Commit Graph

21240 Commits

Author SHA1 Message Date
Zhu Yi
cc8279f68c [PATCH] ipw2100: Update version ipw2100 stamp to 1.2.2
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:48 -05:00
Zhu Yi
3234eeec18 [PATCH] ipw2100: move mutex.h include from ipw2100.c to ipw2100.h
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:48 -05:00
Ingo Molnar
752e377bfd [PATCH] ipw2100: semaphore to mutexes conversion
semaphore to mutexes conversion.

the conversion was generated via scripts, and the result was validated
automatically via a script as well.

build-tested.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:48 -05:00
Zhu Yi
cae1629515 [PATCH] ipw2100: Fix radiotap code gcc warning
Fix gcc warning: ipw2100.c:2460: ISO C90 forbids mixed declarations and code

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:48 -05:00
Stefan Rompf
15745a7dd1 [PATCH] ipw2100: add radiotap headers to packtes captured in monitor mode
Signed-off-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: Andrea Merello <andreamrl at tiscali it>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:48 -05:00
Zhu Yi
171e7b2f1f [PATCH] ipw2x00: expend Copyright to 2006
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 16:14:47 -05:00
Adrian Bunk
71e585fca2 [PATCH] drivers/net/wireless/ipw2200.c: fix an array overun
This patch fixes a big array overun found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:41:20 -05:00
James Ketrenos
f44349f221 [PATCH] ieee80211: Don't update network statistics from off-channel packets.
This patch fixes a problem in the ieee80211 probe response and beacon
reception code that would use the packet statistics for a network even
if they were received on a channel other than that which the network
exists on.

This causes a problem in overlapping channels where, for example, a
strong AP on channel 2 could have its beacons received on channels 1 and
3, but at much lower signal levels.  If scanning was done sequentially,
this means the beacon received on channel 3 would update the AP's signal
level as being much lower than it really is, which subsequently could
cause that AP to be passed over and an alternate AP selected.

Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:38:55 -05:00
Zhu Yi
7c56789448 [PATCH] ipw2200: Update ipw2200 version stamp to 1.1.1
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:04 -05:00
James Ketrenos
9006ea75cf [PATCH] ipw2200: switch to the new ipw2200-fw-3.0 image format
This patch modifies the driver to support the ipw2200-fw-3.0 image format.

The 3.0 fw image does not add any new capabilities, but as a result of
image format changes, it should fix two problems experienced by users:

1) Race conditions with the request_firmware interface and udev/hotplug
are improved as only a single request_firmware call is now required to
load the firmware and microcode (vs. 3 separate calls previously)

2) The monitor mode firmware (sniffer) is now packaged with the correct
boot image so it can now function without frequent restarts.

Note: Once you apply this patch, you will also need to upgrade your
firmware image to the 3.0 version available from:

        http://ipw2200.sf.net/firmware.php

Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:04 -05:00
Olivier Hochreutiner
651be26f2d [PATCH] ipw2200: wireless extension sensitivity threshold support
The patch allows the user to set the handover threshold, i.e. the number
of consecutively missed beacons that will trigger a roaming attempt. The
disassociation threshold is set to 3 times the handover threshold.

Signed-off-by: Olivier Hochreutiner <olivier.hochreutiner@epfl.ch>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:04 -05:00
Cahill, Ben M
71de1f3dd1 [PATCH] ipw2200: Enables the "slow diversity" algorithm
This forces one antenna or the other, if the background noise is
significantly quieter in one than the other. It favors the quieter
antenna, and won't kick in unless the difference is significant.

Signed-off-by: Cahill, Ben M <ben.m.cahill@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:04 -05:00
Cahill, Ben M
12977154e7 [PATCH] ipw2200: Set a meaningful silence threshold value
Set a meaningful silence threshold value (replacing our previous "0"
default), which gets rid of the gratuitous "Link deterioration"
notifications that we've been receiving from firmware.  This
notification feature tells the driver information to help it determine
when to pre-emptively restart the firmware/ucode in anticipation of
firmware errors!  But since setting this new threshold, I haven't seen
any such notifications.  At least it keeps the logs a little less busy.

Signed-off-by: Cahill, Ben M <ben.m.cahill@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:04 -05:00
Zhu Yi
3e1555bae1 [PATCH] ipw2200: export `debug' module param only if CONFIG_IPW2200_DEBUG
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Zhu Yi
1d1b09eb14 [PATCH] ipw2200: Change debug level for firmware error logging
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Zhu Yi
e815de422c [PATCH] ipw2200: Filter unsupported channels out in ad-hoc mode
Currently iwlist ethX freq[uency]/channel lists all the channels the card
supported for the current region, which includes some channels can only
be used in infrastructure mode. This patch filters these channels out if
the card is currently in ad-hoc mode.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Zhu Yi
e8c69e27d1 [PATCH] ipw2200: Fix ipw_sw_reset() implementation inconsistent with comment
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Zhu Yi
d6d5b5c13e [PATCH] ipw2200: Fix rf_kill is activated after mode change with 'disable=1'
When loading the ipw2200 module with disabled=1, rf_kill is activated after
every mode change. This is caused by ipw_sw_reset() is called when a mode
is changed. The patch fixed the problem by distinguishing the purposes with
the 'option' paramenter.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Zhu Yi
8da374fc44 [PATCH] ipw2200: remove the WPA card associates to non-WPA AP checking
wpa_supplicant needs to set wpa_enabled unconditionally, with this check
it hasn't been possible to connect to non-WPA networks using wpa_supplicant.
So remove below check.

if (priv->ieee->wpa_enabled &&
	network->wpa_ie_len == 0 && network->rsn_ie_len == 0)

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:03 -05:00
Bill Moss
b191608a45 [PATCH] ipw2200: Add signal level to iwlist scan output
This patch does two things. It uses the parameter IW_QUAL_DBM which is new
in WE-19 to cause signal level and noise to be reported in dBm by the
wireless tools. It also defines the signal level as an unsigned integer
so that the signal level will be reported by iwlist iface scan.

Signed-off-by: Bill Moss <bmoss@clemson.edu>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:02 -05:00
Zhu Yi
9d0be03aee [PATCH] ipw2200: use generic ieee80211_get_hdrlen() to get packet length
replace ipw2200 specific frame_hdr_len() with generic
ieee80211 routine ieee80211_get_hdrlen()

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:02 -05:00
Zhu Yi
85149bace3 [PATCH] ipw2200: fix a potential NULL pointer dereference
Only on CONFIG_IPW2200_DEBUG is not defined

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:02 -05:00
James Ketrenos
f697014af9 [PATCH] ipw2200: stop netdev queue if h/w doesn't have space for new packets
The patch roll back the change we made to support for the ability to
start/stop independent Tx queues within a single net device in order to
support 802.11e QoS. We need to be able to indicate to the upper layers
that packets of a given priority can not be sent any more without halting
transmission of all packets, and without rescheduling high priority packets
down to the next priority level.

So we return NETDEV_TX_BUSY in this case and rely on the stack would
take care of rescheduling... which it apparently does immediately and
consumes the CPU. This caused the ksoftirqd kernel thread consuming almost
all the CPU...

To put the code back to the way it was before we made these changes we
put the call netif_queue_stop back in ipw_tx_skb.  This effectively
disables multiple priority based transmit queues for 802.11e, but given
that its broken anyway...

Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:02 -05:00
Henrik Brix Andersen
48a847709f [PATCH] ipw2200: print geography code upon module load
Given the amount of support requests for the meaning of the geography code
I've written a patch for printing this information on module load no matter
the debug level.

I've also added a section to the README.ipw2200 file listing the geography
codes and their meaning.

Signed-off-by: Henrik Brix Andersen <brix@gentoo.org>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 15:08:02 -05:00
Adrian Bunk
53d0bcf82a [PATCH] drivers/net/wireless/ipw2200.c: make ipw_qos_current_mode() static
This patch makes the needlessly global function ipw_qos_current_mode()
static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 14:16:44 -05:00
Larry Finger
1867b117d9 [PATCH] Remove duplicated code from ipw2200.c
As stated in a comment, the ipw2200 driver uses several routines that
were borrowed from ieee80211_geo.c. As ipw2200 requires ieee80211,
these routines are duplicated. The attached patch, which is sent
as an attachment to preserve whitespace, converts ipw2200.c to use
the ieee80211 versions, thereby reducing bloat in both the source
and binary.

Signed-Off-By: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-17 14:01:34 -05:00
John W. Linville
dd288e7d75 Merge branch 'upstream-fixes' 2006-03-15 17:02:08 -05:00
Hong Liu
72df16f109 [PATCH] ieee80211: Fix QoS is not active problem
Fix QoS is not active even the network and the card is QOS enabled.
The problem is we pass the wrong ieee80211_network address to
ipw_handle_beacon/ipw_handle_probe_response, thus the
ieee80211_network->qos_data.active will not be set, causing the driver
not sending QoS frames at all.

Signed-off-by: Hong Liu <hong.liu@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15 16:16:07 -05:00
Zhu Yi
0df7861240 [PATCH] ieee80211: Fix CCMP decryption problem when QoS is enabled
Use the correct STYPE for Qos data.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15 16:11:55 -05:00
Adrian Bunk
f13b83580a [PATCH] fs/namespace.c:dup_namespace(): fix a use after free
The Coverity checker spotted the following bug in dup_namespace():

<--  snip  -->

        if (!new_ns->root) {
                up_write(&namespace_sem);
                kfree(new_ns);
                goto out;
        }
...
out:
        return new_ns;

<--  snip  -->

Callers expect a non-NULL result to not be freed.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-15 09:37:34 -08:00
Christoph Lameter
74c0024105 [PATCH] Consistent capabilites associated with MPOL_MOVE_ALL
It seems that setting scheduling policy and priorities is also the kind of
thing that might be performed in apps that also use the NUMA API, so it
would seem consistent to use CAP_SYS_NICE for NUMA also.

So use CAP_SYS_NICE for controlling migration permissions.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Christoph Lameter
b4fb376628 [PATCH] Page migration documentation update
Update the documentation for page migration.

- Fix up bits and pieces in cpusets.txt

- Rework text in vm/page-migration to be clearer and reflect the final
  version of page migration in 2.6.16. Mention Andi Kleen's numactl
  package that contains user space tools for page migration via
  libnuma. Add reference to numa_maps and to the manpage in numactl.

- Add todo list for outstanding issues

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Acked-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Christoph Lameter
4983da07f1 [PATCH] page migration: fail if page is in a vma flagged VM_LOCKED
page migration currently simply retries a couple of times if try_to_unmap()
fails without inspecting the return code.

However, SWAP_FAIL indicates that the page is in a vma that has the
VM_LOCKED flag set (if ignore_refs ==1).  We can check for that return code
and avoid retrying the migration.

migrate_page_remove_references() now needs to return a reason why the
failure occured.  So switch migrate_page_remove_references to use -Exx
style error messages.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Greg Smith
e843e280cb [PATCH] "s390: multiple subchannel sets support" fix
It seems this patch got dropped (it was in addition to the `s390:
improve response code handling in chsc_enable_facility()' patch).

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Linus Torvalds
0ee10a4423 Merge git://oss.sgi.com:8090/oss/git/rc-fixes
* git://oss.sgi.com:8090/oss/git/rc-fixes:
  Fix a direct I/O locking issue revealed by the new mutex code.
2006-03-14 20:50:45 -08:00
Nathan Scott
3fb962bde4 Fix a direct I/O locking issue revealed by the new mutex code.
Affects only XFS (i.e. DIO_OWN_LOCKING case) - currently it is
not possible to get i_mutex locking correct when using DIO_OWN
direct I/O locking in a filesystem due to indeterminism in the
possible return code/lock/unlock combinations.  This can cause
a direct read to attempt a double i_mutex unlock inside XFS.

We're now ensuring __blockdev_direct_IO always exits with the
inode i_mutex (still) held for a direct reader.

Tested with the three different locking modes (via direct block
device access, ext3 and XFS) - both reading and writing; cannot
find any regressions resulting from this change, and it clearly
fixes the mutex_unlock warning originally reported here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=114189068126253&w=2

Signed-off-by: Nathan Scott <nathans@sgi.com>
Acked-by: Christoph Hellwig <hch@lst.de>
2006-03-15 15:14:45 +11:00
Dave Kleikamp
a488edc914 [PATCH] JFS: Take logsync lock before testing mp->lsn
This fixes a race where lsn could be cleared before taking the lock

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 14:00:48 -08:00
Linus Torvalds
0f511ea706 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] zfcp: fix device registration issues
  [SCSI] scsi_transport_fc: fix FC_HOST_NUM_ATTRS
  [SCSI] scsi: aha152x pcmcia driver needs spi transport
  [SCSI] zfcp: correctly set this_id for hosts
  [SCSI] Add Brownie to blacklist
2006-03-14 11:03:50 -08:00
Maneesh Soni
6796313263 [PATCH] Plug kdump shutdown race window
lapic_shutdown() re-enables interrupts which is un-desirable for panic
case, so use local_irq_save() and local_irq_restore() to keep the irqs
disabled for kexec on panic case, and close a possible race window while
kdump shutdown as shown in this stack trace

   -- BUG: spinlock lockup on CPU#1, bash/4396, c52781a0
   [<c01c1870>] _raw_spin_lock+0xb7/0xd2
   [<c029e148>] _spin_lock+0x6/0x8
   [<c011b33f>] scheduler_tick+0xe7/0x328
   [<c0128a7c>] update_process_times+0x51/0x5d
   [<c0114592>] smp_apic_timer_interrupt+0x4f/0x58
   [<c01141ff>] lapic_shutdown+0x76/0x7e
   [<c0104d7c>] apic_timer_interrupt+0x1c/0x30
   [<c01141ff>] lapic_shutdown+0x76/0x7e
   [<c0116659>] machine_crash_shutdown+0x83/0xaa
   [<c013cc36>] crash_kexec+0xc1/0xe3
   [<c029e148>] _spin_lock+0x6/0x8
   [<c013cc22>] crash_kexec+0xad/0xe3
   [<c0215280>] __handle_sysrq+0x84/0xfd
   [<c018d937>] write_sysrq_trigger+0x2c/0x35
   [<c015e47b>] vfs_write+0xa2/0x13b
   [<c015ea73>] sys_write+0x3b/0x64
   [<c0103c69>] syscall_call+0x7/0xb

Signed-off-by: Maneesh Soni <maneesh@in.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 08:26:44 -08:00
Linus Torvalds
cbf0ec6ee0 Revert "[PATCH] x86-64: Fix up handling of non canonical user RIPs"
This reverts commit c33d4568ac.

Andrew Clayton and Hugh Dickins report that it's broken for them and
causes strange page table and slab corruption, and spontaneous reboots.

Let's get it right next time.

Cc: Andrew Clayton <andrew@rootshell.co.uk>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 08:01:47 -08:00
Dave Peterson
ceb2ca9cb0 [PATCH] EDAC: disable sysfs interface
- Disable the EDAC sysfs code.  The sysfs interface that EDAC presents to
  user space needs more thought, and is likely to change substantially.
  Therefore disable it for now so users don't start depending on it in its
  current form.

- Disable the default behavior of calling panic() when an uncorrectible
  error is detected (since for now, there is no sysfs interface that allows
  the user to configure this behavior).

Signed-off-by: David S. Peterson <dsp@llnl.gov>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
30f4e20a0d [PATCH] NLM: Ensure we do not Oops in the case of an unlock
In theory, NLM specs assure us that the server will only reply LCK_GRANTED or
LCK_DENIED_GRACE_PERIOD to our NLM_UNLOCK request.

In practice, we should not assume this to be the case, and the code will
currently Oops if we do.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
e6d83d5569 [PATCH] SUNRPC: Fix potential deadlock in RPC code
In rpc_wake_up() and rpc_wake_up_status(), it is possible for the call to
__rpc_wake_up_task() to fail if another thread happens to be calling
rpc_wake_up_task() on the same rpc_task.

Problem noticed by Bruno Faccini.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
c12e87f465 [PATCH] NFSv4: fix mount segfault on errors returned that are < -1000
It turns out that nfs4_proc_get_root() may return raw NFSv4 errors instead of
mapping them to kernel errors.  Problem spotted by Neil Horman
<nhorman@tuxdriver.com>

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Adrian Bunk
712917d1c0 [PATCH] SUNRPC: fix a NULL pointer dereference in net/sunrpc/clnt.c
The Coverity checker spotted this possible NULL pointer dereference in
rpc_new_client().

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Trond Myklebust
143f412eb4 [PATCH] NFS: Fix a potential panic in O_DIRECT
Based on an original patch by Mike O'Connor and Greg Banks of SGI.

Mike states:

A normal user can panic an NFS client and cause a local DoS with
'judicious'(?) use of O_DIRECT.  Any O_DIRECT write to an NFS file where the
user buffer starts with a valid mapped page and contains an unmapped page,
will crash in this way.  I haven't followed the code, but O_DIRECT reads with
similar user buffers will probably also crash albeit in different ways.

Details: when nfs_get_user_pages() calls get_user_pages(), it detects and
correctly handles get_user_pages() returning an error, which happens if the
first page covered by the user buffer's address range is unmapped.  However,
if the first page is mapped but some subsequent page isn't, get_user_pages()
will return a positive number which is less than the number of pages requested
(this behaviour is sort of analagous to a short write() call and appears to be
intentional).  nfs_get_user_pages() doesn't detect this and hands off the
array of pages (whose last few elements are random rubbish from the newly
allocated array memory) to it's caller, whence they go to
nfs_direct_write_seg(), which then totally ignores the nr_pages it's given,
and calculates its own idea of how many pages are in the array from the user
buffer length.  Needless to say, when it comes to transmit those uninitialised
page* pointers, we see a crash in the network stack.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
GOTO Masanori
f9a3879abf [PATCH] Fix sigaltstack corruption among cloned threads
This patch fixes alternate signal stack corruption among cloned threads
with CLONE_SIGHAND (and CLONE_VM) for linux-2.6.16-rc6.

The value of alternate signal stack is currently inherited after a call of
clone(...  CLONE_SIGHAND | CLONE_VM).  But if sigaltstack is set by a
parent thread, and then if multiple cloned child threads (+ parent threads)
call signal handler at the same time, some threads may be conflicted -
because they share to use the same alternative signal stack region.
Finally they get sigsegv.  It's an undesirable race condition.  Note that
child threads created from NPTL pthread_create() also hit this conflict
when the parent thread uses sigaltstack, without my patch.

To fix this problem, this patch clears the child threads' sigaltstack
information like exec().  This behavior follows the SUSv3 specification.
In SUSv3, pthread_create() says "The alternate stack shall not be inherited
(when new threads are initialized)".  It means that sigaltstack should be
cleared when sigaltstack memory space is shared by cloned threads with
CLONE_SIGHAND.

Note that I chose "if (clone_flags & CLONE_SIGHAND)" line because:
  - If clone_flags line is not existed, fork() does not inherit sigaltstack.
  - CLONE_VM is another choice, but vfork() does not inherit sigaltstack.
  - CLONE_SIGHAND implies CLONE_VM, and it looks suitable.
  - CLONE_THREAD is another candidate, and includes CLONE_SIGHAND + CLONE_VM,
    but this flag has a bit different semantics.
I decided to use CLONE_SIGHAND.

[ Changed to test for CLONE_VM && !CLONE_VFORK after discussion --Linus ]

Signed-off-by: GOTO Masanori <gotom@sanori.org>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Linus Torvalds <torvalds@osdl.org>
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Benjamin Herrenschmidt
63e1fd41c7 [PATCH] macintosh: correct AC Power info in /proc/pmu/info
Report AC Power present in /proc/pmu/info if there is no battery.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Michael Hunold
6acaba8e22 [PATCH] Restore tuning capabilities in V4L2 MXB driver
The behaviour of the all-in-one Video4Linux tuner driver apparently
changed.  It now wants to know the tv standard, otherwise it refuses to
tune.

Restore tuning functionality in my driver for the "Multimedia eXtension
Board".  The all-in-one tuner driver apparently changed its behaviour.

Signed-off-by: Michael Hunold <hunold@linuxtv.org>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
David Brownell
3cb4f09fc2 [PATCH] mtd_dataflash, fix block vs page erase
Fix a bug in the block-erase optimization for Dataflash; it was using block
erase even for smaller segments that need page erase.

That wouldn't matter for JFFS2, which never erases less than one block
(sometimes several blocks), but for other callers it might.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: David Woodhouse <dwmw2@infradead.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00