Commit graph

74295 commits

Author SHA1 Message Date
Johannes Berg
c1428b3f45 mac80211: fix allmulti/promisc behaviour
When an interface with promisc/allmulti bit is taken down,
the mac80211 state can become confused. This fixes it by
making mac80211 keep track of all *active* interfaces that
have the promisc/allmulti bit set in the sdata, we sync
the interface bit into sdata at set_multicast_list() time
so this works.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-11-20 16:20:31 -05:00
Johannes Berg
b52f2198ac mac80211: fix ieee80211_set_multicast_list
I recently experienced unexplainable behaviour with the b43
driver when I had broken firmware uploaded. The cause may have
been that promisc mode was not correctly enabled or disabled
and this bug may have been the cause.

Note how the values are compared later in the function so
just doing the & will result in the wrong thing being
compared and the test being false almost always.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-11-20 16:20:30 -05:00
Jack Morgenstein
9ed87fd34c mlx4_core: Fix state check in mlx4_qp_modify()
When checking the states passed in, mlx4_qp_modify() accidentally checks
cur_state twice rather than checking cur_state and new_state.  Fix this
to make sure that both values are in-bounds.

Since these values may be passed in from userspace, this bug results in
userspace being able to trigger an oops.

Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Cc: stable <stable@kernel.org>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-11-20 13:01:28 -08:00
Jaroslav Kysela
7cb41c65b3 [ALSA] version 1.0.15
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 20:16:43 +01:00
Ralph Campbell
4187b915a0 IB/ipath: Normalize error return codes for posting work requests
The error codes for ib_post_send(), ib_post_recv(), and ib_post_srq_recv()
were inconsistent. Use EINVAL for too many SGEs and ENOMEM for too many
WRs.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-11-20 11:05:42 -08:00
Ralph Campbell
14de986a0b IB/ipath: Fix offset returned to ibv_modify_srq()
The wrong offset was being returned to libipathverbs so that when
ibv_modify_srq() calls mmap(), it always fails.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-11-20 11:04:41 -08:00
Ralph Campbell
8a278e6d57 IB/ipath: Fix error path in QP creation
This patch fixes the code which frees the partially allocated QP
resources if there was an error while creating the QP. In particular,
the QPN wasn't deallocated and the QP wasn't removed from the hash
table.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-11-20 11:04:10 -08:00
Takashi Iwai
aa299d01f1 [ALSA] emu10k1 - Check value ranges in ctl callbacks
Check value ranges in ctl callbacks properly.  This fixes the unexpected
crash due to wrong value assignment.
Also, remove invalid comments in the last patch.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 20:03:39 +01:00
James Courtier-Dutton
74415a3676 [ALSA] emu10k1: Add mixer controls parameter checking.
Signed-off-by: James Courtier-Dutton <James@superbug.co.uk>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 20:03:32 +01:00
Ralph Campbell
fb74dacb0f IB/ipath: Fix offset returned to ibv_resize_cq()
The wrong offset was being returned to libipathverbs so that when
ibv_resize_cq() calls mmap(), it always fails.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-11-20 11:03:26 -08:00
Timur Tabi
4df20535ec [ALSA] fix private data pointer calculation in CS4270 driver
Fix the calculation of the private_data pointer in the CS4270 driver.

Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 19:52:37 +01:00
Takashi Iwai
3743544624 [ALSA] portman2x4 - Fix probe error
Reported by Ingo Molnar,
when booting an allyesconfig bzImage kernel the bootup hangs in the
portman2x4 driver (on a box that does not have this hardware), at:
 Pid: 1, comm:              swapper
 EIP: 0060:[<c02f763c>] CPU: 0
 EIP is at parport_pc_read_status+0x4/0x8
  EFLAGS: 00000202    Not tainted  (2.6.23-rc9 #904)
 EAX: f7e57a7f EBX: 00000010 ECX: c2b808c0 EDX: 00000379
 ESI: f7cb8230 EDI: 00000010 EBP: f7cb8230 DS: 007b ES: 007b FS: 0000
 CR0: 8005003b CR2: fff9c000 CR3: 007ec000 CR4: 00000690
 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
 DR6: ffff0ff0 DR7: 00000400
  [<c04613de>] portman_flush_input+0xde/0x12c
  [<c0461a24>] snd_portman_probe+0x368/0x484
  [<c02fbb8c>] __device_attach+0x0/0x8
  [<c02fce68>] platform_drv_probe+0xc/0x10
  [<c02fba6c>] driver_probe_device+0x74/0x194
  [<c0587174>] klist_next+0x38/0x70
  [<c02fbb8c>] __device_attach+0x0/0x8
  [<c02faea1>] bus_for_each_drv+0x35/0x68
  [<c02fbc22>] device_attach+0x72/0x78
the reason is due to an inconsistent error return code of 1 or 2, while
snd_portman_probe only realizes negative error codes.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 19:52:19 +01:00
Takashi Iwai
3371256028 [ALSA] ca0106 - Fix write proc assignment
The driver assigns the write proc callback to read wrongly.
Fixed now.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 19:52:14 +01:00
Krzysztof Helt
1700139acb [ALSA] s3c2443-ac97: compilation fix
The Samsung S3C24xx uses new architecture file layout in the post 2.6.23
kernel.  This patch fixes include path for the s3c2443-ac97.c.

Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 19:52:05 +01:00
Takashi Iwai
6020c008df [ALSA] hda-codec - Revert volume knob controls in STAC codecs
Volume knob controls with STAC codecs seem to cause problems with some
devices.  Volumes change very slowly or silent suddenly.  It's likely
due to conflict between the software and the hardware volume knob
setup.
Since we'll have a virtual master control in future, it's safer to
remove this control completely right now.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-11-20 19:52:00 +01:00
Evgeniy Polyakov
1f305323ff [NETFILTER]: Fix kernel panic with REDIRECT target.
When connection tracking entry (nf_conn) is about to copy itself it can
have some of its extension users (like nat) as being already freed and
thus not required to be copied.

Actually looking at this function I suspect it was copied from
nf_nat_setup_info() and thus bug was introduced.

Report and testing from David <david@unsolicited.net>.

[ Patrick McHardy states:

	I now understand whats happening:

	- new connection is allocated without helper
	- connection is REDIRECTed to localhost
	- nf_nat_setup_info adds NAT extension, but doesn't initialize it yet
	- nf_conntrack_alter_reply performs a helper lookup based on the
	   new tuple, finds the SIP helper and allocates a helper extension,
	   causing reallocation because of too little space
	- nf_nat_move_storage is called with the uninitialized nat extension

	So your fix is entirely correct, thanks a lot :)  ]

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-20 04:27:35 -08:00
David S. Miller
0a06ea8718 [WIRELESS] WEXT: Fix userspace corruption on 64-bit.
On 64-bit systems sizeof(struct ifreq) is 8 bytes larger than
sizeof(struct iwreq).

For GET calls, the wireless extension code copies back into userspace
using sizeof(struct ifreq) but userspace and elsewhere only allocates
a "struct iwreq".  Thus, this copy writes past the end of the iwreq
object and corrupts whatever sits after it in memory.

Fix the copy_to_user() length.

This particularly hurts the compat case because the wireless compat
code uses compat_alloc_userspace() and right after this allocated
buffer is the current bottom of the user stack, and that's what gets
overwritten by the copy_to_user() call.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-20 03:29:53 -08:00
Cornelia Huck
c5d4a9997b [S390] cio: Register/unregister subchannels only from kslowcrw.
Make sure all subchannel handling is done on the slow path workqueue
so that we don't have races between an old subchannel unregistering
and a new subchannel with the same name registering.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:49 +01:00
Heiko Carstens
06770a6e7d [S390] Add missing die_notifier() call to die().
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:48 +01:00
Heiko Carstens
a2cb07376e [S390] Fix memory detection.
Before we're getting short on memory detection fixes here is the next
one: if neither sclp nor diag260 report the storage size the detection
loop will return immediately without detecting anything. Fix this by
breaking the detection loop only if the memory end is known.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:48 +01:00
Christoph Lameter
70cf5035de [S390] Explicitly code allocpercpu calls in iucv
The iucv is the only user of the various functions that are used to bring
parts of cpus up and down. Its the only allocpercpu user that will do
I/O on per cpu objects (which is difficult to do with virtually mapped memory).
And its the only use of allocpercpu where a GFP_DMA allocation is done.

Remove the allocpercpu calls from iucv and code the allocation and freeing
manually. After this patch it is possible to remove a large part of
the allocpercpu API.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:47 +01:00
Heiko Carstens
677d762319 [S390] Dont overwrite lowcores on smp_send_stop().
Don't perform a sigp store-status-at-address on smp_send_stop().
It will overwrite the lowcores of other cpus and destroys valueable
debug informations.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:47 +01:00
Christian Borntraeger
ce7e9fae8d [S390] Optimize storage key handling for anonymous pages
page_mkclean used to call page_clear_dirty for every given page. This
is different to all other architectures, where the dirty bit in the
PTEs is only resetted, if page_mapping() returns a non-NULL pointer.
We can move the page_test_dirty/page_clear_dirty sequence into the
2nd if to avoid unnecessary iske/sske sequences, which are expensive.

This change also helps kvm for s390 as the host must transfer the
dirty bit into the guest status bits. By moving the page_clear_dirty
operation into the 2nd if, the vm will only call page_clear_dirty
for pages where it walks the mapping anyway. There it calls
ptep_clear_flush for writable ptes, so we can transfer the dirty bit
to the guest.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:46 +01:00
Heiko Carstens
b8e7a54cd0 [S390] Fix kernel preemption.
When returning from IRQ handling and TIF_NEED_RESCHED is set we must
call preempt_schedule_irq() instead of schedule().
Otherwise the BKL might be unlocked in schedule() and therfore
everything that relies on the BKL is broken.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:46 +01:00
Heiko Carstens
37e3a6ac5a [S390] appldata: remove unused binary sysctls.
Remove binary sysctls that never worked due to missing strategy functions.

Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Gerald Schaefer <geraldsc@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:45 +01:00
Heiko Carstens
43ebbf119a [S390] cmm: remove unused binary sysctls.
Remove binary sysctls that never worked due to missing strategy functions.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:45 +01:00
Heiko Carstens
411788ea7f [S390] Fix irq tracing and lockdep_sys_exit calls.
Current support for TRACE_IRQFLAGS and lockdep_sys_exit is broken.
IRQ flag tracing is broken for program checks. Even worse is that
the newly introduced calls to lockdep_sys_exit are in the critical
section code which is not supposed to call any C functions. In
addition the checks if locks are still held are also done when
returning to kernel code which is broken as well.
Fix all this by disabling interrupts and machine checks at the
exit paths and then do the appropriate checks and calls.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:45 +01:00
Christian Borntraeger
7aa8dac7ac [S390] magic sysrq: check for in_atomic before doing an console_unblank
When doing an magic sysrq reboot on s390 the following bug message
appears:

SysRq : Resetting
BUG: sleeping function called from invalid context at include/asm/semaphore.h:61

in_atomic():1, irqs_disabled():0
07000000004002a8 000000000fe6bc48 0000000000000002 0000000000000000
       000000000fe6bce8 000000000fe6bc60 000000000fe6bc60 000000000012a79a
       0000000000000000 07000000004002a8 0000000000000006 0000000000000000
       0000000000000000 000000000fe6bc48 000000000000000d 000000000fe6bcb8
       00000000004000c8 0000000000103234 000000000fe6bc48 000000000fe6bc90
Call Trace:
(¬<00000000001031b2>| show_trace+0x12e/0x148)
 ¬<000000000011ffca>| __might_sleep+0x10a/0x118
 ¬<0000000000129fba>| acquire_console_sem+0x92/0xf4
 ¬<000000000012a2ca>| console_unblank+0xc2/0xc8
 ¬<0000000000107bb4>| machine_restart+0x54/0x6c
 ¬<000000000028e806>| sysrq_handle_reboot+0x26/0x30
 ¬<000000000028e52a>| __handle_sysrq+0xa6/0x180
 ¬<0000000000140134>| run_workqueue+0xcc/0x18c
 ¬<000000000014029a>| worker_thread+0xa6/0x108
 ¬<00000000001458e4>| kthread+0x64/0x9c
 ¬<0000000000106f0e>| kernel_thread_starter+0x6/0xc
 ¬<0000000000106f08>| kernel_thread_starter+0x0/0xc

The only reason for doing a console_unblank on s390 is to flush the
log buffer. We have to check for in_atomic before doing a
console_unblank as the console is otherwise filled with an unrelated
bug message.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:44 +01:00
Peter Oberparleiter
3b8c88993e [S390] cio: change device sense procedure to work with pav aliases
Modify the sense id channel program to allow device sensing of pav
alias devices which belong to a base device with ungrouped paths.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-11-20 11:13:44 +01:00
Joe Perches
a572da4373 [IRDA]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:48:30 -08:00
Joe Perches
c3c9d45828 [SUNRPC]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:48:08 -08:00
Joe Perches
9ee46f1d31 [SCTP]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:47:47 -08:00
Joe Perches
3b6d821c4f [IPV6]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:47:25 -08:00
Joe Perches
3a47a68b05 [BRIDGE]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:46:55 -08:00
Joe Perches
464c4f184a [IPV4]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:46:29 -08:00
Joe Perches
4756daa3b6 [DCCP]: Add missing "space"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:46:02 -08:00
Benjamin Herrenschmidt
0b47759db5 [POWERPC] Fix 8xx build breakage due to _tlbie changes
My changes to _tlbie to fix 4xx unfortunately broke 8xx build in a
couple of places.  This fixes it.

Spotted by Olof Johansson.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Vitaly Bordug <vitb@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-11-20 18:42:00 +11:00
Paul Mackerras
072ef40e08 Merge branch 'for-2.6.24' of master.kernel.org:/pub/scm/linux/kernel/git/galak/powerpc into merge 2007-11-20 18:40:23 +11:00
Sam Jansen
5487796f0c [TCP]: Problem bug with sysctl_tcp_congestion_control function
From: "Sam Jansen" <sjansen@google.com>

sysctl_tcp_congestion_control seems to have a bug that prevents it
from actually calling the tcp_set_default_congestion_control
function. This is not so apparent because it does not return an error
and generally the /proc interface is used to configure the default TCP
congestion control algorithm.  This is present in 2.6.18 onwards and
probably earlier, though I have not inspected 2.6.15--2.6.17.

sysctl_tcp_congestion_control calls sysctl_string and expects a successful
return code of 0. In such a case it actually sets the congestion control
algorithm with tcp_set_default_congestion_control. Otherwise, it returns the
value returned by sysctl_string. This was correct in 2.6.14, as sysctl_string
returned 0 on success. However, sysctl_string was updated to return 1 on
success around about 2.6.15 and sysctl_tcp_congestion_control was not updated.
Even though sysctl_tcp_congestion_control returns 1, do_sysctl_strategy
converts this return code to '0', so the caller never notices the error.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:28:21 -08:00
Ilpo Järvinen
6e42141009 [TCP] MTUprobe: fix potential sk_send_head corruption
When the abstraction functions got added, conversion here was
made incorrectly. As a result, the skb may end up pointing
to skb which got included to the probe skb and then was freed.
For it to trigger, however, skb_transmit must fail sending as
well.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 23:24:09 -08:00
Pavel Emelyanov
1f8170b0ec [PKTGEN]: Fix double unlock of xfrm_state->lock
The pktgen_output_ipsec() function can unlock this lock twice
due to merged error and plain paths. Remove one of the calls
to spin_unlock.

Other possible solution would be to place "return 0" right 
after the first unlock, but at this place the err is known 
to be 0, so these solutions are the same except for this one
makes the code shorter.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-19 22:51:24 -08:00
Len Brown
e6532b8883 Pull fluff into release branch
Conflicts:

	drivers/acpi/ec.c

Signed-off-by: Len Brown <len.brown@intel.com>
2007-11-20 01:21:47 -05:00
Len Brown
d89a9bda14 Pull video-2.6.24 into release branch 2007-11-20 01:20:57 -05:00
Len Brown
d12dbbfe94 Pull thinkpad-2.6.24 into release branch 2007-11-20 01:20:42 -05:00
Len Brown
614a6bbecc Pull thermal into release branch 2007-11-20 01:20:31 -05:00
Len Brown
c2e46d2e2a Pull procfs-default into release branch
Conflicts:

	drivers/acpi/sbs.c

Signed-off-by: Len Brown <len.brown@intel.com>
2007-11-20 01:20:00 -05:00
Len Brown
95b00786f3 Pull cpuidle into release branch 2007-11-20 01:18:37 -05:00
Len Brown
22201f7402 Pull bugzilla-9327 into release branch 2007-11-20 01:18:19 -05:00
Len Brown
5824b45126 Pull bugzilla-9262 into release branch 2007-11-20 01:18:07 -05:00
Len Brown
7833b4ae46 Pull bugzilla-9153 into release branch 2007-11-20 01:17:54 -05:00