1. 23 9月, 2008 2 次提交
  2. 21 9月, 2008 1 次提交
  3. 19 9月, 2008 6 次提交
    • R
      e100: Use pci_pme_active to clear PME_Status and disable PME# · e7272403
      Rafael J. Wysocki 提交于
      Currently e100 uses pci_enable_wake() to clear pending wake-up events
      and disable PME# during intitialization, but that function is not
      suitable for this purpose, because it immediately returns error code
      if device_may_wakeup() returns false for given device.
      
      Make e100 use pci_pme_active(), which carries out exactly the
      required operations, instead.
      Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      e7272403
    • C
      e1000: prevent corruption of EEPROM/NVM · 78566fec
      Christopher Li 提交于
      Andrey reports e1000 corruption, and that a patch in vmware's ESX fixed
      it.
      
      The EEPROM corruption is triggered by concurrent access of the EEPROM
      read/write. Putting a lock around it solve the problem.
      
      [akpm@linux-foundation.org: use DEFINE_SPINLOCK to avoid confusing lockdep]
      Signed-off-by: NChristopher Li <chrisl@vmware.com>
      Reported-by: NAndrey Borzenkov <arvidjaar@mail.ru>
      Cc: Zach Amsden <zach@vmware.com>
      Cc: Pratap Subrahmanyam <pratap@vmware.com>
      Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
      Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
      Cc: Bruce Allan <bruce.w.allan@intel.com>
      Cc: PJ Waskiewicz <peter.p.waskiewicz.jr@intel.com>
      Cc: John Ronciak <john.ronciak@intel.com>
      Cc: Jeff Garzik <jeff@garzik.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      78566fec
    • Y
      forcedeth: call restore mac addr in nv_shutdown path · f55c21fd
      Yinghai Lu 提交于
      after
      
      | commit f735a2a1
      | Author: Tobias Diedrich <ranma+kernel@tdiedrich.de>
      | Date:   Sun May 18 15:02:37 2008 +0200
      |
      |    [netdrvr] forcedeth: setup wake-on-lan before shutting down
      |
      |    When hibernating in 'shutdown' mode, after saving the image the suspend hook
      |    is not called again.
      |    However, if the device is in promiscous mode, wake-on-lan will not work.
      |    This adds a shutdown hook to setup wake-on-lan before the final shutdown.
      |
      |    Signed-off-by: Tobias Diedrich <ranma+kernel@tdiedrich.de>
      |    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
      
      my servers with nvidia ck804 and mcp55 will reverse mac address with kexec.
      
      it turns out that we need to restore the mac addr in nv_shutdown().
      
      [akpm@linux-foundation.org: fix typo in printk]
      Signed-off-by: NYinghai Lu <yhlu.kernel@gmail.com>
      Cc: Tobias Diedrich <ranma+kernel@tdiedrich.de>
      Cc: Ayaz Abdulla <aabdulla@nvidia.com>
      Cc: Jeff Garzik <jeff@garzik.org>
      Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      f55c21fd
    • B
      bnx2: Promote vector field in bnx2_irq structure from u16 to unsigned int · 27ed9ddf
      Benjamin Li 提交于
      The bnx2 driver stores/uses the irq value from the pci_dev internally.
      But when it stores the irq value, it has been performing an
      integer demotion.  Because of the recent changes made to
      arch/x86/kernel/io_apic.c, the new method in creating the irq value
      (using build_irq_for_pci_dev()) has exposed this bug on x86 systems.
      
      Because of this demotion when calling request_irq() from
      bnx2_request_irq(), the driver would get a return code of -EINVAL.
      This is because the kernel could not find the requested irq descriptor.
      By storing the irq value properly, the kernel can find the correct
      irq descriptor and the bnx2 driver can operate normally.
      Signed-off-by: NBenjamin Li <benli@broadcom.com>
      Signed-off-by: NMichael Chan <mchan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      27ed9ddf
    • V
      sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH · add52379
      Vlad Yasevich 提交于
      If INIT-ACK is received with SupportedExtensions parameter which
      indicates that the peer does not support AUTH, the packet will be
      silently ignore, and sctp_process_init() do cleanup all of the
      transports in the association.
      When T1-Init timer is expires, OOPS happen while we try to choose
      a different init transport.
      
      The solution is to only clean up the non-active transports, i.e
      the ones that the peer added.  However, that introduces a problem
      with sctp_connectx(), because we don't mark the proper state for
      the transports provided by the user.  So, we'll simply mark
      user-provided transports as ACTIVE.  That will allow INIT
      retransmissions to work properly in the sctp_connectx() context
      and prevent the crash.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      add52379
    • V
      sctp: do not enable peer features if we can't do them. · 0ef46e28
      Vlad Yasevich 提交于
      Do not enable peer features like addip and auth, if they
      are administratively disabled localy.  If the peer resports
      that he supports something that we don't, neither end can
      use it so enabling it is pointless.  This solves a problem
      when talking to a peer that has auth and addip enabled while
      we do not.  Found by Andrei Pelinescu-Onciul <andrei@iptel.org>.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0ef46e28
  4. 18 9月, 2008 1 次提交
  5. 16 9月, 2008 1 次提交
  6. 13 9月, 2008 1 次提交
  7. 12 9月, 2008 3 次提交
    • D
    • V
      netlink: fix overrun in attribute iteration · 1045b03e
      Vegard Nossum 提交于
      kmemcheck reported this:
      
        kmemcheck: Caught 16-bit read from uninitialized memory (f6c1ba30)
        0500110001508abf050010000500000002017300140000006f72672e66726565
         i i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u
                                         ^
      
        Pid: 3462, comm: wpa_supplicant Not tainted (2.6.27-rc3-00054-g6397ab9-dirty #13)
        EIP: 0060:[<c05de64a>] EFLAGS: 00010296 CPU: 0
        EIP is at nla_parse+0x5a/0xf0
        EAX: 00000008 EBX: fffffffd ECX: c06f16c0 EDX: 00000005
        ESI: 00000010 EDI: f6c1ba30 EBP: f6367c6c ESP: c0a11e88
         DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
        CR0: 8005003b CR2: f781cc84 CR3: 3632f000 CR4: 000006d0
        DR0: c0ead9bc DR1: 00000000 DR2: 00000000 DR3: 00000000
        DR6: ffff4ff0 DR7: 00000400
         [<c05d4b23>] rtnl_setlink+0x63/0x130
         [<c05d5f75>] rtnetlink_rcv_msg+0x165/0x200
         [<c05ddf66>] netlink_rcv_skb+0x76/0xa0
         [<c05d5dfe>] rtnetlink_rcv+0x1e/0x30
         [<c05dda21>] netlink_unicast+0x281/0x290
         [<c05ddbe9>] netlink_sendmsg+0x1b9/0x2b0
         [<c05beef2>] sock_sendmsg+0xd2/0x100
         [<c05bf945>] sys_sendto+0xa5/0xd0
         [<c05bf9a6>] sys_send+0x36/0x40
         [<c05c03d6>] sys_socketcall+0x1e6/0x2c0
         [<c020353b>] sysenter_do_call+0x12/0x3f
         [<ffffffff>] 0xffffffff
      
      This is the line in nla_ok():
      
        /**
         * nla_ok - check if the netlink attribute fits into the remaining bytes
         * @nla: netlink attribute
         * @remaining: number of bytes remaining in attribute stream
         */
        static inline int nla_ok(const struct nlattr *nla, int remaining)
        {
                return remaining >= sizeof(*nla) &&
                       nla->nla_len >= sizeof(*nla) &&
                       nla->nla_len <= remaining;
        }
      
      It turns out that remaining can become negative due to alignment in
      nla_next(). But GCC promotes "remaining" to unsigned in the test
      against sizeof(*nla) above. Therefore the test succeeds, and the
      nla_for_each_attr() may access memory outside the received buffer.
      
      A short example illustrating this point is here:
      
        #include <stdio.h>
      
        main(void)
        {
                printf("%d\n", -1 >= sizeof(int));
        }
      
      ...which prints "1".
      
      This patch adds a cast in front of the sizeof so that GCC will make
      a signed comparison and fix the illegal memory dereference. With the
      patch applied, there is no kmemcheck report.
      Signed-off-by: NVegard Nossum <vegard.nossum@gmail.com>
      Acked-by: NThomas Graf <tgraf@suug.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1045b03e
    • M
      [Bluetooth] Fix regression from using default link policy · 7c6a329e
      Marcel Holtmann 提交于
      To speed up the Simple Pairing connection setup, the support for the
      default link policy has been enabled. This is in contrast to settings
      the link policy on every connection setup. Using the default link policy
      is the preferred way since there is no need to dynamically change it for
      every connection.
      
      For backward compatibility reason and to support old userspace the
      HCISETLINKPOL ioctl has been switched over to using hci_request() to
      issue the HCI command for setting the default link policy instead of
      just storing it in the HCI device structure.
      
      However the hci_request() can only be issued when the device is
      brought up. If used on a device that is registered, but still down
      it will timeout and fail. This is problematic since the command is
      put on the TX queue and the Bluetooth core tries to submit it to
      hardware that is not ready yet. The timeout for these requests is
      10 seconds and this causes a significant regression when setting up
      a new device.
      
      The userspace can perfectly handle a failure of the HCISETLINKPOL
      ioctl and will re-submit it later, but the 10 seconds delay causes
      a problem. So in case hci_request() is called on a device that is
      still down, just fail it with ENETDOWN to indicate what happens.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      7c6a329e
  8. 11 9月, 2008 1 次提交
  9. 10 9月, 2008 1 次提交
    • N
      ipv6: Fix OOPS in ip6_dst_lookup_tail(). · e550dfb0
      Neil Horman 提交于
      This fixes kernel bugzilla 11469: "TUN with 1024 neighbours:
      ip6_dst_lookup_tail NULL crash"
      
      dst->neighbour is not necessarily hooked up at this point
      in the processing path, so blindly dereferencing it is
      the wrong thing to do.  This NULL check exists in other
      similar paths and this case was just an oversight.
      
      Also fix the completely wrong and confusing indentation
      here while we're at it.
      
      Based upon a patch by Evgeniy Polyakov.
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e550dfb0
  10. 09 9月, 2008 23 次提交