This patch fixes a potential memory corruption in
pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer
length, memcpy_toiovec() will go into unintialized data on the kernel
heap, interpret it as an iovec and start modifying memory.
The fix is to change the memcpy_toiovec() call to
skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP)
are handled properly. Also check that the caller's buffer is big
enough for the data and set the MSG_TRUNC flag if it is not so.
Reported-by: Ilja <ilja@netric.org>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch limits BLK_DEV_HD_ONLY to the ARM platforms offering
IRQ_HARDDISK, fixing the following compile error on others:
<-- snip -->
...
CC drivers/ide/legacy/hd.o
...
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c: In function 'hd_times_out':
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c:542: error: 'IRQ_HARDDISK' undeclared (first use in this function)
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c:542: error: (Each undeclared identifier is reported only once
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c:542: error: for each function it appears in.)
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c: In function 'do_hd_request':
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c:661: error: 'IRQ_HARDDISK' undeclared (first use in this function)
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c: In function 'hd_init':
/home/bunk/linux/kernel-2.6/git/linux-2.6/drivers/ide/legacy/hd.c:765: error: 'IRQ_HARDDISK' undeclared (first use in this function)
make[3]: *** [drivers/ide/legacy/hd.o] Error 1
<-- snip -->
Reported-by: Adrian Bunk <bunk@kernel.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Don't fail the probe if there are no devices attached to the controller.
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Convert the driver to use struct ide_port_info - as a nice side-effect
this fixes racy setup of ->io_32bit/unmask settings (after ide_device_add()
call device can be already in use).
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
hwif->dev was set too late (after ide_device_add() call)
so hwif->gendev.parent was not initialized properly.
Fix it by setting hw.dev and letting ide_init_port_hw()
do the rest.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
ide_find_port() now depends on ->chipset being set for occupied ide_hwifs[]
slots so all host drivers have to initialize hwif->chipset properly.
This patch fixes a regression on hosts with > 1 port or with a single port
but no devices attached to it for an affected host drivers.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
hwif->chipset need to be set properly or ide-generic driver will break once
we make a final step in fixing host drivers' dependence on ide_hwifs[].
Problem was catched early thanks to IDE tree exposure in -mm / -next trees
and reported by people listed people (thank you guys!).
Reported-by: "John Keller" <jpk@sgi.com>
Reported-by: Dmitri Vorobiev <dmitri.vorobiev@gmail.com>
Reported-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
- maintainer has not been active for years
- URLs no longer exist
- covered by the IDE SUBSYSTEM entry
- maintainer email bounces
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Lionel.Bouton@inet6.fr
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
I forgot to remove the ide_etrax100 chipset type when removing the
ETRAX_IDE driver.
Reported-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Found a silly double assignment of err is do_shmat. Silly, but good to
clean up the useless code.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
schedule() has the special "TASK_INTERRUPTIBLE && signal_pending()" case,
this allows us to do
current->state = TASK_INTERRUPTIBLE;
schedule();
without fear to sleep with pending signal.
However, the code like
current->state = TASK_KILLABLE;
schedule();
is not right, schedule() doesn't take TASK_WAKEKILL into account. This means
that mutex_lock_killable(), wait_for_completion_killable(), down_killable(),
schedule_timeout_killable() can miss SIGKILL (and btw the second SIGKILL has
no effect).
Introduce the new helper, signal_pending_state(), and change schedule() to
use it. Hopefully it will have more users, that is why the task's state is
passed separately.
Note this "__TASK_STOPPED | __TASK_TRACED" check in signal_pending_state().
This is needed to preserve the current behaviour (ptrace_notify). I hope
this check will be removed soon, but this (afaics good) change needs the
separate discussion.
The fast path is "(state & (INTERRUPTIBLE | WAKEKILL)) + signal_pending(p)",
basically the same that schedule() does now. However, this patch of course
bloats schedule().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
@r exists@
expression E,E1;
statement S;
position p1,p2,p3;
@@
E =@p1 \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != E = E1
if (E == NULL || ...) S
... when != E = E1
if@p2 (...) {
... when != kfree(E)
}
... when != E = E1
kfree@p3(E);
@forall@
position r.p2;
expression r.E;
int E1 != 0;
@@
* if@p2 (...) {
... when != kfree(E)
when strict
return E1; }
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
__ctl_load/__ctl_store are called with either an array of unsigned long or
a single unsigned long value. Add an address operator to the "m"/"=m"
contraints to make them work for unsigned long arguments as well.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The first argument to __ctl_store() should be the array to store
stuff in, not just the first element of that array. With the
current code in __cpu_up(), mainline GCC dies with an internal
compiler error. I didn't diagnose that further, but just fixed
the kernel bug.
Signed-off-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Priorities for I/O interruption subclasses range from 0 (highest)
to 7 (lowest). Unfortunately, the console has been using isc 7
instead of an isc with a higher priority than regular I/O
subchannels (which use 3). Fix this by making the console use
isc 1.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If a memory range is supposed to be added to the 1:1 mapping and it
ends just below the maximum supported physical address it won't
succeed. This is because a test doesn't consider that the end address
is 1 smaller than start + size.
Fix the comparison.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
sparse complains about signedness:
drivers/s390/cio/blacklist.c:132:28: warning: incorrect type in
argument 2 (different signedness)
drivers/s390/cio/blacklist.c:132:28: expected unsigned int *val
drivers/s390/cio/blacklist.c:132:28: got int *cssid
drivers/s390/cio/blacklist.c:136:28: warning: incorrect type in
argument 2 (different signedness)
drivers/s390/cio/blacklist.c:136:28: expected unsigned int *val
drivers/s390/cio/blacklist.c:136:28: got int *ssid
drivers/s390/cio/blacklist.c:140:28: warning: incorrect type in
argument 2 (different signedness)
drivers/s390/cio/blacklist.c:140:28: expected unsigned int *val
drivers/s390/cio/blacklist.c:140:28: got int *devno
cssid, ssid and devno are of course unsigned, so let's make the
variables unsigned as well.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
In case of !64BIT kernel we end up with a zero sized mem_section array.
This happens because NR_MEM_SECTIONS is smaller than SECTIONS_PER_ROOT
but we have:
#define NR_SECTION_ROOTS (NR_MEM_SECTIONS / SECTIONS_PER_ROOT)
and
struct mem_section *mem_section[NR_SECTION_ROOTS];
So fix this by selecting SPARSEMEM_STATIC which makes sure
that SECTIONS_PER_ROOT is 1.
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/core: Remove IB_DEVICE_SEND_W_INV capability flag
IB/umem: Avoid sign problems when demoting npages to integer
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6:
Blackfin serial driver: fix up tty core set_ldisc API change breakage bug
Blackfin arch: protect only the SPI bus controller with CONFIG_SPI_BFIN
Blackfin arch: fixup warnings with the new cplb saved values
Blackfin Serial Driver: Clean up BF54x macro in blackfin UART driver.
The bindv6only is tuned via sysctl. It is already on a struct net
and per-net sysctls allow for its modification (ipv6_sysctl_net_init).
Despite this the value configured in the init net is used for the
rest of them.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-tip testing found the following build error:
drivers/built-in.o: In function `mcs_receive_irq':
mcs7780.c:(.text+0x4e429): undefined reference to `crc32_le'
drivers/built-in.o: In function `mcs_hard_xmit':
mcs7780.c:(.text+0x4e9af): undefined reference to `crc32_le'
with:
http://redhat.com/~mingo/misc/config-Sun_Jun__8_22_56_14_CEST_2008.bad
the reason is a missing enablement of the CRC32 library in the Kconfig.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch increments the version to 3.92.1.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On 5761 non-e devices, two problems prevent the administrator from
overriding the WOL settings in the device's NVRAM.
The first problem is that GPIO 0 and GPIO 2 have been swapped. This
change prevented the administrator from turning on WOL when it is
disabled in NVRAM. The fix is to add a new path for the 5761 that
swaps the two GPIOs in the code as well.
The second problem is that GPIO 1 could not be toggled by the driver
because the GPIO is shared with the debug UART GPIO. This will prevent
the administrator from being able to turn WOL off if it was enabled in
NVRAM. The fix is to always disable the debug UART after a GRC reset.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes a problem where the TG3_FLAG_10_100_ONLY flag was
testing against the wrong flags variable.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The git commit ef167e2703 entitled
"Fix supporting flowctrl code" introduced a bug that prevents 5714S,
5715S and 5780S devices from falling back to a forced link mode. The
problem is that the added flow control check will always fail if flow
control is set to autoneg and either RX or TX (or both) flow control
is enabled. The driver defaults to setting flow control to autoneg
and advertises both RX and TX flow control.
The fix is to remove the errant check.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 54d29ad33e (Power Supply: fix race
in device_create) introduced a race in power_supply_uevent. Previously it
checked that power_supply is available by checking for dev->driver_data.
But now dev->driver_data is set before power_supply->dev is initialised.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
fix race between:
ieee80211_open->ieee80211_led_radio->led_trigger_event->led_set_brightness->iwl3945_led_brightness_set
(which assumes that "led->priv" is not NULL)
and
iwl3945_pci_probe->iwl3945_setup_deferred_work->(...)->iwl3945_bg_alive_start->iwl3945_alive_start->iwl3945_led_register->iwl3945_led_register_led
which sets priv field in struct iwl3945_led
after
led->led_dev.brightness_set = iwl3945_led_brightness_set;
(...)
led_classdev_register(device, &led->led_dev);
http://kerneloops.org/guilty.php?guilty=iwl3945_led_brightness_set&version=2.6.25-release&start=1671168&end=1703935&class=oops
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: Zhu Yi <yi.zhu@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Tomas Winkler <tomas.winkler@intel.com>
Cc: linux-wireless@vger.kernel.org
Cc: ipw3945-devel@lists.sourceforge.net
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes a typo in the name of a config variable.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Reviewed-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds a check to the set_channel flow. When attempting to change
the channel while in IBSS mode, and the new channel does not support IBSS
mode, the flow return with an error value with no consequences on the
mac80211 and driver state.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sufficient scans (at least 2 or 3) should have been done within 7
seconds to find an existing IBSS to join. This should improve IBSS
creation latency; and since IBSS merging is still in effect, shouldn't
have detrimental effects on eventual IBSS convergence.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes a data alignment issue in the zd1211rw driver.
The IEEE80211_STYPE_QOS_DATA bit should be used as a bitwise test
to test for the presence of the 2 byte QoS control field.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes the issue of slow reconnection to an IBSS cell after
disconnection from it. Now the interface's bssid is reset upon ifdown.
ieee80211_sta_find_ibss:
if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
(bss = ieee80211_rx_bss_get(dev, bssid,
local->hw.conf.channel->center_freq,
ifsta->ssid, ifsta->ssid_len)))
Note:
In general disconnection is still not handled properly in mac80211
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This fixes an issus that made "iwconfig eth1 power on" non-working.
When we get a "PS sleep" event, we have to confirm this to the firmware.
The confirm happens with a command, but this command is special: the
firmware won't send us a response. if_cs_host_to_card() is setting
priv->dnld_sent anyway, so this variable stayed at DNLD_DATA_SENT and
was never cleared back.
Now I put the special knowledge that the CMD_802_11_PS_MODE with
CMD_SUBCMD_SLEEP_CONFIRMED doesn't need to need a response by directly
clearing the dnld_sent state in lbs_send_confirmsleep().
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Otherwise userspace has no idea the IBSS creation succeeded.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When another scan is in progress, a direct scan gets dropped on the
floor. However, that direct scan is usually the scan that's really
needed by userspace, and gets stomped on by all the broadcast scans the
ipw2200 driver issues internally. Make sure the direct scan happens
eventually, and as a bonus ensure that the passive scan worker is
cleaned up when appropriate.
The change of request_passive_scan form a struct work to struct
delayed_work is only to make the set_wx_scan() code a bit simpler, it's
still only used with a delay of 0 to match previous behavior.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Format string bug. Not exploitable, as this is only writable by root,
but worth fixing all the same.
Spotted-by: Ilja van Sprundel <ilja@netric.org>
Signed-off-by: Dave Jones <davej@redhat.com>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] ehea: Remove dependency on MEMORY_HOTPLUG
[POWERPC] Make walk_memory_resource available with MEMORY_HOTPLUG=n
[POWERPC] Use dev_set_name in pci_64.c
[POWERPC] Fix incorrect enabling of VMX when building signal or user context
[POWERPC] boot/Makefile CONFIG_ variable fixes
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.26:
sh: Add -mno-fdpic to default flags.
sh: add resource of USB host for SH7723
usb: r8a66597-hcd: Add support for SH7723 USB host
sh: Fix compile error SH7763 setup code
sh: Add SH7723 SCIF support