(old_gid_t gid) |
| { |
| - return sys_setfsgid(low2highgid(gid)); |
| + long ret = sys_setfsgid(low2highgid(gid)); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| static int groups16_to_user(old_gid_t __user *grouplist, |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:45 2006 |
| Message-Id: <20060421043445.281372000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:14 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Bartlomiej Zolnierkiewicz <B.Zolnierkiewicz@elka.pw.edu.pl>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 21/22] alim15x3: ULI M-1573 south Bridge support |
| Content-Disposition: inline; filename=alim15x3-uli-m-1573-south-bridge-support.patch |
| Status: RO |
| Content-Length: 1181 |
| Lines: 36 |
| |
| From: KAI.HSU <windsboy@gmail.com> |
| |
| [PATCH] alim15x3: ULI M-1573 south Bridge support |
| |
| >From http://bugzilla.kernel.org/show_bug.cgi?id=6358 |
| |
| The alim15x3.c havn't been update for 3 years. Recently when we use this |
| "ULI M1573" south bridge chip found that can't mount CDROM(VCD) smoothly, |
| must waiting for a long time. After I check the "ULI M1573" south bridge |
| datasheet, I found the reason. The reason is the "ULI M1573" version in |
| the Linux is "0xC7" not "0xC4" anymore So I was modified the source than it |
| was successed. |
| |
| Cc: Bartlomiej Zolnierkiewicz <B.Zolnierkiewicz@elka.pw.edu.pl> |
| Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/ide/pci/alim15x3.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- linux-2.6.16.9.orig/drivers/ide/pci/alim15x3.c |
| +++ linux-2.6.16.9/drivers/ide/pci/alim15x3.c |
| @@ -731,6 +731,8 @@ static unsigned int __devinit ata66_ali1 |
| |
| if(m5229_revision <= 0x20) |
| tmpbyte = (tmpbyte & (~0x02)) | 0x01; |
| + else if (m5229_revision == 0xc7) |
| + tmpbyte |= 0x03; |
| else |
| tmpbyte |= 0x01; |
| |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:45 2006 |
| Message-Id: <20060421043445.070980000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:13 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Samuel Thibault <samuel.thibault@ens-lyon.org>, |
| "Jordan Crouse" <jordan.crouse@amd.com>, |
| Zachary Amsden <zach@vmware.com>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 20/22] apm: fix Armada laptops again |
| Content-Disposition: inline; filename=apm-fix-armada-laptops-again.patch |
| Status: RO |
| Content-Length: 1228 |
| Lines: 39 |
| |
| From: Samuel Thibault <samuel.thibault@ens-lyon.org> |
| |
| [PATCH] apm: fix Armada laptops again |
| |
| Fix the "apm: set display: Interface not engaged" error on Armada laptops |
| again. |
| |
| Jordan said: |
| |
| I think this is fine. It seems to me that this may be the fault of one or |
| both of the APM solutions handling this situation in a non-standard way, but |
| since APM is used very little on the Geode, and I have direct access to our |
| BIOS folks, if this problem comes up with a customer again, we'll solve it |
| from the firmware. |
| |
| Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> |
| Cc: "Jordan Crouse" <jordan.crouse@amd.com> |
| Cc: Zachary Amsden <zach@vmware.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| arch/i386/kernel/apm.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/arch/i386/kernel/apm.c |
| +++ linux-2.6.16.9/arch/i386/kernel/apm.c |
| @@ -1081,7 +1081,7 @@ static int apm_console_blank(int blank) |
| break; |
| } |
| |
| - if (error == APM_NOT_ENGAGED && state != APM_STATE_READY) { |
| + if (error == APM_NOT_ENGAGED) { |
| static int tried; |
| int eng_error; |
| if (tried++ == 0) { |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:45 2006 |
| Message-Id: <20060421043444.873698000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:12 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Antonino Daplas <adaplas@pol.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 19/22] fbdev: Fix return error of fb_write |
| Content-Disposition: inline; filename=fbdev-fix-return-error-of-fb_write.patch |
| Status: RO |
| Content-Length: 1422 |
| Lines: 58 |
| |
| From: Antonino A. Daplas <adaplas@gmail.com> |
| |
| [PATCH] fbdev: Fix return error of fb_write |
| |
| Fix return code of fb_write(): |
| |
| If at least 1 byte was transferred to the device, return number of bytes, |
| otherwise: |
| |
| - return -EFBIG - if file offset is past the maximum allowable offset or |
| size is greater than framebuffer length |
| - return -ENOSPC - if size is greater than framebuffer length - offset |
| |
| Signed-off-by: Antonino Daplas <adaplas@pol.net> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/video/fbmem.c | 14 ++++++++++---- |
| 1 file changed, 10 insertions(+), 4 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/video/fbmem.c |
| +++ linux-2.6.16.9/drivers/video/fbmem.c |
| @@ -669,13 +669,19 @@ fb_write(struct file *file, const char _ |
| total_size = info->fix.smem_len; |
| |
| if (p > total_size) |
| - return 0; |
| + return -EFBIG; |
| |
| - if (count >= total_size) |
| + if (count > total_size) { |
| + err = -EFBIG; |
| count = total_size; |
| + } |
| + |
| + if (count + p > total_size) { |
| + if (!err) |
| + err = -ENOSPC; |
| |
| - if (count + p > total_size) |
| count = total_size - p; |
| + } |
| |
| buffer = kmalloc((count > PAGE_SIZE) ? PAGE_SIZE : count, |
| GFP_KERNEL); |
| @@ -717,7 +723,7 @@ fb_write(struct file *file, const char _ |
| |
| kfree(buffer); |
| |
| - return (err) ? err : cnt; |
| + return (cnt) ? cnt : err; |
| } |
| |
| #ifdef CONFIG_KMOD |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:44 2006 |
| Message-Id: <20060421043444.675198000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:11 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Dipankar Sarma <dipankar@in.ibm.com>, |
| "Paul E. McKenney" <paulmck@us.ibm.com>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 18/22] Fix file lookup without ref |
| Content-Disposition: inline; filename=fix-file-lookup-without-ref.patch |
| Content-Length: 3707 |
| Lines: 132 |
| |
| From: Dipankar Sarma <dipankar@in.ibm.com> |
| |
| [PATCH] Fix file lookup without ref |
| |
| There are places in the kernel where we look up files in fd tables and |
| access the file structure without holding refereces to the file. So, we |
| need special care to avoid the race between looking up files in the fd |
| table and tearing down of the file in another CPU. Otherwise, one might |
| see a NULL f_dentry or such torn down version of the file. This patch |
| fixes those special places where such a race may happen. |
| |
| Signed-off-by: Dipankar Sarma <dipankar@in.ibm.com> |
| Acked-by: "Paul E. McKenney" <paulmck@us.ibm.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/char/tty_io.c | 8 ++++++-- |
| fs/locks.c | 9 +++++++-- |
| fs/proc/base.c | 21 +++++++++++++++------ |
| 3 files changed, 28 insertions(+), 10 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/char/tty_io.c |
| +++ linux-2.6.16.9/drivers/char/tty_io.c |
| @@ -2706,7 +2706,11 @@ static void __do_SAK(void *arg) |
| } |
| task_lock(p); |
| if (p->files) { |
| - rcu_read_lock(); |
| + /* |
| + * We don't take a ref to the file, so we must |
| + * hold ->file_lock instead. |
| + */ |
| + spin_lock(&p->files->file_lock); |
| fdt = files_fdtable(p->files); |
| for (i=0; i < fdt->max_fds; i++) { |
| filp = fcheck_files(p->files, i); |
| @@ -2721,7 +2725,7 @@ static void __do_SAK(void *arg) |
| break; |
| } |
| } |
| - rcu_read_unlock(); |
| + spin_unlock(&p->files->file_lock); |
| } |
| task_unlock(p); |
| } while_each_task_pid(session, PIDTYPE_SID, p); |
| --- linux-2.6.16.9.orig/fs/locks.c |
| +++ linux-2.6.16.9/fs/locks.c |
| @@ -2212,7 +2212,12 @@ void steal_locks(fl_owner_t from) |
| |
| lock_kernel(); |
| j = 0; |
| - rcu_read_lock(); |
| + |
| + /* |
| + * We are not taking a ref to the file structures, so |
| + * we need to acquire ->file_lock. |
| + */ |
| + spin_lock(&files->file_lock); |
| fdt = files_fdtable(files); |
| for (;;) { |
| unsigned long set; |
| @@ -2230,7 +2235,7 @@ void steal_locks(fl_owner_t from) |
| set >>= 1; |
| } |
| } |
| - rcu_read_unlock(); |
| + spin_unlock(&files->file_lock); |
| unlock_kernel(); |
| } |
| EXPORT_SYMBOL(steal_locks); |
| --- linux-2.6.16.9.orig/fs/proc/base.c |
| +++ linux-2.6.16.9/fs/proc/base.c |
| @@ -294,16 +294,20 @@ static int proc_fd_link(struct inode *in |
| |
| files = get_files_struct(task); |
| if (files) { |
| - rcu_read_lock(); |
| + /* |
| + * We are not taking a ref to the file structure, so we must |
| + * hold ->file_lock. |
| + */ |
| + spin_lock(&files->file_lock); |
| file = fcheck_files(files, fd); |
| if (file) { |
| *mnt = mntget(file->f_vfsmnt); |
| *dentry = dget(file->f_dentry); |
| - rcu_read_unlock(); |
| + spin_unlock(&files->file_lock); |
| put_files_struct(files); |
| return 0; |
| } |
| - rcu_read_unlock(); |
| + spin_unlock(&files->file_lock); |
| put_files_struct(files); |
| } |
| return -ENOENT; |
| @@ -1485,7 +1489,12 @@ static struct dentry *proc_lookupfd(stru |
| if (!files) |
| goto out_unlock; |
| inode->i_mode = S_IFLNK; |
| - rcu_read_lock(); |
| + |
| + /* |
| + * We are not taking a ref to the file structure, so we must |
| + * hold ->file_lock. |
| + */ |
| + spin_lock(&files->file_lock); |
| file = fcheck_files(files, fd); |
| if (!file) |
| goto out_unlock2; |
| @@ -1493,7 +1502,7 @@ static struct dentry *proc_lookupfd(stru |
| inode->i_mode |= S_IRUSR | S_IXUSR; |
| if (file->f_mode & 2) |
| inode->i_mode |= S_IWUSR | S_IXUSR; |
| - rcu_read_unlock(); |
| + spin_unlock(&files->file_lock); |
| put_files_struct(files); |
| inode->i_op = &proc_pid_link_inode_operations; |
| inode->i_size = 64; |
| @@ -1503,7 +1512,7 @@ static struct dentry *proc_lookupfd(stru |
| return NULL; |
| |
| out_unlock2: |
| - rcu_read_unlock(); |
| + spin_unlock(&files->file_lock); |
| put_files_struct(files); |
| out_unlock: |
| iput(inode); |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:44 2006 |
| Message-Id: <20060421043444.476739000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:10 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, |
| Kirill Korotaev <dev@openvz.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 17/22] IPC: access to unmapped vmalloc area in grow_ary() |
| Content-Disposition: inline; filename=ipc-access-to-unmapped-vmalloc-area-in-grow_ary.patch |
| Content-Length: 1010 |
| Lines: 33 |
| |
| >From Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
| |
| [PATCH] IPC: access to unmapped vmalloc area in grow_ary() |
| |
| grow_ary() should not copy struct ipc_id_ary (it copies new->p, not |
| new). Due to this, memcpy() src pointer could hit unmapped vmalloc page |
| when near page boundary. |
| |
| Found during OpenVZ stress testing |
| |
| Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
| Signed-off-by: Kirill Korotaev <dev@openvz.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| ipc/util.c | 3 +-- |
| 1 file changed, 1 insertion(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/ipc/util.c |
| +++ linux-2.6.16.9/ipc/util.c |
| @@ -182,8 +182,7 @@ static int grow_ary(struct ipc_ids* ids, |
| if(new == NULL) |
| return size; |
| new->size = newsize; |
| - memcpy(new->p, ids->entries->p, sizeof(struct kern_ipc_perm *)*size + |
| - sizeof(struct ipc_id_ary)); |
| + memcpy(new->p, ids->entries->p, sizeof(struct kern_ipc_perm *)*size); |
| for(i=size;i<newsize;i++) { |
| new->p[i] = NULL; |
| } |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:44 2006 |
| Message-Id: <20060421043444.279180000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:09 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| David Barksdale <amatus@ocgnet.org>, |
| Jean Delvare <khali@linux-fr.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 16/22] m41t00: fix bitmasks when writing to chip |
| Content-Disposition: inline; filename=m41t00-fix-bitmasks-when-writing-to-chip.patch |
| Content-Length: 1649 |
| Lines: 42 |
| |
| From: David Barksdale <amatus@ocgnet.org> |
| |
| [PATCH] m41t00: fix bitmasks when writing to chip |
| |
| Fix the bitmasks used when writing to the M41T00 registers. |
| |
| The original code used a mask of 0x7f when writing to each register, |
| this is incorrect and probably the result of a copy-paste error. As a |
| result years from 1980 to 1999 will be read back as 2000 to 2019. |
| |
| Signed-off-by: David Barksdale <amatus@ocgnet.org> |
| Acked-by: Jean Delvare <khali@linux-fr.org> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/i2c/chips/m41t00.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| --- linux-2.6.16.9.orig/drivers/i2c/chips/m41t00.c |
| +++ linux-2.6.16.9/drivers/i2c/chips/m41t00.c |
| @@ -129,13 +129,13 @@ m41t00_set_tlet(ulong arg) |
| if ((i2c_smbus_write_byte_data(save_client, 0, tm.tm_sec & 0x7f) < 0) |
| || (i2c_smbus_write_byte_data(save_client, 1, tm.tm_min & 0x7f) |
| < 0) |
| - || (i2c_smbus_write_byte_data(save_client, 2, tm.tm_hour & 0x7f) |
| + || (i2c_smbus_write_byte_data(save_client, 2, tm.tm_hour & 0x3f) |
| < 0) |
| - || (i2c_smbus_write_byte_data(save_client, 4, tm.tm_mday & 0x7f) |
| + || (i2c_smbus_write_byte_data(save_client, 4, tm.tm_mday & 0x3f) |
| < 0) |
| - || (i2c_smbus_write_byte_data(save_client, 5, tm.tm_mon & 0x7f) |
| + || (i2c_smbus_write_byte_data(save_client, 5, tm.tm_mon & 0x1f) |
| < 0) |
| - || (i2c_smbus_write_byte_data(save_client, 6, tm.tm_year & 0x7f) |
| + || (i2c_smbus_write_byte_data(save_client, 6, tm.tm_year & 0xff) |
| < 0)) |
| |
| dev_warn(&save_client->dev,"m41t00: can't write to rtc chip\n"); |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:44 2006 |
| Message-Id: <20060421043444.072702000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:08 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Corey Minyard <minyard@acm.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 15/22] Open IPMI BT overflow |
| Content-Disposition: inline; filename=open-ipmi-bt-overflow.patch |
| Content-Length: 1188 |
| Lines: 38 |
| |
| From: Heikki Orsila <shd@jolt.modeemi.cs.tut.fi> |
| |
| [PATCH] Open IPMI BT overflow |
| |
| I was looking into random driver code and found a suspicious looking |
| memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1: |
| |
| if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH)) |
| return -1; |
| ... |
| memcpy(bt->write_data + 3, data + 1, size - 1); |
| |
| where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH. It looks like the |
| memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH. A patch |
| attached to limit size to (IPMI_MAX_LENGTH - 2). |
| |
| Cc: Corey Minyard <minyard@acm.org> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/char/ipmi/ipmi_bt_sm.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.16.9.orig/drivers/char/ipmi/ipmi_bt_sm.c |
| +++ linux-2.6.16.9/drivers/char/ipmi/ipmi_bt_sm.c |
| @@ -165,7 +165,7 @@ static int bt_start_transaction(struct s |
| { |
| unsigned int i; |
| |
| - if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH)) |
| + if ((size < 2) || (size > (IPMI_MAX_MSG_LENGTH - 2))) |
| return -1; |
| |
| if ((bt->state != BT_STATE_IDLE) && (bt->state != BT_STATE_HOSED)) |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:44 2006 |
| Message-Id: <20060421043443.874934000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:07 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 14/22] x86: be careful about tailcall breakage for sys_opentoo |
| Content-Disposition: inline; filename=x86-be-careful-about-tailcall-breakage-for-sys_open-too.patch |
| Content-Length: 2045 |
| Lines: 74 |
| |
| From: Linus Torvalds <torvalds@osdl.org> |
| |
| x86: be careful about tailcall breakage for sys_open[at] too |
| |
| Came up through a quick grep for other cases similar to the ftruncate() |
| one in commit 0a489cb3b6a7b277030cdbc97c2c65905db94536. |
| |
| Also, add a comment, so that people who read the code understand why we |
| do what looks like a no-op. |
| |
| (Again, this won't actually matter to any sane user, since libc will |
| save and restore the register gcc stomps on, but it's still wrong to |
| stomp on it) |
| |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/open.c | 16 ++++++++++++++-- |
| 1 file changed, 14 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/fs/open.c |
| +++ linux-2.6.16.9/fs/open.c |
| @@ -331,6 +331,7 @@ out: |
| asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length) |
| { |
| long ret = do_sys_ftruncate(fd, length, 1); |
| + /* avoid REGPARM breakage on x86: */ |
| prevent_tail_call(ret); |
| return ret; |
| } |
| @@ -345,6 +346,7 @@ asmlinkage long sys_truncate64(const cha |
| asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length) |
| { |
| long ret = do_sys_ftruncate(fd, length, 0); |
| + /* avoid REGPARM breakage on x86: */ |
| prevent_tail_call(ret); |
| return ret; |
| } |
| @@ -1087,20 +1089,30 @@ long do_sys_open(int dfd, const char __u |
| |
| asmlinkage long sys_open(const char __user *filename, int flags, int mode) |
| { |
| + long ret; |
| + |
| if (force_o_largefile()) |
| flags |= O_LARGEFILE; |
| |
| - return do_sys_open(AT_FDCWD, filename, flags, mode); |
| + ret = do_sys_open(AT_FDCWD, filename, flags, mode); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| EXPORT_SYMBOL_GPL(sys_open); |
| |
| asmlinkage long sys_openat(int dfd, const char __user *filename, int flags, |
| int mode) |
| { |
| + long ret; |
| + |
| if (force_o_largefile()) |
| flags |= O_LARGEFILE; |
| |
| - return do_sys_open(dfd, filename, flags, mode); |
| + ret = do_sys_open(dfd, filename, flags, mode); |
| + /* avoid REGPARM breakage on x86: */ |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| EXPORT_SYMBOL_GPL(sys_openat); |
| |
| |
| -- |
| |
| From greg@blue.kroah.org Thu Apr 20 21:34:43 2006 |
| Message-Id: <20060421043443.678092000@blue.kroah.org> |
| References: <20060421043353.602539000@blue.kroah.org> |
| User-Agent: quilt/0.44-1 |
| Date: Thu, 20 Apr 2006 21:34:06 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 13/22] x86: dont allow tail-calls in sys_ftruncate() |
| Content-Disposition: inline; filename=x86-don-t-allow-tail-calls-in-sys_ftruncate.patch |
| Content-Length: 1669 |
| Lines: 53 |
| |
| From: Linus Torvalds <torvalds@osdl.org> |
| |
| x86: don't allow tail-calls in sys_ftruncate[64]() |
| |
| Gcc thinks it owns the incoming argument stack, but that's not true for |
| "asmlinkage" functions, and it corrupts the caller-set-up argument stack |
| when it pushes the third argument onto the stack. Which can result in |
| %ebx getting corrupted in user space. |
| |
| Now, normally nobody sane would ever notice, since libc will save and |
| restore %ebx anyway over the system call, but it's still wrong. |
| |
| I'd much rather have "asmlinkage" tell gcc directly that it doesn't own |
| the stack, but no such attribute exists, so we're stuck with our hacky |
| manual "prevent_tail_call()" macro once more (we've had the same issue |
| before with sys_waitpid() and sys_wait4()). |
| |
| Thanks to Hans-Werner Hilse <hilse@sub.uni-goettingen.de> for reporting |
| the issue and testing the fix. |
| |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/open.c | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/fs/open.c |
| +++ linux-2.6.16.9/fs/open.c |
| @@ -330,7 +330,9 @@ out: |
| |
| asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length) |
| { |
| - return do_sys_ftruncate(fd, length, 1); |
| + long ret = do_sys_ftruncate(fd, length, 1); |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| |
| /* LFS versions of truncate are only needed on 32 bit machines */ |
| @@ -342,7 +344,9 @@ asmlinkage long sys_truncate64(const cha |
| |
| asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length) |
| { |
| - return do_sys_ftruncate(fd, length, 0); |
| + long ret = do_sys_ftruncate(fd, length, 0); |
| + prevent_tail_call(ret); |
| + return ret; |
| } |
| #endif |
| |
| |
| -- |
| |