Fix possible buffer overrun.
The patch to b43 by Michael Buesch <mb@bu3sch.de> has been ported to
b43legacy.
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The rfkill subsystem doesn't like code like that
rfkill_allocate();
rfkill_register();
rfkill_unregister();
rfkill_register(); /* <- This will crash */
This sequence happens with
modprobe b43
ifconfig wlanX up
ifconfig wlanX down
ifconfig wlanX up
Fix this by always re-allocating the rfkill stuff before register.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
wl->mutex might already be locked on initialization.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If i reaches zero, the loop ends, but the postfix decrement subtracts it to -1.
Testing for 'i == 0', later in the function, will not fulfill its purpose.
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix section mismatch warning:
WARNING: vmlinux.o(.data+0x36fcc): Section mismatch: reference to .init.data:prism2_pci_id_table (between 'prism2_pci_drv_id' and 'prism2_pci_funcs')
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00 is broken when it comes down to adhoc and master mode.
The main problem is the beaconing, which is completely failing.
Untill a solution has been found, both beacon requiring modes
must be disabled to prevent numerous bug reports.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Properly account for queue commands, this fixes a problem reported
by Holger Schurig when using the debugfs interface.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Incoming packets have to be aligned or the IP stack becomes upset.
Make sure to shift them two bytes to achieve this.
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fixes for slow hardware.
Signed-off-by: Vitaly V. Bursov <vitalyvb@ukr.net>
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The Intel device supported by the hermes driver core is the IPW2011. The
"Intel PRO/Wireless" wording suggests the later Centrino devices and may
be confusing to some users.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Various symptoms depending on the .config options:
- the card stops working after some (short) time
- the card does not work at all
- the card disappears (nothing in lspci/dmesg)
A real power-off is needed to recover the card.
Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
The 8168c and the 8100e choke on it. I have not seen an indication
nor received a report that the TBI is being actively used on the
remaining 8168b and 8110. Let's disable it for now until someone
complains.
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Cc: Matthias Winkler <m.winkler@unicon-ka.de>
Cc: Maarten Vanraes <maarten.vanraes@gmail.com>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
This patch adds LAN91C111 ethernet interface support for zylonite
(a.k.a Marvell's PXA3xx Development Platform) with smc91x driver.
It would be better if a patch would support zylonite along with all
other PXA boards with a single binary of smc91x driver, but it looks
quite difficult for the moment, so ugly #ifdef is still used here.
Signed-off-by: Aleksey Makarov <amakarov@ru.mvista.com>
Acked-by: eric miao <eric.miao@marvell.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The PCI AER support may not work for a couple of reasons.
It may not be configured into the kernel or there may be a BIOS
bug that prevents MMCONFIG from working. If MMCONFIG doesn't work
then the PCI registers that control AER will not be accessible via
pci_read_config functions; luckly there is another window to access
PCI space in the device, so use that.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The IRQ's is already masked on shutdown, and on startup avoid
touching PHY until after phy_init().
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Don't need to change LED's after auto negotiation, the chip
sets them correctly.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Increse phy delay and handle I/O errors.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The D-Link PCI-X board (and maybe others) can lie about status
ring entries. It seems it will update the register for last status
index before completing the DMA for the ring entry. To avoid reading
stale data, zap the old entry and check.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
On some boards, PCI configuration space access is turned off by default.
The 2.6.24 driver doesn't turn it on, and should have.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Experience suggests that the _GTF method may be bad. We currently fail
device revalidation in that case, which seems excessive.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
[ jdike - Pushing Chuck's patch - see
http://lkml.org/lkml/2005/9/16/261 for some history and a test
program. UML is also broken without this patch - its processes get
SIGBUS from the corrupt 6th argument to mmap being interpretted as a
file offset ]
When the 32-bit vDSO is used to make a system call, the %ebp register for
the 6th syscall arg has to be loaded from the user stack (where it's pushed
by the vDSO user code). The native i386 kernel always does this before
stopping for syscall tracing, so %ebp can be seen and modified via ptrace
to access the 6th syscall argument. The x86-64 kernel fails to do this,
presenting the stack address to ptrace instead. This makes the %rbp value
seen by 64-bit ptrace of a 32-bit process, and the %ebp value seen by a
32-bit caller of ptrace, both differ from the native i386 behavior.
This patch fixes the problem by putting the word loaded from the user stack
into %rbp before calling syscall_trace_enter, and reloading the 6th syscall
argument from there afterwards (so ptrace can change it). This makes the
behavior match that of i386 kernels.
Original-Patch-By: Roland McGrath <roland@redhat.com>
Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
The addr argument to PTRACE_GET_THREAD_AREA and PTRACE_SET_THREAD_AREA is
not a magic constant. It's derived from the segment register values being
used, which are computed originally from the index used with set_thread_area.
The value does not need to match what a native i386 kernel would accept.
It needs to match the segment selectors that can actually be in use in this
32-bit process. The 64-bit ptrace support for PTRACE_GET_THREAD_AREA
(normally used only on 32-bit processes) is correct, but the 32-bit emulation
of ptrace is broken.
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Use struct boot_params instead of PARAM + 0xoffsets.
Fixes one of many Voyager build problems.
arch/x86/kernel/setup_32.c:543: error: 'PARAM' undeclared (first use in this function)
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: James Bottomley <James.Bottomley@steeleye.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
compat_exit_robust_list() computes a pointer to the
futex entry in userspace as follows:
(void __user *)entry + futex_offset
'entry' is a 'struct robust_list __user *', and
'futex_offset' is a 'compat_long_t' (typically a 's32').
Things explode if the 32-bit sign bit is set in futex_offset.
Type promotion sign extends futex_offset to a 64-bit value before
adding it to 'entry'.
This triggered a problem on sparc64 running 32-bit applications which
would lock up a cpu looping forever in the fault handling for the
userspace load in handle_futex_death().
Compat userspace runs with address masking (wherein the cpu zeros out
the top 32-bits of every effective address given to a memory operation
instruction) so the sparc64 fault handler accounts for this by
zero'ing out the top 32-bits of the fault address too.
Since the kernel properly uses the compat_uptr interfaces, kernel side
accesses to compat userspace work too since they will only use
addresses with the top 32-bit clear.
Because of this compat futex layer bug we get into the following loop
when executing the get_user() load near the top of handle_futex_death():
1) load from address '0xfffffffff7f16bd8', FAULT
2) fault handler clears upper 32-bits, processes fault
for address '0xf7f16bd8' which succeeds
3) goto #1
I want to thank Bernd Zeimetz, Josip Rodin, and Fabio Massimo Di Nitto
for their tireless efforts helping me track down this bug.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] IOSAPIC bogus error cleanup
[IA64] Update printing of feature set bits
[IA64] Fix IOSAPIC delivery mode setting
[IA64] XPC heartbeat timer function must run on CPU 0
[IA64] Clean up /proc/interrupts output
[IA64] Disable/re-enable CPE interrupts on Altix
[IA64] Clean-up McKinley Errata message
[IA64] Add gate.lds to list of files ignored by Git
[IA64] Fix section mismatch in contig.c version of per_cpu_init()
[IA64] Wrong args to memset in efi_gettimeofday()
[IA64] Remove duplicate includes from ia32priv.h
[IA64] fix number of bytes zeroed by sys_fw_init() in arch/ia64/hp/sim/boot/fw-emu.c
[IA64] Fix perfmon sysctl directory modes
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6: (26 commits)
sh: remove dead config symbols from SH code
sh: Kill off broken snapgear ds1302 code.
sh: Add a dummy vga.h.
rtc: rtc-sh: Zero out tm value for invalid rtc states.
rtc: sh-rtc: Handle rtc_device_register() failure properly.
sh: Fix heartbeart on Solution Engine series
sh: Remove SCI_NPORTS from sh-sci.h
sh: Fix up PAGE_KERNEL_PCC() for nommu.
sh: hs7751rvoip: Kill off dead IPR IRQ mappings.
sh: hs7751rvoip: irq.c needs linux/interrupt.h.
sh: Kill off __{copy,clear}_user_page().
sh: Optimized copy_{to,from}_user_page() for SH-4.
sh: Wire up clear_user_highpage().
sh: Kill off the remaining ST40 cruft.
superhyway: Handle device_register() retval properly.
sh: kgdb sysrq depends on magic sysrq.
sh: Add -Werror for clean directories.
sh: Fix up kgdb build with modular sh-sci.
sh: Export __{s,u}divsi3_i4i on all CPUs.
sh: Fix up kgdb-on-NMI branch target.
...
When a share is mounted using no username, cifs_mount sets
volume_info.username as a NULL pointer, and the sesInfo userName as an
empty string. The volume_info.username is passed to a couple of other
functions to see if there is an existing unc or tcp connection that can
be used. These functions assume that the username will be a valid
string that can be passed to strncmp. If the pointer is NULL, then the
kernel will oops if there's an existing session to which the string
can be compared.
This patch changes cifs_mount to set volume_info.username to an empty
string in this situation, which prevents the oops and should make it
so that the comparison to other null auth sessions match.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (37 commits)
[POWERPC] EEH: Make sure warning message is printed
[POWERPC] Make altivec code in swsusp_32.S depend on CONFIG_ALTIVEC
[POWERPC] windfarm: Fix windfarm thread freezer interaction
[POWERPC] Fix si_addr value on low level hash failures
[POWERPC] Refresh ppc64_defconfig and enable pasemi-related options
[POWERPC] pasemi: Update defconfig
[POWERPC] iSeries: Fix ref counting in vio setup
[POWERPC] ] Fix memset size error
[POWERPC] Fix link errors for allyesconfig
[POWERPC] iSeries_init_IRQ non-PCI tidy
[POWERPC] Change fallocate to match unistd.h on powerpc
[POWERPC] EEH: Avoid crash on null device
[POWERPC] EEH: Drivers that need reset trump others
[POWERPC] EEH: Clean up comments
[POWERPC] Fix off-by-one error in setting decrementer on Book E/4xx (v2)
[POWERPC] Fix switch_slb handling of 1T ESID values
[POWERPC] Fix build failure when CONFIG_VIRT_CPU_ACCOUNTING is not defined
[POWERPC] Include udbg.h when using udbg_printf
[POWERPC] Fix cache line vs. block size confusion
[POWERPC] Fix sysctl table check failure on PowerMac
...
The old NO_IRQ define some platforms had was long ago declared obsolete
and wrong. FRV should therefore not be re-introducing this, especially as
IRQs are usually unsigned in the kernel. The "no IRQ" case is defined to be
zero and Linus made this rather clear at the time.
arch/frv shows no dependancy on this but it might show up driver fixes
needing doing I guess
Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Use "is_power_of_2" macro for simplicity.
[SPARC]: Remove duplicate includes.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux: add more validity checks on policy load
SELinux: fix bug in new ebitmap code.
SELinux: suppress a warning for 64k pages.
Remove the section annotation on FRV's free_initmem(). It can't be marked
__init, lest it free itself.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch adds a proper prototype for migration_init() in
include/linux/sched.h
Since there's no point in always returning 0 to a caller that doesn't check
the return value it also changes the function to return void.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
SMP balancing is done with IRQs disabled and can iterate the full rq.
When rqs are large this can cause large irq-latencies. Limit the nr of
iterations on each run.
This fixes a scheduling latency regression reported by the -rt folks.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Tested-by: Gregory Haskins <ghaskins@novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Sukadev Bhattiprolu reported a kernel crash with control groups.
There are couple of problems discovered by Suka's test:
- The test requires the cgroup filesystem to be mounted with
atleast the cpu and ns options (i.e both namespace and cpu
controllers are active in the same hierarchy).
# mkdir /dev/cpuctl
# mount -t cgroup -ocpu,ns none cpuctl
(or simply)
# mount -t cgroup none cpuctl -> Will activate all controllers
in same hierarchy.
- The test invokes clone() with CLONE_NEWNS set. This causes a a new child
to be created, also a new group (do_fork->copy_namespaces->ns_cgroup_clone->
cgroup_clone) and the child is attached to the new group (cgroup_clone->
attach_task->sched_move_task). At this point in time, the child's scheduler
related fields are uninitialized (including its on_rq field, which it has
inherited from parent). As a result sched_move_task thinks its on
runqueue, when it isn't.
As a solution to this problem, I moved sched_fork() call, which
initializes scheduler related fields on a new task, before
copy_namespaces(). I am not sure though whether moving up will
cause other side-effects. Do you see any issue?
- The second problem exposed by this test is that task_new_fair()
assumes that parent and child will be part of the same group (which
needn't be as this test shows). As a result, cfs_rq->curr can be NULL
for the child.
The solution is to test for curr pointer being NULL in
task_new_fair().
With the patch below, I could run ns_exec() fine w/o a crash.
Reported-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Signed-off-by: Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
clean up the preemption check to not use unnecessary 64-bit
variables. This improves code size:
text data bss dec hex filename
44227 3326 36 47589 b9e5 sched.o.before
44201 3326 36 47563 b9cb sched.o.after
Signed-off-by: Ingo Molnar <mingo@elte.hu>
wakeup preemption fix: do not make it dependent on p->prio.
Preemption purely depends on ->vruntime.
This improves preemption in mixed-nice-level workloads.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
remove PREEMPT_RESTRICT. (this is a separate commit so that any
regression related to the removal itself is bisectable)
Signed-off-by: Ingo Molnar <mingo@elte.hu>