It appears that sockaddr_in.sin_zero is not zeroed during
getsockopt(...SO_ORIGINAL_DST...) operation. This can lead
to an information leak (CVE-2006-1343).
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
A typo crept in with commit ea1e847cc2
which defined TI_LOCAL_FLAGS to be the offset of the `flags' field
of struct thread_info, rather than the `local_flags' field. This
fixes it. The typo was pointed out by Guennadi Liakhovetski.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Okay, just to sum things up.
This forces libata to wait for up to 2 seconds for BUSY|DRQ to clear
on resume before continuing.
[jgarzik adds...] During testing we never saw DRQ asserted, but
nonetheless (a) this works and (b) testing for DRQ won't hurt.
Signed-off-by: Mark Lord <liml@rtr.ca>
Acked-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[PATCH] powerpc: fix RTC/NVRAM accesses on Maple
[PATCH] ppc32 CPM_UART: various fixes for pq2 uart users
[PATCH] powerpc: linuxppc64.org no more
This is the second lcs driver patch containing the rest of lcs fixes.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Several problems occured with lcs device driver:
- device not operational anymore after cable pull/plug-in.
- unpredictable results occured, e.g. kernel panic
using cards of type QD8F.
- STOPLAN and delete multicast address command
were not proper recognized by OSA card under heavy network workload.
- channel/device error checks missing in interrupt handler.
To fix all problems at once recovery of lcs devices has been improved.
missing error checks in lcs interrupt handler has been added.
Once a hardware problem occurs lcs will recover the device now properly.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
From: Frank Blaschka <Frank.Blaschka@de.ibm.com>
From: Frank Pavlic <fpavlic@de.ibm.com>
- fix fake_ll during initial device bringup. fake_ll was
not active after first start of the device.
Problem only occured when qeth was built without IPV6 support.
- avoid skb usage after invocation of qeth_flush_buffers,
because skb might already be freed.
- remove yet another useless netif_wake_queue in
qeth_softsetup_ipv6 since this function is only called
when device is going online. In this case card->state will
never be in state UP. So let the net_device queue down .
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
From: Frank Pavlic <fpavlic@de.ibm.com>
- correct checking of sscanf-%n value in qeth_string_to_ipaddr().
- don't use netif_stop_queue outside the hard_start_xmit routine.
Rather use netif_tx_disable.
- don't call qeth_netdev_init on a recovery.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
In case of a parse error for the cu3088 group attribute,
return -EINVAL instead of count.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
During a code scan for another change I discovered that this call to
pcnet32_free_ring must be removed. If the open fails due to a lack of
memory all the ring structures are removed via the call to free_ring
and a subsequent call to open will dereference a null pointer in
pcnet32_init_ring.
Please apply to 2.6.17.
Signed-off-by: Don Fry <brazilnut@us.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Someone was waaay too aggressive and removed e1000's reboot notifier
instead of porting it to the new way of the shutdown handler. This change
broke wake on lan. Add the shutdown handler back in using the same method
as e100 uses.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
(cherry picked from c653e6351e commit)
Noticed that dev_alloc_name() comment was incorrect, and more spellung
errors.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
In addition to the real on-link routes, NONEXTHOP routes
should be considered on-link.
Problem reported by Meelis Roos <mroos@linux.ee>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix section mismatch warnings:
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.init.text:arlan_probe from .text between 'init_module' (at offset
0x3526) and 'cleanup_module'
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.init.text:init_arlan_proc from .text between 'init_module' (at offset
0x3539) and 'cleanup_module'
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.exit.text:cleanup_arlan_proc from .text between 'cleanup_module' (at
offset 0x356c) and 'arlan_diagnostic_info_string'
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix section mismatch warning:
WARNING: drivers/net/wireless/wavelan.o - Section mismatch: reference to
.init.text: from .text between 'init_module' (at offset 0x371e) and
'cleanup_module'
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The TPM chip on the ThinkPad T60 and Z60 machines is returning 0xFFFF for
the vendor ID which is a check the driver made to double check it was
actually talking to the memory mapped space of a TPM. This patch removes
the check since it isn't absolutely necessary and was causing device
discovery to fail on these machines.
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix compile bug with the S3C24XX SPI driver when CONFIG_PM is set.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
For a very long time, echoing 'standby' or 'mem' into /sys/power/state has
killed the machine on powerpc. This patch fixes that.
This patch adds the .valid callback to pm_ops on PowerMac so that only the
suspend to disk state can be entered. Note that just returning 0 would
suffice since the upper layers don't pass PM_SUSPEND_DISK down, but we
handle it there regardless just in case that changes.
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This improves accuracy of the touchscreen and hwmon sensor readings,
addressing an issue noted by Imre Deak: there's an extra bit written before
the sample (12 bits) gets written out.
It also catches up to various comments, and makes the /proc/interrupts
entry sensible again.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Imre Deak <imre.deak@nokia.com>
Cc: Jean Delvare <khali@linux-fr.org>
Cc: Dmitry Torokhov <dtor_core@ameritech.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Some driver wants to use CMSPAR, but it was missing on alpha and powerpc.
This adds it, with the same value as every other architecture uses.
(akpm: fixes the build of an upcoming gregkh USB patch)
Signed-off-by: Paul Mackerras <paulus@samba.org>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
otherwise we get nasty messages about locks not being released.
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Due to a firmware device tree bug, RTC and NVRAM accesses (including
halt/reboot) on Maple have been broken since January, when an untested
build fix went in. This code patches the device tree in Linux.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This fixes various odd things that missed update together with cpm_uart
platform_device move. Unified resources names, restructurisation, etc.
Also, addressed issue with recent phys/virt translation rework. Being
cache-coherent, CPM2's do alloc_bootmem() for the console stuff, and it was
used to treat console buffer descriptor mapping 1:1 (as in CPM1 case),
which is definitely wrong.
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
http://linuxppc64.org has long been a redirect to the canonical
http://penguinppc.org/ppc64/ -- update all instances accordingly,
as ACKed by Hollis:
On Wed, Jan 18, 2006 at 09:48:08AM -0600, Hollis Blanchard wrote:
> On Wed, 2006-01-18 at 13:07 +0100, Olaf Hering wrote:
> > On Wed, Jan 18, Arthur Othieno wrote:
> > >
> > > What about the s/linuxppc64\.org/penguinppc\.org/g case? Or is
> > > penguinppc64.org preferable? Or am I just taking it too far? ;)
> >
> > They are redirected on DNS or HTTP level.
>
> HTTP level, but that doesn't answer his question.
>
> As the maintainer of that site, I would prefer to remove the
> linuxppc64.org reference.
Signed-off-by: Arthur Othieno <apgo@patchbomb.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
If a SIR dongle is built in the kernel while IRTTY_SIR is built
as a module, kernel compilation will fail.
Thus, the SIR dongle config should depend on the IRTTY_SIR.
Closes kernel bug# 6512
(http://bugzilla.kernel.org/show_bug.cgi?id=6512)
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
It gets enough reports, that there ought to be a MAINTAINER entry.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add missing parentheses for type cast to u64.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mixing "depends on I2C" and "select I2C" within the media subsystem
leads to the following problem:
Warning! Found recursive dependency: I2C DVB_BUDGET DVB_BUDGET_PATCH
DVB_AV7110 VIDEO_SAA7146_VV VIDEO_SAA7146 I2C
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Manu Abraham <manu@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
If we post a list of length exactly a multiple of 256, nreq in
doorbell gets set to 256 which is wrong: it should be encoded by 0.
This is because we only zero it out on the next WR, which may not be
there. The solution is to ring the doorbell after posting a WQE, not
before posting the next one.
This is the same bug that we just fixed for QPs with non-shared RQ.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
IB/ipath: deref correct pointer when using kernel SMA
IB/ipath: fix null deref during rdma ops
IB/ipath: register as IB device owner
IB/ipath: enable PE800 receive interrupts on user ports
IB/ipath: enable GPIO interrupt on HT-460
IB/ipath: fix NULL dereference during cleanup
IB/ipath: replace uses of LIST_POISON
IB/ipath: fix reporting of driver version to userspace
IB/ipath: don't modify QP if changes fail
IB/ipath: fix spinlock recursion bug
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[PATCH] libata: add pio flush for via atapi (was: Re: TR: ASUS A8V Deluxe, x86_64)
md->disk was being used in a debug message before it was allocated.
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It looks like metapage_releasepage was making in invalid assumption that
the releasepage method would not be called on a dirty page. Instead of
issuing a warning and releasing the metapage, it should return 0, indicating
that the private data for the page cannot be released.
I also realized that metapage_releasepage had the return code all wrong. If
it is successful in releasing the private data, it should return 1, otherwise
it needs to return 0.
Lastly, there is no need to call wait_on_page_writeback, since
try_to_release_page will not call us with a page in writback state.
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Backport the "pio flush" from the libata major update to 2.6.17 for via atapi.
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The truncate threshold calculation to prevent receiver from getting stuck
was incorrect, and it didn't take into account the upper limit on bits
in the register so the jumbo packet support was broken.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Bridge will OOPS on removal if other application has the SAP open.
The bridge SAP might be shared with other usages, so need
to do reference counting on module removal rather than explicit
close/delete.
Since packet might arrive after or during removal, need to clear
the receive function handle, so LLC only hands it to user (if any).
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
If kmalloc fails, error path leaks data allocated from asn1_oid_decode().
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When parsing unknown sequence extensions the "son"-pointer points behind
the last known extension for this type, don't try to interpret it.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The condition "> H323_ERROR_STOP" can never be true since H323_ERROR_STOP
is positive and is the highest possible return code, while real errors are
negative, fix the checks. Also only abort on real errors in some spots
that were just interpreting any return value != 0 as error.
Fixes crashes caused by use of stale data after a parsing error occured:
BUG: unable to handle kernel paging request at virtual address bfffffff
printing eip:
c01aa0f8
*pde = 1a801067
*pte = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: ip_nat_h323 ip_conntrack_h323 nfsd exportfs sch_sfq sch_red cls_fw sch_hfsc xt_length ipt_owner xt_MARK iptable_mangle nfs lockd sunrpc pppoe pppoxx
CPU: 0
EIP: 0060:[<c01aa0f8>] Not tainted VLI
EFLAGS: 00210646 (2.6.17-rc4 #8)
EIP is at memmove+0x19/0x22
eax: d77264e9 ebx: d77264e9 ecx: e88d9b17 edx: d77264e9
esi: bfffffff edi: bfffffff ebp: de6a7680 esp: c0349db8
ds: 007b es: 007b ss: 0068
Process asterisk (pid: 3765, threadinfo=c0349000 task=da068540)
Stack: <0>00000006 c0349e5e d77264e3 e09a2b4e e09a38a0 d7726052 d7726124 00000491
00000006 00000006 00000006 00000491 de6a7680 d772601e d7726032 c0349f74
e09a2dc2 00000006 c0349e5e 00000006 00000000 d76dda28 00000491 c0349f74
Call Trace:
[<e09a2b4e>] mangle_contents+0x62/0xfe [ip_nat]
[<e09a2dc2>] ip_nat_mangle_tcp_packet+0xa1/0x191 [ip_nat]
[<e0a2712d>] set_addr+0x74/0x14c [ip_nat_h323]
[<e0ad531e>] process_setup+0x11b/0x29e [ip_conntrack_h323]
[<e0ad534f>] process_setup+0x14c/0x29e [ip_conntrack_h323]
[<e0ad57bd>] process_q931+0x3c/0x142 [ip_conntrack_h323]
[<e0ad5dff>] q931_help+0xe0/0x144 [ip_conntrack_h323]
...
Found by the PROTOS c07-h2250v4 testsuite.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Marcel Holtmann