ChangeSet@1.2115, 2005-02-04 20:12:20-08:00, torvalds@ppc970.osdl.org Add extra debugging help for bad user accesses. ChangeSet@1.2114, 2005-02-04 19:49:54-08:00, paulus@samba.org [PATCH] Fix PPC rwlock code on SMP Currently, the kernel won't compile for SMP ppc32 if preempt is enabled. This patch adds suitable read_can_lock and write_can_lock definitions. This patch also adds a real _raw_read_trylock (inline and out-of-line versions), changes the rwlock->lock field to a signed int, which is what it really was all along, and cleans up the out-of-line rwlock code in arch/ppc/lib/locks.c. It removes the debug fields from the rwlock struct because we were never using them, even with CONFIG_DEBUG_SPINLOCK set. I have compile and boot tested this with the four combinations of CONFIG_DEBUG_SPINLOCKS on and off, and CONFIG_PREEMPT on and off. Please put this patch into 2.6.11 so that 2.6.11 will work for ppc32 with CONFIG_SMP and CONFIG_PREEMPT. Signed-off-by: Paul Mackerras Signed-off-by: Linus Torvalds ChangeSet@1.2113, 2005-02-04 19:20:45-08:00, venkatesh.pallipadi@intel.com [PATCH] x86: HPET setup, duplicate HPET_T0_CMP needed for some platforms This patch fixes the issue with HPET on some platforms. According to Vojtech Pavlik: The first write after writing TN_SETVAL to the config register sets the counter value, the second write sets the threshold. When you only do the first write you never set the threshold and interrupts won't be generated properly. Thanks to John Stultz and Andrew Walrond for reporting, root causing the issue and verifying this fix. Signed-off-by: Venkatesh Pallipadi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2112, 2005-02-04 19:20:31-08:00, sfr@canb.auug.org.au [PATCH] ppc64: replace last usage of vio dma mapping routines This patch just replaces the last usage of the vio dma mapping routines with the equivalent generic dma mapping routines. Signed-off-by: Stephen Rothwell Signed-off-by: Paul Mackerras Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2111, 2005-02-04 19:20:17-08:00, nathanl@austin.ibm.com [PATCH] ppc64: show -1 for physical_id of non-present cpus Make the physical_id cpu sysfs attribute on ppc64 show -1 instead of 65535 for non-present cpus. Signed-off-by: Nathan Lynch Signed-off-by: Paul Mackerras Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2110, 2005-02-04 19:20:03-08:00, paulus@samba.org [PATCH] ppc64: correct return code in syscall auditing This patch is from David Woodhouse . We were pretending that every syscall returned zero. Don't do that. Signed-Off-By: David Woodhouse Signed-off-by: Paul Mackerras Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2109, 2005-02-04 19:19:47-08:00, anton@samba.org [PATCH] Use MM_VM_SIZE in exit_mmap The 4 level pagetable code changed the exit_mmap code to rely on TASK_SIZE. On some architectures (eg ppc64 and ia64), this is a per task property and bad things can happen in certain circumstances when using it. It is possible for one task to end up "owning" an mm from another - we have seen this with the procfs code when process 1 accesses /proc/pid/cmdline of process 2 while it is exiting. Process 2 exits but does not tear its mm down. Later on process 1 finishes with the proc file and the mm gets torn down at this point. Now if process 1 was 32bit and process 2 was 64bit then we end up using a bad value for TASK_SIZE in exit_mmap. We only tear down part of the address space and leave half initialised pagetables and entries in the MMU etc. MM_VM_SIZE() was created for this purpose (and is used in the next line for tlb_finish_mmu), so use it. I moved the PGD round up of TASK_SIZE into the default MM_VM_SIZE. Signed-off-by: Anton Blanchard Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2108, 2005-02-04 19:19:34-08:00, dwmw2@infradead.org [PATCH] TASK_SIZE is variable. Bad things can happen if a 32-bit process is the last user of a 64-bit mm. TASK_SIZE isn't a constant, and we can end up clearing page tables only up to the 32-bit TASK_SIZE instead of all the way. We should probably double-check every instance of TASK_SIZE or USER_PTRS_PER_PGD for this kind of problem. We should also double-check that MM_VM_SIZE() and other such things are correctly defined on all architectures. I already fixed ppc64 which let it stay as TASK_SIZE, and hence dependent on the _current_ context instead of the mm in the argument. Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2107, 2005-02-04 19:19:20-08:00, trini@kernel.crashing.org [PATCH] ppc32: MPC82xx PCI9 errata workaround broken Changeset 1.1938.196.11 broke MPC8260 PCI9 Errata workaround. This pach makes it work again. Signed-off-by: Rune Torgersen Signed-off-by: Tom Rini Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2106, 2005-02-04 19:19:04-08:00, jdike@addtoit.com [PATCH] uml: fix x86_64 submode compilation Forgot to use ARCH_USER_CFLAGS after defining it for x86_64. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2105, 2005-02-04 19:18:49-08:00, jdike@addtoit.com [PATCH] uml: fix STATIC_LINK compilation This fixes a bug which assumes that __binary_start starts on a page boundary, which isn't true when UML is configured to load into the normal executable area. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2104, 2005-02-04 19:18:36-08:00, jdike@addtoit.com [PATCH] uml: fix broken #ifdef clause causing crashes The previous ifdef to check whether to use the host's vsyscall page was buggy. This bug can cause crashes. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2103, 2005-02-04 19:18:22-08:00, jdike@addtoit.com [PATCH] uml: fix jiffies initialization Initialize jiffies_64 to INITIAL_JIFFIES. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2102, 2005-02-04 19:18:08-08:00, bstroesser@fujitsu-siemens.com [PATCH] uml: disallow stack access below $esp like i386 / x86_64 When a page fault occurs on an address below the stack-vma, UML tries to expand the stack. On i386 and x86_64, the failing address is compared to the current userspace stack pointer. If the failing address is below "esp-32" resp. "rsp-128", stack expansion is not allowed, and a SIGSEGV is given to the user. This patch makes UML behave like i386/x86_64. Signed-off-by: Bodo Stroesser Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2101, 2005-02-04 19:17:54-08:00, jdike@addtoit.com [PATCH] uml: Fix SKAS sig-handler reentrancy This adds code which enables SIGSEGV reception to the SKAS sig_handler_common, which matches the tt code. I still need to figure out why the SA_NODEFER flag was backed out in favor of this. Signed-off-by: Paolo 'Blaisorblade' Giarrusso CC: uml-devel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2100, 2005-02-04 19:17:41-08:00, blaisorblade@yahoo.it [PATCH] uml: kconfig fixes Change some config text (hide CONFIG_MODVERSION which is broken on UML and fix a dummy prompt). Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2099, 2005-02-04 19:17:26-08:00, blaisorblade@yahoo.it [PATCH] uml: fix compilation for missing headers Re-add some needed headers inclusion deleted in http://linux.bkbits.net:8080/linux-2.5/cset@41e49628dGbOWX-bT9yZII4f19GT6A If you think it cannot make sense to include both and (as userspace process, i.e. host includes), go complaining with glibc, or follow the linux-abi includes idea. However, the compilation failure is possibly glibc-version (or better glibc includes version) related - what I now is that the failure happens on my system with a glibc 2.3.4 (from Gentoo). Also, fix the syscall table to both compile and have no empty slot (which could cause Oopses). Acked-by: Jeff Dike Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2098, 2005-02-04 19:17:12-08:00, blaisorblade@yahoo.it [PATCH] uml: makefile fix arch/um/Kconfig_arch is actually a symlink, so * Remove it from the tree. * Make sure it is removed during make mrproper. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2097, 2005-02-04 19:16:59-08:00, akpm@osdl.org [PATCH] nfsd needs exportfs With NFSD=y, EXPORTFS=m: fs/built-in.o(.text+0x7fff5): In function `fh_verify': /usr/src/25/fs/nfsd/nfsfh.c:221: undefined reference to `export_op_default' So it seems that nfsd requires exportfs. For consistency we should tidy up the definition of EXPORTFS too. Signed-off-by: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2096, 2005-02-04 19:16:45-08:00, michal@logix.cz [PATCH] Update Michal Ludvig details Signed-off-by: Michal Ludvig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2095, 2005-02-04 19:16:31-08:00, nacc@us.ibm.com [PATCH] include/jiffies: fix usecs_to_jiffies()/jiffies_to_usecs() math Fixes the math of both jiffies_to_usecs() and usecs_to_jiffies() which improperly assume the same rounding point -- 1,000 -- as jiffies_to_msecs() and msecs_to_jiffies(), when in fact it should be 1,000,000. Furthermore, the actual math of both functions is actually wrong and will lead to more than just rounding errors. Signed-off-by: Nishanth Aravamudan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2094, 2005-02-04 19:16:18-08:00, jimix@watson.ibm.com [PATCH] Fix devfs name for the hvcs driver The hvcs driver does not register a devfs_name resulting in devfs creating /dev/* entries. The following one line patch remedies the problem. Signed-off-by: Jimi Xenidis Signed-off-by: Paul Mackerras Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2093, 2005-02-04 19:16:04-08:00, davej@redhat.com [PATCH] ibmveth inlining failure. Yet another ppc64 build failure.. Move the function before its first usage, and the failure goes away. Signed-off-by: Dave Jones Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2092, 2005-02-04 19:15:50-08:00, nanhai.zou@intel.com [PATCH] fix an error in /proc/slabinfo print There is an obvious error in the header of /proc/slabinfo Signed-off-by: Zou Nan hai Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2091, 2005-02-04 19:15:36-08:00, jgreen@users.sourceforge.net [PATCH] pcmcia: ds.c initialisation fix A wrong ordering of operators in pcmica_register_client() causes initialization problems with multiple PCMCIA cards. Signed-off-by: Josh Green Signed-off-by: Dominik Brodowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2090, 2005-02-04 19:15:23-08:00, sds@tycho.nsa.gov [PATCH] SELinux: fix selinux_inode_setattr hook This fixes the selinux_inode_setattr hook function to honor the ATTR_FORCE flag, skipping any permission checking in that case. Otherwise, it is possible though unlikely for a denial from the hook to prevent proper updating, e.g. for remove_suid upon writing to a file. This would only occur if the process had write permission to a suid file but lacked setattr permission to it. Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2089, 2005-02-04 15:26:44-08:00, greg@kroah.com [PATCH] Update greg's email address I have a new job. Signed-off-by: Greg Kroah-Hartman Signed-off-by: Linus Torvalds ChangeSet@1.2088, 2005-02-04 15:26:30-08:00, dhowells@redhat.com [PATCH] FRV: vmlinux.lds.S comment cleanup This cleans up a comment in vmlinux.lds.S - emacs now has an LD script mode, so it shouldn't be forced into C mode. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2087, 2005-02-04 15:26:15-08:00, dhowells@redhat.com [PATCH] FRV: Make the bit finding functions take const pointers This makes the bit finding functions in asm/bitops.h take const pointers since they don't modify what they access. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2086, 2005-02-04 15:26:01-08:00, dhowells@redhat.com [PATCH] FRV: Add TIF_MEMDIE This adds TIF_MEMDIE for FRV. Could whoever added it to include/asm-i386/thread_info.h comment this flag there please? I've given it a comment here, but I'm not sure it's correct. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2085, 2005-02-04 15:25:47-08:00, dhowells@redhat.com [PATCH] FRV: Semaphore implementation race fix This fixes a race in the FRV arch's semaphore implementation. The same type of fixes were applied to the rw-semaphore implementations to fix the same races there. The race involved the on-stack record linked into the semaphore's queue by the down() executed by a process now sleeping on the semaphore going away and the sleeping task going away before the process that woke it up during up() processing had finished with those structures. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2084, 2005-02-04 15:25:33-08:00, dhowells@redhat.com [PATCH] FRV: cli/sti cleanup This cleans up the remaining references to the cli() and sti() functions from the FRV arch now they're deprecated. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2083, 2005-02-04 15:25:19-08:00, dhowells@redhat.com [PATCH] FRV: Make switch_to() return previous task This makes switch_to() on the FRV pass through and return the previous task pointer rather than trusting to luck that it'll be left in the correct register/variable. Signed-Off-By: David Howells Signed-off-by: Linus Torvalds ChangeSet@1.2082, 2005-02-04 10:25:20-08:00, alan@lxorguk.ukuu.org.uk [PATCH] more fixes for the Moxa driver One user hit problems on SMP that are caused by long standing mxser violations of the tty rules. Another report including problems with request_irq being called with locks held (legal in 2.4 but not 2.6 due to procfs). This fixes both of them Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds ChangeSet@1.2081, 2005-02-04 10:01:31-08:00, nickpiggin@yahoo.com.au [PATCH] Fix kswapd spinning When a zone (usually DMA) has no active pages, pages_scanned (which triggers all_unreclaimable) is only incremented when scanning the active list. Make sure it's incremented for scanned cache entries too. Tested-by: Terje Fåberg Signed-off-by: Linus Torvalds ChangeSet@1.2080, 2005-02-04 08:21:12-08:00, jdike@addtoit.com [PATCH] UML: remove not-yet-merged system calls This fixes UML's sys_call_table to delete some entries for system calls which have not yet made it into mainline from -mm. I also delete UML's __pud_alloc implementation since the memory.c one is now enabled. Signed-off-by: Jeff Dike Signed-off-by: Linus Torvalds ChangeSet@1.2078, 2005-02-04 07:56:11-08:00, kraxel@bytesex.org [PATCH] tv-card tuner fixup disable + comment current secam tweak, will not work that way ... Signed-off-by: Gerd Knorr Signed-off-by: Linus Torvalds ChangeSet@1.2077, 2005-02-03 17:09:48-08:00, ralf@linux-mips.org [PATCH] mips: SGI IP22 updates o Remove old unused header files o Update the VINO video driver to something that's vaguely working o Bug fixes for the IP22 Zilog driver o Fix use of config.h Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2076, 2005-02-03 17:05:33-08:00, linux@dominikbrodowski.de [PATCH] pcmcia: m32 registration failure fixup The pseudo-unregistration of PCMCIA sockets in case the registration of any such socket failed causes lockups. See http://bugme.osdl.org/show_bug.cgi?id=4115 for details (same problem, Signed-off-by: Dominik Brodowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2075, 2005-02-03 17:05:20-08:00, linux@dominikbrodowski.de [PATCH] pcmcia: i82365 registration failure fixup Fix a bug which was diagnosed by David Howard . The pseudo-unregistration of PCMCIA sockets in case the registration of any such socket failed causes lockups. See http://bugme.osdl.org/show_bug.cgi?id=4115 for details Signed-off-by: Dominik Brodowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2074, 2005-02-03 17:05:05-08:00, sripathik@in.ibm.com [PATCH] s390: compat_sys_old_readdir and compat_sys_getdents s390 should use the generic compat functions for compat_sys_old_readdir and compat_sys_getdents. The s390 specific ones are buggy and superflous. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2073, 2005-02-03 17:04:51-08:00, hare@suse.de [PATCH] s390: compat SI_TIMER conversion tst-timer4 from the glibc fails in the 32bit compat execution environment. This is due to a incomplete siginfo structure for POSIX.1b timers in compat_signal.c. Signed-off-by: Hannes Reinecke Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2072, 2005-02-03 17:04:37-08:00, schwidefsky@de.ibm.com [PATCH] s390: qeth network driver From: Steffen Thoss From: Frank Pavlic qeth network driver changes: - Improve performance by omitting svs. - Use function callback mechanism to set layer 2 parameters when getting a reply for a Layer 2 command. - dev->hard_header must not be NULL when fake_ll is no set since IPv6 and Layer2 needs the default function set by network stack. - ping6 works now when running in layer 2 mode. - Save original dev->hard_header to restore it when the user doesn't want to use fake_ll anymore. - Fake ethernet header in outgoing packets. This currently works only if qeth is compiled without ipv6 support. - Add more debug information in case of failures in qeth_set_offline. - Using fake_ll with HiperSockets devices results in misaligned ip packets and thus no traffic over HiperSockets. - Start qeth_remove_device only after the qeth recovery completed. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2071, 2005-02-03 17:04:23-08:00, tspat@de.ibm.com [PATCH] s390: key protected i/o Add interface for key protected i/o. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2070, 2005-02-03 17:04:09-08:00, cohuck@de.ibm.com [PATCH] s390: common i/o layer Common i/o layer changes: - Allow ccw_device_halt() and ccw_device_clear() in state WAIT4IO. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2069, 2005-02-03 17:03:54-08:00, horst.hummel@de.ibm.com [PATCH] s390: dasd i/o scheduler & debug logs dasd driver change: - Set default i/o scheduler to 'deadline'. Latest performance results indicate that this works fastest. - Set default debug feature level to DBF_EMERG. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2068, 2005-02-03 17:03:40-08:00, cborntra@de.ibm.com [PATCH] s390: cpcmd interface - Diagnose 8 needs a response buffer below 2GB real storage. As the caller cannot always allocate the buffer with GFP_DMA the best solution is to rewrite cpcmd to use a bounce buffer if necessary. The old function was renamed to __cpcmd and can be called if appropriate. The early boot code does not provide kmalloc but need cpcmd functionality. These places have been converted to use __cpcmd, as the init code and data are below 2GB. - In case of an 31 bit system, cpcmd is defined as __cpcmd. - EXPORT_SYMBOL(cpcmd) moved into cpcmd.c - some whitespace fixes in cpcmd.[c/h] Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2067, 2005-02-03 17:03:26-08:00, jlamanna@gmail.com [PATCH] s390: vfree checking cleanup arch/s390/kernel/module.c vfree() checking cleanup. Signed-off-by: James Lamanna Signed-off-by: Domen Puncer Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2066, 2005-02-03 17:03:12-08:00, schwidefsky@de.ibm.com [PATCH] s390: core changes From: Christian Bornträger From: Heiko Carstens From: Michael Holzheu From: Martin Schwidefsky s390 core changes: - Export arch_pick_mmap_layout as GPL symbol for binfmt_elf32. - Remove unnecessary include from cmm. - Allow only root to read the debug feature logs. - Register all RAM resources, this fixes output of /proc/iomem. - Add read_can_lock and write_can_lock primitives. - Regenerate default configuration. Signed-off-by: Martin Schwidefsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2065, 2005-02-03 17:02:57-08:00, mgreer@mvista.com [PATCH] ppc32: fix locking bugs in mv64x60 code This patch fixes 2 SMP deadlocks. The first is that mv64x60_read() was returning before the unlock. The second was mv64x60_modify() locks the spin lock and calls mv64x60_read() and mv64x60_write() which also lock the same spin lock. Signed-Off-By: Brian Waite Signed-off-by: Mark A. Greer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2064, 2005-02-03 17:02:43-08:00, mgreer@mvista.com [PATCH] ppc32: include/asm-ppc/rwsem.h RWSEM_DEBUG usage include/asm-ppc/rwsem.h has '#ifdef RWSEM_DEBUG' but RWSEM_DEBUG is always defined (as 0) in include/linux/rwsem.h. The #ifdef's should be #if's. This also brings the ppc usage in line with the the other architectures. Signed-off-by: Mark A. Greer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2063, 2005-02-03 17:02:28-08:00, mporter@kernel.crashing.org [PATCH] ppc32: add PPC440SP and Luan ref board support Adds support for the IBM/AMCC PPC440SP SoC. Also adds support for the Luan reference board that has a 440SP on it. Signed-off-by: Matt Porter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2062, 2005-02-03 17:02:13-08:00, mporter@kernel.crashing.org [PATCH] ppc32: PPC4xx DMA fixes, burst, and sg improvements This fixes several issues with the PPC4xx DMA library as well as adding support for bursting and some improvements to SG handling. Signed-off-by: Colin Wernham Signed-off-by: Matt Porter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2061, 2005-02-03 17:02:00-08:00, sds@tycho.nsa.gov [PATCH] SELinux: audit any unmapped permissions This patch changes SELinux to display any permission values that could not be mapped to names as a hex value when generating an audit message. Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2060, 2005-02-03 17:01:47-08:00, sds@tycho.nsa.gov [PATCH] SELinux: define execmod permission for character devices This patch regenerates the SELinux module headers to define the execmod permission for character device files in order to provide proper auditing of such checks on /dev/zero. Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2059, 2005-02-03 17:01:33-08:00, dilinger@voxel.net [PATCH] cpufreq_resume() fix Since acpi_cpufreq_resume and speedstep_resume appear to return 0 upon success, it seems like the attached patch is what the desired behavior would be. Otherwise, cpufreq_resume() always prints an error and exits early if using a cpufreq_driver that supports resume. Signed-off-by: Dominik Brodowski Signed-off-by: Dave Jones Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2058, 2005-02-03 17:01:20-08:00, arnd@arndb.de [PATCH] SERIAL_TXX9 fix The earlier patch forgot to add the Makefile change. Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2057, 2005-02-03 17:01:06-08:00, fanny.wakizaka@cyclades.com [PATCH] avma1_cs: Inverted parameter order in outb avma1_cs detect routine for AVM A1 based PCMCIA cards has its "outb" parameters inverted - switch to "byteout" define to be conformant with the rest of the driver, fixing the order. This was noticed on PPC, which triggers an MCE in case of invalid IO port access, which is not the case on x86. Signed-off-by: Marcelo Tosatti Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2056, 2005-02-03 17:00:52-08:00, trini@kernel.crashing.org [PATCH] Move down in is unsafe for inclusion by userland apps, but it is in the userland-exposed portion of . It's only needed in the __KERNEL__ protected portion of the file, so move the #include down to there. lmbench-2.0.4 runs into this issue in 'flushdisk'. Signed-off-by: Tom Rini Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2055, 2005-02-03 17:00:39-08:00, jack@suse.cz [PATCH] Fix reiserfs quota SMP locks From: Vladimir Saveliev , Jan Kara Add missing SMP locking and one lock_buffer() to the reiserfs quota code. Signed-off-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2054, 2005-02-03 17:00:26-08:00, agk@redhat.com [PATCH] device-mapper: Fixes for 64-bit sector_t Fix some bugs in device-mapper handling of 64-bit values, replacing dm_div_up() and dm_round_up() inlines with macros and removing some avoidable divisions of 64-bit numbers. The mirror region size is the granularity used to manage and monitor the data copying, typically 512KB, so 32 bits (of sectors) should be plenty to hold this. Taken together with the two earlier patches: "fix TB stripe data corruption" (a missing cast) and "stripe_width should be sector_t", I've now had 3 independent reports that this fixes device-mapper for devices with large stripes. Still awaiting test results for dm-crypt and dm-raid1. Signed-Off-By: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2053, 2005-02-03 17:00:10-08:00, agk@redhat.com [PATCH] device-mapper: stripe_width should be sector_t stripe_width should be sector_t to support large devices. Signed-Off-By: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2052, 2005-02-03 16:59:56-08:00, davej@redhat.com [PATCH] ppc32: unbreak perfctr build Signed-off-by: Dave Jones Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2051, 2005-02-03 16:59:43-08:00, mst@mellanox.co.il [PATCH] InfiniBand: remove unbalance refcnt decrement Fix unbalanced QP reference count decrement (introduced with QP lock optimization patch) Signed-off-by: Michael S. Tsirkin Signed-off-by: Roland Dreier Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2050, 2005-02-03 16:59:28-08:00, libor@topspin.com [PATCH] InfiniBand: add missing break between cases Add a missing break statement between RC and UD cases in mthca_post_send(). This fixes a possible oops for protocols that use the RC transport. Signed-off-by: Libor Michalek Signed-off-by: Roland Dreier Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.2049, 2005-02-03 16:59:15-08:00, akpm@osdl.org [PATCH] pnpacpi build fix - Fix it for older C compilers. - Extern decls always, always, always go in header files, please. Cc: "Brown, Len" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ChangeSet@1.1983.1.23, 2005-02-03 23:01:36+00:00, nico@org.rmk.(none) [ARM PATCH] 2456/1: fix futex syscall argument passing Patch from Nicolas Pitre sys_futex wrapper to store its sixth argument on the stack. Also fix a typo with sys_clone_wapper. Signed-off-by: Nicolas Pitre Signed-off-by: Russell King ChangeSet@1.1983.1.22, 2005-02-03 22:19:58+00:00, rmk@flint.arm.linux.org.uk [ARM] Fix sys_syscall Signed-off-by: Russell King ChangeSet@1.2040.1.7, 2005-02-03 10:31:07-08:00, torvalds@ppc970.osdl.org Merge bk://kernel.bkbits.net/gregkh/linux/2.6.11-rc3/pci into ppc970.osdl.org:/home/torvalds/v2.6/linux ChangeSet@1.2040.3.9, 2005-02-03 10:18:57-08:00, torvalds@ppc970.osdl.org Make generic rw_verify_area check against file offset overflows. Not that low-level code really tends to care, but since loff_t is a signed 64-bit entity and size_t is unsigned (and potentially 64-bit), mixing the two isn't very well-defined.. ChangeSet@1.2040.3.8, 2005-02-03 09:37:45-08:00, torvalds@ppc970.osdl.org Make read/write always do the full "access_ok()" tests. The actual user copy will do them too, but only for the range that ends up being actually copied. That hides bugs when the range has been clamped by file size or other issues. ChangeSet@1.2040.3.6, 2005-02-03 08:44:37-08:00, viro@parcelfarce.linux.theplanet.co.uk [PATCH] via82cxxx: fix ppc32 multiplatform config test PPC_MULTIPLATFORM exists both for ppc32 and ppc64; chrp and pegasos, OTOH, are ppc32-only. The ifdef in via82cxxx should be for PPC_MULTIPLATFORM and PPC32 - it makes no sense for ppc64 multiplatform and, as the matter of fact, simply won't compile there. Signed-off-by: Al Viro Signed-off-by: Linus Torvalds ChangeSet@1.2040.3.5, 2005-02-03 08:44:22-08:00, viro@parcelfarce.linux.theplanet.co.uk [PATCH] sparc64: fix compile with strict mm types compile fix on sparc64 - missed pgd_val() bites now that we have STRICT_MM_TYPECHECKS set. Incidentally, shifting _by_ unsigned long is useless - type of result is determined by the type of first argument... Signed-off-by: Al Viro Signed-off-by: Linus Torvalds ChangeSet@1.2040.3.4, 2005-02-03 08:18:37-08:00, axboe@suse.de [PATCH] md sync_page_io bio leak I accidentally introduced a leak in there, because the end_io function doesn't do a bio_put() like most others. Fortunately it's not critical, as it only happens on the md super block read. So just drop the initial bio_get(), since it's sync we can just bio_put() safely at the end after it has completed. Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds ChangeSet@1.2040.3.3, 2005-02-03 08:18:23-08:00, kraxel@bytesex.org [PATCH] DVB: No signal with bt848/tda9887 Markus Trippelsdorf reported a non-working bt848 card with the recent DVB update. It's an initialization order bug which changes the default state of the tda9887 output ports. Verified to fix the problem by Markus Trippelsdorf Signed-off-by: Linus Torvalds ChangeSet@1.2040.3.2, 2005-02-03 08:18:09-08:00, oskar.senft@gmx.de [PATCH] Fix ISDN4Linux bug in isdnhdlc.c isdnhdlc_decode is called multiple times for bigger frames, so decrementing dsize is a bad idea and can cause a overflow of the dst buffer. Signed-off-by: Karsten Keil Signed-off-by: Linus Torvalds ChangeSet@1.1992.9.17, 2005-02-03 16:59:05+01:00, bzolnier@trik.(none) [ide] fix printk in ide_allocate_dma_engine() With Olaf Hering . Parameters were interchanged. Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.16, 2005-02-03 16:52:26+01:00, prarit@sgi.com [ide] fix error handling in probe_hwif_init() and sgiioc4 driver From: Prarit Bhargava I discovered an issue where a hwif_init() failure lead to /proc/ide files being created for devices that failed probes. This resulted in oops/WARN_ON/BUG_ON executions through the kernel depending on what actions were on going. slightly changed by me (bart) Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.15, 2005-02-03 16:50:28+01:00, tj@home-tj.org [ide] add ide_hwgroup_t.polling ide_hwgroup_t.polling field added. 0 in poll_timeout field used to indicate inactive polling but because 0 is a valid jiffy value, though slim, there's a chance that something weird can happen. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.14, 2005-02-03 16:48:42+01:00, tj@home-tj.org [ide] add ide_drive_t.sleeping ide_drive_t.sleeping field added. 0 in sleep field used to indicate inactive sleeping but because 0 is a valid jiffy value, though slim, there's a chance that something can go weird. And while at it, explicit jiffy comparisons are converted to use time_before() macros. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.13, 2005-02-03 16:47:16+01:00, tj@home-tj.org [ide] comment fixes Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.12, 2005-02-03 16:45:57+01:00, tj@home-tj.org [ide] remove NULL checking in ide_error() In ide_error(), drive cannot be NULL. ide_dump_status() can't handle NULL drive. From: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.11, 2005-02-03 16:44:41+01:00, tj@home-tj.org [ide] ide-tape: use time_after() macro Explicit jiffy comparision converted to time_after() macro. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.10, 2005-02-03 16:43:04+01:00, tj@home-tj.org [ide] __ide_do_rw_disk() return value fix In __ide_do_rw_disk(), ide_started used to be returned blindly after issusing PIO write. This can cause hang if pre_task_out_intr() returns ide_stopped due to failed ide_wait_stat() test. Fixed to pass the return value of pre_task_out_intr(). Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.9, 2005-02-03 16:41:20+01:00, tj@home-tj.org [ide] __ide_do_rw_disk() lba48 dma check fix In __ide_do_rw_disk(), the shifted block, instead of the original rq->sector, should be used when checking range for lba48 dma. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.8, 2005-02-03 16:39:36+01:00, tj@home-tj.org [ide] cleanup piix In drivers/ide/pci/piix.[hc], init_setup_piix() is defined and used but only one init_setup function is defined and no demultiplexing is done using init_setup callback. As other drivers call ide_setup_pci_device() directly in such cases, this patch removes init_setup_piix() and makes piix_init_one() call ide_setup_pci_device() directly. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.7, 2005-02-03 16:38:05+01:00, tj@home-tj.org [ide] cleanup opti621 In drivers/ide/pci/opti612.[hc], init_setup_opti621() is declared, defined and referenced but never actually used. This patch removes the function. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.6, 2005-02-03 16:36:41+01:00, bzolnier@trik.(none) [ide] fix it8172 build for real Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.5, 2005-02-03 16:35:12+01:00, tj@home-tj.org [ide] cleanup it8172 In drivers/ide/pci/it8172.h, it8172_ratefilter() and init_setup_it8172() are declared and the latter is referenced in it8172_chipsets. Both functions are not defined or used anywhere. This patch removes the prototypes and reference. it8172 should be compilable now. Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.4, 2005-02-03 16:33:36+01:00, tj@home-tj.org [ide] remove adma100 Removes drivers/ide/pci/adma100.[hc]. The driver isn't compilable (missing functions) and no Kconfig actually enables CONFIG_BLK_DEV_ADMA100. On Wed, 02 Feb 2005 03:31:59 -0500, Jeff Garzik wrote: > Also, the libata-dev-2.6 tree has an "ata_adma" driver which is > complete, but needs some testing (and I have h/w). Signed-off-by: Tejun Heo Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.3, 2005-02-03 16:29:50+01:00, bunk@stusta.de [ide] possible cleanups This patch contains the following possible cleanups: - make some needlessly global code static - ide-dma.c: remove the unneeded EXPORT_SYMBOL(__ide_dma_test_irq) slightly changed by me (bart) Signed-off-by: Adrian Bunk Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.1992.9.2, 2005-02-03 16:21:14+01:00, arjan@infradead.org [ide] unexport atapi_*_bytes() and ide_read_24() From: Arjan van de Ven * make atapi_{input,output}_bytes() static, fix users to use drive->hwif * remove ide_read_24() export; it's unused since the ide-io.c reorganization * add a FIXME comment to the ide_fix_driveid() export slightly changed by me (bart) Signed-off-by: Bartlomiej Zolnierkiewicz ChangeSet@1.2040.2.12, 2005-02-03 01:42:08-08:00, hkneissel@gmx.de [PATCH] USB: garmin_gps tweak attached is a new patch for the garmin_gps driver. It only updates my email address in the header, as i am in the process of changing my isp and the listed address will be offline sometime soon. The second change makes the configuration entry look more like the other entries in the menu. Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.11, 2005-02-03 01:41:41-08:00, akpm@osdl.org [PATCH] USB: Logitech Cordeless Desktop Keyboard fails to report class descriptor From: Nico Huber The receiver of my Logitech Cordeless Desktop fails to report the keyboard's class descriptor most times I insert the usb-hid module since I changed to linux 2.6. The modell of the receiver is C-BD9-DUAL REV C. The request seems not to fail but the count of received characters is zero. As I said it only fails most times, I worked around making the following changes in drivers/usb/input/hid-core.c from linux-2.6.11-rc2: Following the good example of drivers/usb/core/message.c line 575, I initialized the buffer in hid_get_class_descriptor() to zero. In the loop of hid_get_class_descriptor() not waiting for any result but waiting for a result wich is lower the requested size of the class descriptor (line 1290). usb_hid_configure() should not try to parse the expected length but the received (line 1653). Attached is a patch with these changes Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.10, 2005-02-03 01:41:15-08:00, rddunlap@osdl.org [PATCH] USB: hid-core: possible buffer overflow in hid-core.c Peter Bartosch wrote: > Hello all, > > > i think i found a possible buffer overflow in hid-core (2.6.10-rc2): Agreed, and sorry it took so long to reply/patch this. (from 2004-DEC-01) > when i interpret this code right, the buffer (buf) will overflow when > the iManufacturer stringlength is 0 and the iProduct stringlength > is > 64! Thanks, here's a patch for it. Fix potential buffer overflow (by a device descriptor): buf size is only 64 bytes. Signed-off-by: Randy Dunlap Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.9, 2005-02-03 01:40:48-08:00, krautz@gmail.com [PATCH] TIGLUSB Cleanups 3/3 This removes the TIGLUSB-documentation, silverlink.txt. Signed-off-by: Mikkel Krautz Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.8, 2005-02-03 01:40:20-08:00, krautz@gmail.com [PATCH] TIGLUSB Cleanups 2/3 This removes the TIGLUSB-maintainers from the MAINTAINERS-file. Signed-off-by: Mikkel Krautz Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.7, 2005-02-03 01:39:53-08:00, krautz@gmail.com [PATCH] TIGLUSB Cleanups 1/3 This removes the tiusb boot-parameter from kernel-parameters.txt. Signed-off-by: Mikkel Krautz Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.6, 2005-02-03 01:39:27-08:00, stern@rowland.harvard.edu [PATCH] USB: unusual_devs.h update This patch updates the unusual_devs entry for the SCM multimedia card adapter. Apparently earlier versions of the device included wrong descriptors but later versions did not. Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.5, 2005-02-03 01:39:00-08:00, oliver@neukum.org [PATCH] USB: fix for open/disconnect race in acm open takes the semaphore too late. This fixes it. Signed-off-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.4, 2005-02-03 01:38:33-08:00, david-b@pacbell.net [PATCH] USB: another usbnet ax8817x device (goodway docking station) Add support for another AX8817x network device, found in a docking station. T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=02(comm.) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1631 ProdID=6200 Rev= 0.01 S: Manufacturer=goodway corp usb S: Product=gwusb2e S: SerialNumber=01 C:* #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=450mA I: If#= 0 Alt= 0 #EPs= 3 Cls=00(>ifc ) Sub=00 Prot=00 Driver=(none) E: Ad=81(I) Atr=03(Int.) MxPS= 8 Ivl=128ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: Olaf Hering Signed-off-by: David Brownell Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.3, 2005-02-03 01:38:05-08:00, dwmw2@infradead.org [PATCH] USB: fix libusb endian issues On Wed, 2005-01-19 at 15:39 -0800, John Mock wrote: > New to 2.6.11-rc1 is that 'lsusb' exhibits 'endian' problems on the > PowerMac. Is that really new to 2.6.11-rc1? The kernel byte-swaps the bcdUSB, idVendor, idProduct, and bcdDevice fields in the device descriptor. It should probably swap them back before copying it up to userspace. From: David Woodhouse Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.2, 2005-02-03 01:37:39-08:00, stern@rowland.harvard.edu [PATCH] USB: Fix EHCI boot oops on AMD > > ----- Forwarded message from Andi Kleen ----- > > Someone added an test for AMD 8111 in EHCI, returning > > an error in reset. > > > > When triggered it would cause an NULL pointer oops because > > it would usb_hcd_put an half initialized hcd without > > initialized class. I added a new usb_hcd_free function > > to handle such half baked objects. Andi's diagnosis is correct -- the embedded class_device was not fully initialized -- but the solution is wrong. The correct patch is below. This was clearly my fault, an error in driver-model programming brought on by lack of documentation about which fields in the driver-model structures need to be set for which API calls. (Greg, long ago I sent you a documentation patch to try and help remedy this problem, but it seems to have fallen by the wayside.) Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.2.1, 2005-02-03 01:37:12-08:00, R.E.Wolff@harddisk-recovery.nl [PATCH] Re: Bug when using custom baud rates.... When using custom baud rates, the code does: if ((new_serial.baud_base != priv->baud_base) || (new_serial.baud_base < 9600)) return -EINVAL; Which translates to english as: If you changed the baud-base, OR the new one is invalid, return invalid. but it should be: If you changed the baud-base, OR the new one is invalid, return invalid. From: Rogier Wolff Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.1.6, 2005-02-03 00:42:00-08:00, tlnguyen@snoqualmie.dp.intel.com [PATCH] PCI: change sysfs representation of PCI-E devices Before changes: The patch makes the parent of the device pointing to the pci_dev structure. The parents portX devices are in /sys/devices which should be removed based on your suggestions. Below is /sys/devices before any changes made. /sys/devices | __ ide0 | __ pci0000:00 | __ pnp0 | __ port1 | | | __ port1.00 | | | __ port1.01 | . | . | . | __ port2 | __ port3 | __ system After changes: The parents portX devices are no longer necessary because port1.00 and port1.01 devices shoud have the parent of the pci_dev structure (based on your suggestion). The patch does the following changes: - remove code creating and handling the parent portX devices. - rename portX.YZ to pcieYZ (for example port1.00 renamed to pcie00) since portX is no longer needed. - make pcieYZ have the parent of the pci_dev structure. Below is /sys/devices after changes made to the patch. /sys/devices | __ ide0 | __ pci0000:00 | | | __ 0000:00:00.0 | | | __ 0000:00:04.0 | | | | . __ class | . | | . __ pcie00 | | | __ pcie01 | . | . | . | __ platform | __ pnp0 | __ system Signed-off-by: T. Long Nguyen Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.1.5, 2005-02-03 00:41:32-08:00, greg@kroah.com [PATCH] PCI: add linux-pci mailing list to PCI maintainers entry. Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.1.4, 2005-02-03 00:41:04-08:00, johnrose@austin.ibm.com [PATCH] PCI Hotplug: remove incorrect rpaphp firmware dependency The RPA PCI Hotplug module incorrectly uses a certain firmware property when determining the hotplug capabilities of a slot. Recent firmware changes have demonstrated that this property should not be referenced or depended upon by the OS. This patch removes the dependency, and implements a correct set of logic for determining hotplug capabilities. Signed-off-by: John Rose Signed-off-by: Greg Kroah-Hartman diff -puN drivers/pci/hotplug/rpadlpar_core.c~02_rpadebug drivers/pci/hotplug/rpadlpar_core.c ChangeSet@1.2040.1.3, 2005-02-03 00:40:37-08:00, kay.sievers@vrfy.org [PATCH] PCI: memset rom attribute before using it Initialize the allocated bin_attribute structure, otherwise unused fields are pointing to random places. Signed-off-by: Kay Sievers Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.1.2, 2005-02-03 00:40:09-08:00, brking@us.ibm.com [PATCH] pci: Add Citrine quirk The IBM Citrine chipset has a feature that if PCI config register 0xA0 is read while DMAs are being performed to it, there is the possiblity that the parity will be wrong on the PCI bus, causing a parity error and a master abort. On this chipset, this register is simply a debug register for the chip developers and the registers after it are not defined. Patch sets cfg_size to 0xA0 to prevent this problem from being seen. Signed-off-by: Brian King Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040.1.1, 2005-02-03 00:39:41-08:00, akpm@osdl.org [PATCH] PCI: typo in pci_scan_bus_parented From: Olaf Hering printk format string misses a x Signed-off-by: Olaf Hering Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2047, 2005-02-03 00:31:16-08:00, khali@linux-fr.org [PATCH] I2C: Prevent buffer overflow on SMBus block read in Hi Greg, Linus, all, I just hit a buffer overflow while playing around with i2cdump and i2c-viapro through i2c-dev. This is caused by a missing length check on a buffer operation when doing a SMBus block read in the i2c-viapro driver. The problem was already known and had been fixed upon report by Sergey Vlasov back in August 2003 in lm_sensors (2.4 kernel version of the driver) but for some reason it was never ported to the 2.6 kernel version. I am not a security expert but I would guess that such a buffer overflow could possibly be used to run arbitrary code in kernel space from user space through i2c-dev. The severity obviously depends on the permisions set on the i2c device files in /dev. Maybe it wouldn't be a bad idea to push this patch upstream rather sooner than later. While I was at it, I also changed a similar size check (for SMBus block write this time) in the same driver to use the correct constant I2C_SMBUS_BLOCK_MAX instead of its current numerical value. This doesn't change a thing at the moment but prevents another potential buffer overflow in case the value of I2C_SMBUS_BLOCK_MAX were to be changed in the future (admittedly unlikely though). > Now if we have broken hardware, then we might have a problem here, but > otherwise I don't see it as a security issue right now. It doesn't take broken hardware. (Warning: I am going technical at this point, people not interested in the gory details of the I2C and SMBus protocols should better stop here ;)) It just depends on what part of the SMBus and I2C specifications a given client chip supports. SMBus block reads are no different from SMBus byte reads, except that the master (here the VIA Pro) goes on reading after the first byte sent by the slave (which could be about anything, from hardware monitoring chip to EEPROM). In that respect, it also doesn't much differ from the I2C block read, which also starts in the exact same way. The difference between SMBus block read and I2C block read is that the first byte returned by the slave on SMBus block read is supposed to be the remaining number of data byte to be sent, while this is simply the first data byte for I2C block reads. To make it clearer, here comes the detail of the byte read, SMBus block read and I2C block read commands (-> means from master to slave, <- means from slave to master). See the official specifications for I2C and SMBus for nicer graphics and additional details. Byte read: -> client address, write mode -> register address -> client address, read mode <- data byte SMBus block read: -> client address, write mode -> register address -> client address, read mode <- length byte (1 <=3D N <=3D 32) <- first byte <- next byte <- ... <- last (Nth) byte I2C block read: -> client address, write mode -> register address -> client address, read mode <- first byte <- next byte <- ... <- last byte In each case, the *master* decides when to stop the transfer, not the slave. There are two consequences for us here: 1* The client chip cannot differenciate between byte read and SMBus block read until after it sent a first byte - which basically means that a given register address is specified to be read with either command, not both, and not using the correct one returns bogus results. i2c-dev allows arbitrary commands so it is possible to ask for a SMBus block read on a register that expects a simple byte read. The client innocently will answer with the register value - which the master will interpret as a length, and the master will then request that many additional data bytes. If the client features autoincrement in this register address range, it will most likely provide the value of the next registers, if not it will dumbly return the same register value again and again. This illustrates the fact that it doesn't take a broken chip to cause a buffer overflow. It only takes a SMBus block read command on a register for which the client did not expect it (and almost no client actually supports SMBus block reads at the moment). If it happens that the register value was greater than 32, the buffer overflow will occur (without Sergey's fix, that is). So, with write access to the i2c device files, it is actually very easy to trigger the buffer overflow, providing there is at least one chip on the VIA Pro SMBus. 2* A client chip can obviously only implement SMBus block read or I2C block read for a given register address, since the sequence sent by the master is exactly the same. Not a big deal since a client chip is designed either as an I2C slave or as a SMBus slave. However the master doesn't know this, and i2c-dev allows arbitrary commands, so it is possible to use an SMBus block read on an I2C slave which expected instead an I2C block read, causing weird results. EEPROMs are such I2C slaves and they support I2C block reads. Now, imagine that a non-write-protected EEPROM hangs on my VIA Pro SMBus (a memory module SPD EEPROM would probably do), and for some reason i2c-dev gives me access to it. I can write arbitrary bytes to the EEPROM using simple byte writes. I could write the following bytes, in order, at some location: 0x80, 34 null bytes, 94 bytes of nasty code. Then, still through i2c-dev, I request a SMBus block read from the same location. The EEPROM will answer as if it were an I2C block read (it can't differenciate and doesn't support SMBus block reads anyway), i.e. it will return as many bytes as requested, in order. The VIA Pro master will however interpret the first byte (0x80) as a length, and will read 128 bytes from the EEPROM, 34 of which will fill the data buffer, and 94 will overflow. Providing I know how the kernel works, these 94 bytes could be used for doing presumably bad things. This illustrates the fact that the user may actually control the buffer overflow, indirectly, depending on what hardware is present on the bus. EEPROMs are the most obvious way to do it, but some hardware monitoring chips have RAM arrays that could presumably be used in a similar way. As a conclusion, I definitely agree that this buffer overflow isn't easy to exploit, as it takes a particular combination of hardware and non-standard permissions on i2c device files, and also requires very good knowledge of the I2C and SMBus protocols; it is not impossible though. Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2046, 2005-02-03 00:30:49-08:00, khali@linux-fr.org [PATCH] I2C: Do not show disabled pc87360 fans The pc87360 driver create sysfs files even for disabled fans. Since data won't ever be updated, it doesn't make much sense. The following patch adds some tests to only create the interface files that are actually needed. Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2045, 2005-02-03 00:30:21-08:00, khali@linux-fr.org [PATCH] I2C: Fix i2c-sis5595 pci configuration accesses The i2c-sis5595 bus driver has logic errors on pci configuration accesses. It returns an error on success and vice versa. The 2.4 kernel version of the driver, as found in the lm_sensors CVS repository, is correct, so the problem was introducted when the driver was ported to the 2.6 kernel tree (in 2.6.0-test6). As odd as it sounds, the driver has been sitting here broken and unusable for 17 months and nobody ever reported, until yesterday. Credits go to Sebastian Hesselbarth for discovering and analyzing the problem. Here is a patch that fixes the problem, succesfully tested by Aurelien Jarno and Sebastian Hesselbarth. Please apply. Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2044, 2005-02-03 00:29:54-08:00, khali@linux-fr.org [PATCH] I2C: Reduce it87 i2c address range IT87xxF chips were never seen at any other I2C address than the default (0x2d) so I think that we could safely reduce the range of addresses the it87 drivers accepts. Currently it accepts 0x20-0x2f, I believe that 0x28-0x2f would already be more than sufficient. (In theory, any address is possible, so whatever range we choose is arbitrary anyway.) Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2043, 2005-02-03 00:29:27-08:00, khali@linux-fr.org [PATCH] I2C: Use standard temperature converters for as99127f When support for the Asus AS99127F chip was once added to the w83781d driver, it was decided that we would treat temp2 and temp3 as having a LSB of 0.25 degree C, as opposed to 0.5 degree C for the compatible Winbond chips. The reason why this was done seems to be a couple of users reporting that these temperatures were reading twice as high as it should for them in the first place. We had much more feedback about the A99127F chip since, and it turns out that the exact conversion required for temp2 and temp3 depends on the motherboard model. For some models (including my A7V133-C), we now have to multiply the readings by 2, effectively negating the change that was once done in the driver. For other models, a linear conversion formula is needed. The bottom line is that the raw readings from the driver are correct for no known board, while it would be for at least some of them if we had kept the same LSB as the Winbond chips are known to have. Thus I believe that the standard LSB of 0.5 degree C should be restored. There is no datasheet available for the AS99127F chip, so whatever was done was guess work (and still is). I see no reason why we would keep additional code in the w83781d driver to handle this former supposed difference, especially when the facts now tend to prove that this difference doesn't exist. The following patch drops the additional code and treats temp2 and temp3 the same way for all chips supported by the w83781d driver. A similar change will be made to the 2.4 version of this driver, and the default sensors.conf will be updated accordingly. Users will have to update their configuration file, or their readings will of course read twice as high as they should due to the old conversion formulae. Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2042, 2005-02-03 00:29:01-08:00, khali@linux-fr.org [PATCH] I2C: Resolve resource conflict between i2c-viapro and via686a Here comes the finalized version of our patch solving the PCI device resource conflict between the i2c-viapro bus driver and and the via686a chip driver. It is based on your original work and the IRC conversation we had yesterday. The retained solution is to not permanently register the PCI device in either driver. This is legitimate since we only need it at init time to retrieve the ISA address of a sub-device (SMBus master or integrated sensors), and possibly change that address on user request. Once this is done we can safely release the PCI device for others to use. I am really glad to see this problem finally solved, as this was the last remaining annoying issue left from the Linux 2.6 migration (missing drivers left apart), and was generating many complaints both at our level and at the distributions' support. Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2041, 2005-02-03 00:28:34-08:00, aurelien@aurel32.net [PATCH] I2C: Fix DS1621 detection Dallas Semiconductors as recently changed the design of their DS1621 chips, including the bits that were checked in the kernel driver to detect it. The patch below fixes the detection by checking an other bit of the configuration register instead. Signed-off-by: Aurelien Jarno Signed-off-by: Greg Kroah-Hartman ChangeSet@1.2040, 2005-02-02 17:50:58-08:00, torvalds@ppc970.osdl.org Linux 2.6.11-rc3 TAG: v2.6.11-rc3