Choices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
skb_clone_fraglist is static so it shouldn't be exported.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
SCTP currently permits users to bind to link-local addresses,
but doesn't verify that the scope id specified at bind matches
the interface that the address is configured on. It was report
that this can hang a system.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In-kernel sockets created with sock_create_kern don't usually
have a file and file descriptor allocated to them. As a result,
when SCTP tries to check the non-blocking flag, we Oops when
dereferencing a NULL file pointer.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Correctly dereference bytes_copied in sctp_copy_laddrs().
I totally must have spaced when doing this.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] always allow dump_stack() to produce a backtrace
[ARM] Fix non-page aligned boot time mappings
[ARM] 4458/1: pxa: Fix CKEN usage and hence fix pxa suspend/resume
[ARM] 4454/1: Use word accesses in Versatile PCI config reads
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: document some of keycodes
Input: add a new EV_SW SW_RADIO event, for radio switches on laptops
Input: serio - take drv_mutex in serio_cleanup()
Input: atkbd - use printk_ratelimit for spurious ACK messages
Input: atkbd - throttle LED switching
Input: i8042 - add HP Pavilion ZT1000 to the MUX blacklist
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Update defconfigs
[POWERPC] Uninline and export virq_to_hw() for the pasemi_mac driver
[POWERPC] Fix PMI breakage in cbe_cbufreq driver
[POWERPC] Disable old EMAC driver in arch/powerpc
Commit b46b8f19c9 fixed a couple of bugs
by switching the redzone to 64 bits. Unfortunately, it neglected to
ensure that the _second_ redzone, after the slab object, is aligned
correctly. This caused illegal instruction faults on sparc32, which for
some reason not entirely clear to me are not trapped and fixed up.
Two things need to be done to fix this:
- increase the object size, rounding up to alignof(long long) so
that the second redzone can be aligned correctly.
- If SLAB_STORE_USER is set but alignof(long long)==8, allow a
full 64 bits of space for the user word at the end of the buffer,
even though we may not _use_ the whole 64 bits.
This patch should be a no-op on any 64-bit architecture or any 32-bit
architecture where alignof(long long) == 4. Of the others, it's tested
on ppc32 by myself and a very similar patch was tested on sparc32 by
Mark Fortescue, who reported the new problem.
Also, fix the conditions for FORCED_DEBUG, which hadn't been adjusted to
the new sizes. Again noticed by Mark.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Don't make this dependent on CONFIG_DEBUG_KERNEL - if we hit a WARN_ON
we need the stack trace to work out how we got to that point.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Yeah, we could have just disabled it, but there's work on a new one that
isn't as fundamentally broken, so there really doesn't seem to be any
point in keeping it around.
The recent timer cleanup broke the only valid use, and when I say
"valid", I obviously mean "totally broken". So it's not like it works,
or really even can work in the current format that uses the unsafe
"panic" LED blinking routines..
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
AT91SAM9260 stopped booting with the recent changes to MM
initialisation - it was asking for a non-aligned virtual address
which caused loops to be non-terminal. Fix this by rounding
virtual addresses down, but remember to include the offset in
the length, and round the length up to the following page.
This means that asking for a mapping of 4K starting at 2K into
a page maps two pages as one would expect.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] VSMP: Fix initialization ordering bug.
[MIPS] Add whitelists for checksyscalls.sh
[MIPS] die(): Properly declare as non-returning
[MIPS] Fix include wrapper symbol definitions in IP32 code.
This marks the declaration of die() correctly, removing "control reaches
end of non-void function" warnings from non-void functions that die() at
the end.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Some IP35 defines snuck into some IP32-specific code during the DMA re-write.
Signed-off-by: Joshua Kinard <kumba@gentoo.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
We should have stopped returning 1 from read_dnode() to indicate
failure. We can just mark the damn thing obsolete immediately. But I
missed a case where we don't.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
When Andi reverted the HPET resource reservation (in commit
0f8dc2f065), he didn't remove the now
unused variables, which just causes gcc to be noisy.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Badari Pulavarty reported a case of this BUG_ON is triggering during
testing. It's completely bogus and should be removed.
It's trying to notice if we left references to the dio hanging around in
the sync case. They should have been dropped as IO completed while this
path was in dio_await_completion(). This condition will also be
checked, via some twisty logic, by the BUG_ON(ret != -EIOCBQUEUED) a few
lines lower. So to start this BUG_ON() is redundant.
More fatally, it's dereferencing dio-> after having dropped its
reference. It's only safe to dereference the dio after releasing the
lock if the final reference was just dropped. Another CPU might free
the dio in bio completion and reuse the memory after this path drops the
dio lock but before the BUG_ON() is evaluated.
This patch passed aio+dio regression unit tests and aio-stress on ext3.
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
With this change it works again when the nmi watchdog is disabled.
Signed-off-by: Andi Kleen <ak@suse.de>
Cc: Björn Steinbrink <B.Steinbrink@gmx.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matthias Lenk reports that the PCI subsystem would move the HPET on
SB400/SB600-based systems, where the HPET is in BAR1 of the SMbus
controller.
The reason? The ACPI layer registered the PCI MMIO range as being busy
too early, before PCI enumeration had happened, causing the PCI layer to
decide that it should relocate the resources somewhere else.
Firmware resources should be marked busy _after_ the PCI enumeration and
probing has happened, not before.
Remove the too-early reservation, we'll fix it up to do it properly
later. In the meantime, this solves the regression.
Tested-by: Matthias Lenk <matthias.lenk@amd.com>
Cc: Aaron Durbin <adurbin@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of ssh://master.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb:
V4L/DVB (5822): Fix the return value in ttpci_budget_init()
V4L/DVB (5818): CinergyT2: fix flush_workqueue() vs work->func() deadlock
V4L/DVB (5816): Cx88-blackbird: fix vidioc_g_tuner never ending list of tuners
V4L/DVB (5808): Bttv: fix v4l1 breaking the driver
If we move the local_irq_enable() to the end of the function then
add_partial() in early_kmem_cache_node_alloc() will be called
with interrupts disabled like during regular operations.
This makes lockdep happy.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Tested-by: Andre Noll <maan@systemlinux.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The clock_was_set() call in seconds_overflow() which happens only when
leap seconds are inserted / deleted is wrong in two aspects:
1. it results in a call to on_each_cpu() with interrupts disabled
2. it is potential deadlock source vs. call_lock in smp_call_function()
The only possible side effect of the removal might be, that an absolute
CLOCK_REALTIME timer fires 1 second too late, in the rare case of leap
second deletion and an absolute CLOCK_REALTIME timer which expires in
the affected time frame. It will never fire too early.
This was probably observed by the reporter of a June 30th -> July 1st
hang: http://lkml.org/lkml/2007/7/3/103
A similar problem was observed by Dave Jones, who provided a screen shot
with a lockdep back trace, which allowed to analyse the problem.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/ide/setup-pci.c: In function 'ide_scan_pcibus':
drivers/ide/setup-pci.c:879: warning: ignoring return value of '__pci_register_driver', declared with attribute warn_unused_result
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Recently the PLL input clock of Promise 2027x is sometimes detected
higher than expected (e.g. 20.027 MHz compared to 16.714 MHz).
It seems sometimes the mdelay() function is not as precise as it
used to be. Per Alan's advice, HT or power management might affect
the precision of mdelay().
This patch calls gettimeofday() to measure the time elapsed and
calculate the PLL input clock accordingly.
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Bahadir Balban <bahadir.balban@gmail.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
SWDMA modes are unsupported by it821x. Attempts to tune SWDMA modes always
fail (due to sanity check in ->speedproc) and result in PIO being tuned.
* Fix incorrect SWDMA mask so core code won't try these modes and will just
tune PIO if no other DMA modes are available.
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
* Driver can't skip programming transfer mode on the device in amd_set_drive()
(similar fix has been applied to via82cxxx driver ages ago).
* While at it remove redundant warning (ide_config_drive_speed() already
produces more valuable one).
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
The HPT36x chips finally turned out to have the channel enable bits -- however,
badly implemented. Make use of them despite it's probably only going to burden
the driver's code -- assuming both channels are always enabled by the HighPoint
BIOS anyway...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: Linas Vepstas <linas@austin.ibm.com>
Cc: michal.kepien@poczta.onet.pl
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add the MAXTOR STM3320620A drive into the UltraDMA/66 mode blacklist
for the HPT36x chips.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Found by a static analyser. It is in theory possible we dereference
dev->id when it has become invalid. Re-order to avoid this.
Not needed for new-ide as we no longer support the crazy exabyte nest stuff
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Look at wait_drive_not_busy in drivers/ide/ide-taskfile.c:
static u8 wait_drive_not_busy(ide_drive_t *drive)
{
ide_hwif_t *hwif = HWIF(drive);
int retries = 100;
u8 stat;
/*
* Last sector was transfered, wait until drive is ready.
* This can take up to 10 usec, but we will wait max 1 ms
* (drive_cmd_intr() waits that long).
*/
while (((stat = hwif->INB(IDE_STATUS_REG)) & BUSY_STAT) && retries--)
udelay(10);
if (!retries)
printk(KERN_ERR "%s: drive still BUSY!\n", drive->name);
return stat;
}
`printk' is never called because `retries' never holds zero at the
outside of `while' loop: when `retries' holds zero at the while's loop
condition, `retries' will hold -1 at the if condition.
Signed-off-by: Masatake YAMATO <jet@gyve.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Cc: joe@perches.com
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
if the call to budget_register() fails in ttpci_budget_int(),
ttpci_budget_init() returns success. The attached patch will
fix this problem.
Signed-off-by: Hartmut Birr <e9hack@googlemail.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Spotted and tested by Thomas Sattler <tsattler@gmx.de>.
cinergyT2.c does cancel_delayed_work() + flush_scheduled_work() while
holding cinergyt2->sem. This leads to deadlock because work->func()
needs the same mutex to complete. Another bug is that this code in fact
can't reliably stop the re-arming delayed_work.
Convert this code to use cancel_rearming_delayed_work() and move it
out of ->sem. Another mutex, ->wq_sem, was added to protect against the
concurrent open/resume.
This patch is a horrible hack to fix the lockup which happens in practice.
As Dmitry Torokhov pointed out this driver has other problems and needs
further changes.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
v4l-info and other programs would loop indefinitely while querying the
tuners for cx88-blackbird cards.
The cause was that vidioc_g_tuner didn't return an error value for
qctrl->id != 0, making the application think there is a never ending
list of tuners...
This patch adds the same index check as done in vidioc_g_tuner() in
cx88-video.
Signed-off-by: Jelle Foks <jelle@foks.8m.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
If one uses a V4L *one* application, such as vlc or mplayer's v4l driver, as
the first user after the driver is loaded, the driver wedges itself and will
never capture properly. Even if one uses a V4L2 application later, it still
won't work.
If one uses a V4L *two* application first, such as tvtime or mplayer's v4l2
driver, then the driver will be ok. One can then run a V4L1 application, and
it will work.
It turns out the problem is with norm changing and the crop support that was
added in 2.6.21. The driver defaults to PAL, and keeps the last norm it was
set too across opens. If one changes the norm via V4L1, the cropping
parameters are not reset like they should be, and they'll remain broken across
device opens.
This patch removes the direct setting of btv->tvnorm in the V4L1 ioctl
VIDIOCSCHAN handler. The norm is set via the existing call to set_input(),
which calls set_tvnorm(), which will reset the cropping values now that it is
able to detect the norm change.
Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
PCMCIA doesn't use DMA and as this driver is used on many platforms we
don't want it to fail on those that define the DMA alloc API as a NULL
return
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
We got it backwards and now the other detects are fixed it shows up
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
host->irq and host->irq2 should be set before ata_host_register() for
IRQ reporting to work. Move up host->irq assignment in
ata_host_activate() and add it to ata_pci_init_one() native path and
pata_cs5520.
The port info printing in ata_host_register() doesn't fit all the
different controllers. It should probably be moved out to LLDs with
some helpers in the future.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Need to check for special case "acpi_osi=!Linux" before handling the
general case "acpi_osi=!*", or it will have no effect.
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/cooloney/blackfin-2.6:
Blackfin arch: remove zero-sized include/asm-blackfin/macros.h
Blackfin arch: update board defconfig files
Blackfin arch: Fix up remaining printks with proper log levels
Blackfin arch: Add proper -mcpu option according to the cpu and silicon revision configuration
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
3c589_cs: fix local_bh_enable warning
RESEND [PATCH 3/3] NetXen: Graceful teardown of interface and hardware upon module unload
drivers/net/ns83820.c: fix a check-after-use
net/usb/cdc_ether minor sparse cleanup
RESEND [PATCH 2/3] NetXen: Support per PCI-function interrupt mask registers
RESEND [PATCH 1/3] NetXen: Fix issue of MSI not working correctly
dm9601: Return 0 from bind() on success
Update MAINTAINERS for USB network devices
usbnet: Zero padding byte if there is tail room in skb
dm9601: HW header size shouldn't be included in packet length
starfire list alpha as 64 bit arch
myri10ge: SET_NETDEV_DEV()
gianfar: Fix typo bug introduced by move to udp_hdr()
[PATCH] libertas: remove private ioctls
[PATCH] libertas: fix WPA associations by handling ENABLE_RSN correctly
[PATCH] libertas: kill wlan_scan_process_results
[PATCH] libertas: style fixes