- 21 4月, 2011 1 次提交
-
-
由 Vasiliy Kulikov 提交于
page_count is copied from userspace. agp_allocate_memory() tries to check whether this number is too big, but doesn't take into account the wrap case. Also agp_create_user_memory() doesn't check whether alloc_size is calculated from num_agp_pages variable without overflow. This may lead to allocation of too small buffer with following buffer overflow. Another problem in agp code is not addressed in the patch - kernel memory exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not checked whether requested pid is a pid of the caller (no check in agpioc_reserve_wrap()). Each allocation is limited to 16KB, though, there is no per-process limit. This might lead to OOM situation, which is not even solved in case of the caller death by OOM killer - the memory is allocated for another (faked) process. Signed-off-by: NVasiliy Kulikov <segoon@openwall.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
- 20 4月, 2011 8 次提交
-
-
由 Cédric Cano 提交于
agd5f: fix commit message. Signed-off-by: NCedric Cano <ccano@interfaceconcept.com> Reviewed-by: NMichel Dänzer <michel@daenzer.net> Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Prefer min m to max p only on pre-r7xx asics. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=36197Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Cc: stable@kernel.org Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Marcin Slusarz 提交于
Commit 73412c38 ("drm/nouveau: allocate kernel's notifier object at end of block") intended to align end of notifier block to page boundary, but start of block was miscalculated to be off by -16 bytes. Fix it. Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com> Cc: Ben Skeggs <bskeggs@redhat.com> Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
-
由 Marcin Slusarz 提交于
nouveau_bo_wr32 expects offset to be in words, but we pass value in bytes, so after commit 73412c38 ("drm/nouveau: allocate kernel's notifier object at end of block") we started to overwrite some memory after notifier buffer object (previously m2mf_ntfy was always 0, so it didn't matter it was a value in bytes). Reported-by: NDominik Brodowski <linux@dominikbrodowski.net> Reported-by: NNigel Cunningham <lkml@nigelcunningham.com.au> Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com> Cc: Ben Skeggs <bskeggs@redhat.com> Cc: Pekka Paalanen <pq@iki.fi> Cc: stable@kernel.org [2.6.38] Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
-
由 Ben Skeggs 提交于
Problem introduced with commit 6ba9a683Reported-by: NBob Gleitsmann <rjgleits@bellsouth.net> Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
-
由 Ben Skeggs 提交于
Caught with kmemcheck on unrelated business. Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
-
由 Ben Skeggs 提交于
Wasn't aware they even existed, apparently they do! They're actually AGP chips with a bridge as far as I can tell, which puts them in the same boat as nv40/nv45. Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
-
由 Ben Skeggs 提交于
Fixes a possible lock ordering reversal between context_switch_lock and ramin_lock. Signed-off-by: NBen Skeggs <bskeggs@redhat.com> Reviewed-by: NFrancisco Jerez <currojerez@riseup.net>
-
- 15 4月, 2011 3 次提交
-
-
由 Alex Deucher 提交于
This patch fixes two issues: - A disabled crtc does not use any lb, so return 0 for lb size. This makes the display priority calculation more exact. - Only use 1/2 and whole lb partitions. Using smaller partitions can cause underflow to one of the displays if you have multiple large displays on the same lb. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=34534Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Sometimes the i2c test in i2c_bit_add_bus fails if this happens we fail to register the i2c adapter and eventually fail to add the connector. If i2c fails, add the connector to the user can at least force it on. Note that some distros set i2c-algo-bit.bit_test to 1 by default which sometimes fails preventing the ddc i2c adapter from being added. The i2c adapter works even if the bit test fails, probably due to pre/post_xfer not getting called in the test_bit function. I have another patch to follow up on that. See: https://bugs.freedesktop.org/show_bug.cgi?id=36221Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Noticed by Patrick Lowry. Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Cc: stable@kernel.org Signed-off-by: NDave Airlie <airlied@redhat.com>
-
- 13 4月, 2011 8 次提交
-
-
由 Dave Airlie 提交于
This reverts commit 0a0883c8. this was in my tree by accident, I meant to rebase it out and didn't realise in time. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
This reverts commit 69a07f0b. We've tracked a number of problems back to this, and Thomas thinks we should redesign this for .40/41 anyways so I'm happy to revert it. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Konstantin Khlebnikov 提交于
fix Kconfig warning: (DRM_I915 && STUB_POULSBO) selects ACPI_VIDEO which has unmet direct dependencies (ACPI && X86 && BACKLIGHT_CLASS_DEVICE && VIDEO_OUTPUT_CONTROL && INPUT) Signed-off-by: NKonstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Change vddci as well as vddc when changing power modes on evergreen/ni. Also, properly set vddci on boot up for ni cards. The vbios only sets the limited clocks and voltages on boot until the mc ucode is loaded. This should fix stability problems on some btc cards. Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
This is needed for setting voltages other than vddc. Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
btc and cayman asics use the same callback for pcie port registers. Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Apparently only rv515 asics need the workaround added in f24d86f1 (drm/radeon/kms: fix resume regression for some r5xx laptops). Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=34709Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Cc: stable@kernel.org Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
As per Konrad's original patch, the dummy page used by the gart code and allocated in radeon_gart_init() was not freed properly in radeon_gart_fini(). At the same time r6xx and newer allocated and freed the dummy page on their own. So to do Konrad's patch one better, just remove the allocation and freeing of the dummy page in the r6xx, 7xx, evergreen, and ni code and allocate and free in the gart_init/fini() functions for all asics. Cc: Jerome Glisse <jglisse@redhat.com> Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Acked-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
- 09 4月, 2011 5 次提交
-
-
由 Alex Deucher 提交于
Switch some errors to debug output. These are generally harmless and tend to confuse users. Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
Prefer minm over maxp. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=35994Signed-off-by: NAlex Deucher <alexdeucher@gmail.com> Cc: stable@kernel.org Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Michel Dänzer 提交于
Signed-off-by: NMichel Dänzer <daenzer@vmware.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Michel Dänzer 提交于
This is necessary even with PCI(e) GART, and it makes writeback work even with AGP on my PowerBook. Might still be unreliable with older revisions of UniNorth and other AGP bridges though. Signed-off-by: NMichel Dänzer <daenzer@vmware.com> Reviewed-by: NAlex Deucher <alex.deucher@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
This has always used a big hammer, but that hammer is probably too big, I'm also not sure its necessary but at least this should be safe. Should fix: https://bugzilla.kernel.org/show_bug.cgi?id=23592Signed-off-by: NDave Airlie <airlied@redhat.com>
-
- 08 4月, 2011 2 次提交
-
-
由 Peter Korsgaard 提交于
Since 1c48a5c9 (dt: Eliminate of_platform_{,un}register_driver) mpc8xxx_wdt no longer builds as it tries to refer to a 'match' variable rather than ofdev->dev.of_match that it checks just before. Signed-off-by: NPeter Korsgaard <jacmet@sunsite.dk> Acked-by: NGrant Likely <grant.likely@secretlab.ca> Signed-off-by: NWim Van Sebroeck <wim@iguana.be>
-
由 Youquan Song 提交于
Fix build failure issue for hv_mouse When build 2.6.39-rc1 kernel, it will be blocked at build hv_mouse. drivers/staging/hv/hv_mouse.c: In function ‘ReleaseInputDevice’: drivers/staging/hv/hv_mouse.c:293: error: implicit declaration of function ‘udelay’ Signed-off-by: NYouquan Song <youquan.song@intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 07 4月, 2011 13 次提交
-
-
由 Feng Tang 提交于
Commit f44f7f96 ("RTC: Initialize kernel state from RTC") caused a boot regression on the MRST platform. The reason is that rtc_device_register() calls rtc_read_alarm() after that change, which function does not have all driver data set up yet. The rtc-mrst driver needs to call dev_set_drvdata() before rtc_device_register() gets called. Signed-off-by: NFeng Tang <feng.tang@intel.com> Signed-off-by: NAlan Cox <alan@linux.intel.com> Acked-by: NJohn Stultz <john.stultz@linaro.org> Cc: Alessandro Zummo <a.zummo@towertech.it> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: http://lkml.kernel.org/r/1302140384-27571-1-git-send-email-feng.tang@intel.comSigned-off-by: NIngo Molnar <mingo@elte.hu>
-
由 Arjan Mels 提交于
For isochronous packets the actual_length is the sum of the actual length of each of the packets, however between the packets might be padding, so it is not sufficient to just send the first actual_length bytes of the buffer. To fix this and simultanesouly optimize the bandwidth the content of the isochronous packets are send without the padding, the padding is restored on the receiving end. Signed-off-by: NArjan Mels <arjan.mels@gmx.net> Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net> Cc: Max Vozeler <max@vozeler.com> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Arjan Mels 提交于
The number_of_packets was not transmitted for RET_SUBMIT packets. The linux client used the stored number_of_packet from the submitted request. The windows userland client does not do this however and needs to know the number_of_packets to determine the size of the transmission. Signed-off-by: NArjan Mels <arjan.mels@gmx.net> Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net> Cc: Max Vozeler <max@vozeler.com> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Arjan Mels 提交于
When doing a usb port reset do a queued reset instead to prevent a deadlock: the reset will cause the driver to unbind, causing the usb_driver_lock_for_reset to stall. Signed-off-by: NArjan Mels <arjan.mels@gmx.net> Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net> Cc: Max Vozeler <max@vozeler.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Arjan Mels 提交于
When shuting down the tcp_rx and tcp_tx threads first check if they are not closed already (maybe because an error caused them to return). Signed-off-by: NArjan Mels <arjan.mels@gmx.net> Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net> Cc: Max Vozeler <max@vozeler.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Haiyang Zhang 提交于
After Quick Migration, the network is not immediately operational in the current context when receiving RNDIS_STATUS_MEDIA_CONNECT event. So, I added another netif_notify_peers() into a scheduled work, otherwise GARP packet will not be sent after quick migration, and cause network disconnection. Thanks to Mike Surcouf <mike@surcouf.co.uk> for reporting the bug and testing the patch. Reported-by: NMike Surcouf <mike@surcouf.co.uk> Tested-by: NMike Surcouf <mike@surcouf.co.uk> Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com> Signed-off-by: NHank Janssen <hjanssen@microsoft.com> Signed-off-by: NAbhishek Kane <v-abkane@microsoft.com> Signed-off-by: NK. Y. Srinivasan <kys@microsoft.com> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Matthew Garrett 提交于
The 11" Macbook Air appears to claim that its stride is 1366, when it's actually 2048. Override it. Signed-off-by: NMatthew Garrett <mjg@redhat.com> Signed-off-by: NPeter Jones <pjones@redhat.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Peter Jones 提交于
Some machines apparently give us bogus linelength/stride/pitch data, so we need to support letting the DMI table override the supplied data. I bet you can't guess whose machines I'm talking about. Signed-off-by: NPeter Jones <pjones@redhat.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Matthew Garrett 提交于
It's expected that efifb will conflict with a native driver, so the handover message should be informational rather than an error. Signed-off-by: NMatthew Garrett <mjg@redhat.com> Acked-by: NDave Airlie <airlied@redhat.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Tormod Volden 提交于
The else clause was not needed after the cleanup in commit b8901b09Signed-off-by: NTormod Volden <debian.tormod@gmail.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Tormod Volden 提交于
In practice this means enabling I2C (for DDC2) on all prosavage cards, like the xorg ddx does. The savage4 and savage2000 families have only one member each, so there is no change for those. Tested on TwisterK. Signed-off-by: NTormod Volden <debian.tormod@gmail.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Tormod Volden 提交于
MM_SERIAL1 was already defined, but not used. Signed-off-by: NTormod Volden <debian.tormod@gmail.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Julia Lawall 提交于
Error handling code following a kmalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @r exists@ local idexpression x; statement S; expression E; identifier f,f1,l; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...); ... if (x == NULL) S <... when != x when != if (...) { <+...x...+> } ( x->f1 = E | (x->f1 == NULL || ...) | f(...,x->f1,...) ) ...> ( return \(0\|<+...x...+>\|ptr\); | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line) // </smpl> Signed-off-by: NJulia Lawall <julia@diku.dk> Acked-by: NMike Frysinger <vapier@gentoo.org> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-