- 05 Oct, 2009 40 commits
-
-
Patrick McHardy authored
netfilter: ebt_ulog: fix checkentry return value Upstream commit 8a56df0a: Commit 19eda879 (netfilter: change return types of check functions for Ebtables extensions) broke the ebtables ulog module by missing a return value conversion. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Patrick McHardy authored
netfilter: bridge: refcount fix Upstream commit f3abc9b9: commit f216f082 ([NETFILTER]: bridge netfilter: deal with martians correctly) added a refcount leak on in_dev. Instead of using in_dev_get(), we can use __in_dev_get_rcu(), as netfilter hooks are running under rcu_read_lock(), as pointed by Patrick. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Patrick McHardy authored
netfilter: nf_conntrack: netns fix re reliable conntrack event delivery Upstream commit ee254fa4: Conntracks in netns other than init_net dying list were never killed. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Patrick McHardy authored
netfilter: nf_nat: fix inverted logic for persistent NAT mappings Upstream commit cce5a5c3: Kernel 2.6.30 introduced a patch [1] for the persistent option in the netfilter SNAT target. This is exactly what we need here so I had a quick look at the code and noticed that the patch is wrong. The logic is simply inverted. The patch below fixes this. Also note that because of this the default behavior of the SNAT target has changed since kernel 2.6.30 as it now ignores the destination IP in choosing the source IP for nating (which should only be the case if the persistent option is set). [1] http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=98d500d66cb7940747b424b245fc6a51ecfbf005Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Pierre Habouzit authored
commit 119e7a22 upstream. This improves patch fa6963b2 so that perf.data stuff that has been dumped as root can be read (annotate/report) by a user without the use of the --force. Rationale is that root has plenty of ways to screw us (usually) that do not require twisted schemes involving specially crafting a perf.data. Signed-off-by: Pierre Habouzit <pierre.habouzit@intersec.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> LKML-Reference: <20090827075902.GF19653@laphroaig.corp> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Kurt Roeckx authored
commit f0adb134 upstream. Fixes bugzilla #13780 From: Kurt Roeckx <kurt@roeckx.be> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Marcelo Tosatti authored
(cherry picked from commit dc7e795e) This reverts commit 6c20e1442bb1c62914bb85b7f4a38973d2a423ba. To my understanding, it became obsolete with the advent of the more robust check in mmu_alloc_roots (89da4ff17f). Moreover, it prevents the conceptually safe pattern 1. set sregs 2. register mem-slots 3. run vcpu by setting a sticky triple fault during step 1. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Avi Kivity authored
(cherry picked from commit 88c808fd) update_cr8_intercept() can be triggered from userspace while there is no apic present. Signed-off-by: Avi Kivity <avi@redhat.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Marcelo Tosatti authored
(cherry picked from commit b90c062c) Remove the bogus n_free_mmu_pages assignment from alloc_mmu_pages. It breaks accounting of mmu pages, since n_free_mmu_pages is modified but the real number of pages remains the same. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Marcelo Tosatti authored
(cherry picked from commit 6a1ac771) n_requested_mmu_pages/n_free_mmu_pages are used by kvm_mmu_change_mmu_pages to calculate the number of pages to zap. alloc_mmu_pages, called from the vcpu initialization path, modifies this variables without proper locking, which can result in a negative value in kvm_mmu_change_mmu_pages (say, with cpu hotplug). Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Mark McLoughlin authored
(cherry picked from commit cb007648) If we run out of cpuid entries for extended request types we should return -E2BIG, just like we do for the standard request types. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Linus Torvalds authored
commit 202c4675 upstream. Commit ac89a917 ("pty: don't limit the writes to 'pty_space()' inside 'pty_write()'") removed the pty_space() checking, in order to let the regular tty buffer code limit the buffering itself. That was all good, but as a subtle side effect it meant that we'd be doing a tty_wakeup() even in the case where the buffers were all filled up, and didn't actually make any progress on the write. Which sounds innocuous, but it interacts very badly with the ppp_async code, which has an infinite loop in ppp_async_push() that tries to push out data to the tty. When we call tty_wakeup(), that loop ends up thinking that progress was made (see the subtle interactions between XMIT_WAKEUP and 'tty_stuffed' for details). End result: one unhappy ppp user. Fixed by noticing when tty_insert_flip_string() didn't actually do anything, and then not doing any more processing (including, very much not calling tty_wakeup()). Bisected-and-tested-by: Peter Volkov <pva@gentoo.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Arjan van de Ven authored
fixed upstream in commit b7058842 in a different way The length of the to-copy data structure is currently stored in a signed integer. However many comparisons are done with sizeof(..) which is unsigned. It's more suitable for this variable to be unsigned to make these comparisons more naturally right. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: David S. Miller <davem@davemloft.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Arjan van de Ven authored
fixed upstream in commit b7058842 in a different way The ax25 code tried to use if (optlen < sizeof(int)) return -EINVAL; as a security check against optlen being negative (or zero) in the set socket option. Unfortunately, "sizeof(int)" is an unsigned property, with the result that the whole comparison is done in unsigned, letting negative values slip through. This patch changes this to if (optlen < (int)sizeof(int)) return -EINVAL; so that the comparison is done as signed, and negative values get properly caught. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: David S. Miller <davem@davemloft.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Pavel Machek authored
commit 99f329a2 upstream. sharpsl_pm.c code tries to read battery state very early during resume, but those battery meters are connected on SPI and that's only resumed way later. Replace the check with simple checking of battery fatal signal, that actually works at this stage. Signed-off-by: Pavel Machek <pavel@ucw.cz> Tested-by: Stanislav Brabec <utx@penguin.cz> Signed-off-by: Eric Miao <eric.y.miao@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Tejun Heo authored
commit 31b239ad upstream. Commit a5bfc471 dropped explicit pci_intx() manipulation from ahci because it seemed unnecessary and ahci doesn't seem to be the right place to be tweaking it if it were. This was largely okay but there are exceptions. There was one on an embedded platform which was fixed via firmware and now bko#14124 reports it on a HP DL320. http://bugzilla.kernel.org/show_bug.cgi?id=14124 I still think this isn't something libata drivers should be caring about (the only ones which are calling pci_intx() explicitly are libata ones and one other driver) but for now reverting the change seems to be the right thing to do. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Oliver Hartkopp authored
commit 481a8199 upstream. When using nanosleep() in an userspace application we get a ratelimit warning NOHZ: local_softirq_pending 08 for 10 times. The echo of CAN frames is done from process context and softirq context only. Therefore the usage of netif_rx() was wrong (for years). This patch replaces netif_rx() with netif_rx_ni() which has to be used from process/softirq context. It also adds a missing comment that can_send() must no be used from hardirq context. Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
J. Bruce Fields authored
commit 886e3b7f upstream. On setting up the callback to the client, we attempt to use the same authentication flavor the client did. We find an rpc cred to use by calling rpcauth_lookup_credcache(), which assumes that the given authentication flavor has a credentials cache. However, this is not required to be true--in particular, auth_null does not use one. Instead, we should call the auth's lookup_cred() method. Without this, a client attempting to mount using nfsv4 and auth_null triggers a null dereference. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Eric Anholt authored
commit e517a5e9 upstream. Ever since we enabled GEM, the pre-9xx chipsets (particularly 865) have had serious stability issues. Back in May a wbinvd was added to the DRM to work around much of the problem. Some failure remained -- easily visible by dragging a window around on an X -retro desktop, or by looking at bugzilla. The chipset flush was on the right track -- hitting the right amount of memory, and it appears to be the only way to flush on these chipsets, but the flush page was mapped uncached. As a result, the writes trying to clear the writeback cache ended up bypassing the cache, and not flushing anything! The wbinvd would flush out other writeback data and often cause the data we wanted to get flushed, but not always. By removing the setting of the page to UC and instead just clflushing the data we write to try to flush it, we get the desired behavior with no wbinvd. This exports clflush_cache_range(), which was laying around and happened to basically match the code I was otherwise going to copy from the DRM. Signed-off-by: Eric Anholt <eric@anholt.net> Signed-off-by: Brice Goglin <Brice.Goglin@ens-lyon.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Zhenyu Wang authored
commit 553bd149 upstream. It seems that on IGDNG the same swizzling setup always applys. And front buffer tiling needs to set address swizzle in display arb control too. Fix plane tricle feed setting in v1 which should be disable bit, and always setup address swizzle to let hardware care for buffer tiling in all cases. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Eric Anholt <eric@anholt.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Keith Packard authored
commit 57cdaf90 upstream. mac Mini's have a single DDC line on the DVI connector, shared between the analog link and the digital link. So, if DDC isn't detected on GPIOE (the usual SDVO DDC link), try GPIOA (the usual VGA DDC link) when there isn't a VGA monitor connected. Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Zhao Yakui <yakui.zhao@intel.com> Signed-off-by: Eric Anholt <eric@anholt.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Zhenyu Wang authored
commit 8dd81a38 upstream. Arrandale has new window based method for panel fitting. This one enables full screen aspect scaling on LVDS. It fixes standard mode display failure on LVDS for Arrandale. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Zhenyu Wang authored
commit 730915d6 upstream. This is not required on newer stepping hardware to get reliable force detect status. Removing this fixes screen blank flicker in CRT detect on IGDNG. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Zhenyu Wang authored
commit 339e5a4c upstream. IGDNG LVDS SSC uses 120Mhz freq. This fixes one 1600x900 LVDS panel black issue on IGDNG with SSC enabled. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Zhenyu Wang authored
commit b09aea7f upstream. New register for PCH LVDS on IGDNG should be used. This is a copy-n-paste typo. This fixes possible dual channel LVDS panel failure on IGDNG. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Chris Wilson authored
commit cd0b9fb4 upstream. Eric noted a potential concern with the low bits not being strictly used as part of the absolute offset (instead part of the command stream to the GPU), but in practice that should not be an issue. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Tested-by: Andy Whitcroft <apw@canonical.com> Cc: Eric Anholt <eric@anholt.net> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Chris Wilson authored
commit 4960aaca upstream. If we failed to set the domain, the buffer was no longer being tracked on any list. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Jesse Barnes authored
commit d660467c upstream. A very high dotclock (e.g. 229500kHz as reported by Anton) can cause the entries_required variable to overflow, potentially leading to a FIFO watermark value that's too low to support the given mode. Split the division across the calculation to avoid this. Reported-by: Anton Khirnov <wyskas@gmail.com> Tested-by: Anton Khirnov <wyskas@gmail.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Chris Wilson authored
commit 7e616158 upstream. drm_ht_remove_item() does not handle removing an absent item and the hlist in particular is incorrectly initialised. The easy remedy is simply skip calling i915_gem_free_mmap_offset() unless we have actually created the offset and associated ht entry. This also fixes the mishandling of a partially constructed offset which leaves pointers initialized after freeing them along the i915_gem_create_mmap_offset() error paths. In particular this should fix the oops found here: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/415357/comments/8Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Eric Anholt <eric@anholt.net>
-
Zhenyu Wang authored
commit b7e53aba upstream. Don't need extra config restore like for intel_agp, which might cause resume hang issue found by Alan on 845G. Cc: Stable Team <stable@kernel.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Hennerich, Michael authored
commit eb661bc8 upstream. SL811 Device detected after removal used to be working in linux-2.6.22 but then broke somewhere between 2.6.22 and 2.6.28. Current hub_port_connect_change() in drivers/usb/core/hub.c won't call usb_disconnect() in case the SL811 driver sets portstatus USB_PORT_FEAT_CONNECTION upon removal. AFAIK the SL811 has only a combined Device Insert/Remove detection bit, therefore use a count to distinguish insert or remove. Signed-Off-By: Michael Hennerich <hennerich@blackfin.uclinux.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Guus Sliepen authored
commit 665d7662 upstream. According to the specifications, an instrument should not return more data in a DEV_DEP_MSG_IN urb than requested. However, some instruments can send more than requested. This could cause the kernel to write the extra data past the end of the buffer provided by read(). Fix this by checking that the value of the TranserSize field is not larger than the urb itself and not larger than the size of the userspace buffer. Also correctly decrement the remaining size of the buffer when userspace read()s more than USBTMC_SIZE_IOBUFFER. Signed-off-by: Guus Sliepen <guus@sliepen.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
fangxiaozhi authored
commit d0defb85 upstream. In this patch, we always make the return value of function usb_stor_huawei_e220_init to be zero. Then it will not prevent usb-storage driver from attaching to the CDROM device of Huawei Datacard. Signed-off-by: fangxiaozhi <huananhu@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Oliver Neukum authored
commit e5dc8ae1 upstream. In the resume path of a block driver GFP_NOIO must be used to avoid a possible deadlock. The onetouch subdriver of storage violates the requirement. Signed-off-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Pawel Ludwikow authored
commit 35904e6b upstream. I'd like to present my small patch enabling to use Sanwa PC5000 mulitimeter with linux. Signed-off-by: Pawel Ludwikow <pludwiko@rab.ict.pwr.wroc.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Jack Steiner authored
commit d2374aec upstream. The UV BIOS has changed the way interrupt remapping is being done. This affects the id used for sending IPIs. The upper id bits no longer need to be masked off. Signed-off-by: Jack Steiner <steiner@sgi.com> LKML-Reference: <20090909154104.GA25083@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Kevin Cernekee authored
commit 051b982b upstream. kaweth_control() never frees the buffer that it allocates for the USB control message. Test case: while :; do ifconfig eth2 down ; ifconfig eth2 up ; done This is a tiny buffer so it is a slow leak. If you want to speed up the process, you can change the allocation size to e.g. 16384 bytes, and it will consume several megabytes within a few minutes. Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Acked-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Tilman Schmidt authored
commit a4304f2d upstream. The tty_operation chars_in_buffer() is not allowed to return a negative value to signal an error. Corrects the problem flagged by commit 23198fda, "tty: fix chars_in_buffers". Signed-off-by: Tilman Schmidt <tilman@imap.cc> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Alan Cox authored
commit 9a68e39d upstream. These are handled by the tty_port core code which will raise and lower the carrier correctly in tty_wait_until_ready Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Alan Cox authored
commit 9b80fee1 upstream. This changed in 2006 so its about time the ACM driver caught up Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-