Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v2.6.20.2 2007-03-09T18:58:04Z 2007-03-09T18:58:04Z Greg Kroah-Hartman gregkh@suse.de 2007-03-09T18:58:04Z urn:sha1:026164e704dbe989054cd189e34660aafefc9913 2007-03-09T18:50:33Z David S. Miller davem@sunset.davemloft.net 2007-03-07T20:50:46Z urn:sha1:4c9ef074b33690981d81ab0107fe2573007083ef This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8134 Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2007-03-09T18:50:33Z Eric W. Biederman ebiederm@xmission.com 2007-03-07T19:23:54Z urn:sha1:3baa43fdc9b64646b468b92936c4842c51b9e2ed Occasionally the kernel has bugs that result in no irq being found for a given cpu vector. If we acknowledge the irq the system has a good chance of continuing even though we dropped an irq message. If we continue to simply print a message and not acknowledge the irq the system is likely to become non-responsive shortly there after. AK: Fixed compilation for UP kernels Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andi Kleen <ak@suse.de> Cc: "Luigi Genoni" <luigi.genoni@pirelli.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2007-03-09T18:50:32Z Marcel Holtmann marcel@holtmann.org 2007-03-07T18:22:40Z urn:sha1:7670279989a552a7a8afd275368d55a4f3b5054b Based on a patch from Don Howard <dhoward@redhat.com> When calling write() with a buffer larger than 512 bytes, the driver's write buffer overflows, allowing to overwrite the EIP and execute arbitrary code with kernel privileges. In read(), there exists a similar problem, but coming from the device. A malicous or buggy device sending more than 512 bytes can overflow of the driver's read buffer, with the same effects as above. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Harald Welte <laforge@gnumonks.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2007-03-09T18:50:32Z Arnaldo Carvalho de Melo acme@redhat.com 2007-02-28T19:29:33Z urn:sha1:248059edc6503eac8baac39dad42e76383824720 On 2/28/07, KOVACS Krisztian <hidden@balabit.hu> wrote: > > Hi, > > While reading TCP minisock code I've found this suspiciously looking > code fragment: > > - 8< - > struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, struct sk_buff *skb) > { > struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC); > > if (newsk != NULL) { > const struct inet_request_sock *ireq = inet_rsk(req); > struct tcp_request_sock *treq = tcp_rsk(req); > struct inet_connection_sock *newicsk = inet_csk(sk); > struct tcp_sock *newtp; > - 8< - > > The above code initializes newicsk to inet_csk(sk), isn't that supposed > to be inet_csk(newsk)? As far as I can tell this might leave > icsk_ack.last_seg_size zero even if we do have received data. Good catch! David, please apply the attached patch. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 2007-03-09T18:50:32Z Josef Whiter jwhiter@redhat.com 2007-02-21T22:37:59Z urn:sha1:daed330d4e1ca96e81ed0e7fce6de4ac22d9050c Fix a locking mistake in the quota code, we do a mutex_lock instead of a mutex_unlock. Signed-off-by: Josef Whiter <jwhiter@redhat.com> Cc: Steven Whitehouse <swhiteho@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-03-09T18:50:32Z Zhang, Yanmin yanmin_zhang@linux.intel.com 2007-02-15T07:37:03Z urn:sha1:55eb1f49d93b85b3e2c2130c4ea2aaf557996b00 If an ATA drive uses legacy mode, ata driver will choose 14 and 15 as the fixed irq number. On ia64 platform, such numbers are GSI and should be converted to irq vector. Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com> Cc: Jeff Garzik <jeff@garzik.org> Cc: Tony Luck <tony.luck@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-03-09T18:50:31Z Gerhard Dirschl gd@spherenet.de 2007-02-13T05:32:43Z urn:sha1:287be53469194d65a10986023145b7b316f906e5 Fixes http://bugzilla.kernel.org/show_bug.cgi?id=7810 - a silly copy-paste bug introduced by the latest change. Signed-off-by: Gerhard Dirschl <gd@spherenet.de> Cc: Peter Osterlund <petero2@telia.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-03-09T18:50:31Z David Miller davem@davemloft.net 2007-03-05T23:53:45Z urn:sha1:d9202f177156d05eba30cf2a25fc15d8f5cca8b5 CT based mach64 cards were reported to hang on sparc64 boxes when compiled with gcc-4.1.x and later. Looking at this piece of code, it's no surprise. A critical delay was implemented as an empty for() loop, and gcc 4.0.x and previous did not optimize it away, so we did get a delay. But gcc-4.1.x and later can optimize it away, and we get crashes. Use a real udelay() to fix this. Fix verified on SunBlade100. Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-03-09T18:50:31Z Andrew Morton akpm@linux-foundation.org 2007-03-06T10:41:49Z urn:sha1:cb1e01df3290e1806d1800a14fcd085248f48560 Revert 7628b0a8c01a02966d2228bdf741ddedb128e8f8. Thomas Bachler reports: Commit 7628b0a8c01a02966d2228bdf741ddedb128e8f8 (drivers/net/tulip/dmfe: support basic carrier detection) breaks networking on my Davicom DM9009. ethtool always reports there is no link. tcpdump shows incoming packets, but TX is disabled. Reverting the above patch fixes the problem. Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Jeff Garzik <jeff@garzik.org> Cc: Valerie Henson <val_henson@linux.intel.com> Cc: Thomas Bachler <thomas@archlinux.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>