- 25 10月, 2006 4 次提交
-
-
由 Patrick McHardy 提交于
As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible to a fragmentation attack causing false negatives on extension header matches. When extension headers occur in the non-first fragment after the fragment header (possibly with an incorrect nexthdr value in the fragment header) a rule looking for this extension header will never match. Drop fragments that are at offset 0 and don't contain the final protocol header regardless of the ruleset, since this should not happen normally. Since all extension headers are before the protocol header this makes sure an extension header is either not present or in the first fragment, where we can properly parse it. With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Patrick McHardy 提交于
As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible to a fragmentation attack causing false negatives on protocol matches. When the protocol header doesn't follow the fragment header immediately, the fragment header contains the protocol number of the next extension header. When the extension header and the protocol header are sent in a second fragment a rule like "ip6tables .. -p udp -j DROP" will never match. Drop fragments that are at offset 0 and don't contain the final protocol header regardless of the ruleset, since this should not happen normally. With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Patrick McHardy 提交于
xfrm_state_num needs to be increased for XFRM_STATE_ACQ states created by xfrm_state_find() to prevent the counter from going negative when the state is destroyed. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Al Viro 提交于
memcpy 4 bytes to address of auto unsigned long variable followed by comparison with u32 is a bloody bad idea. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 24 10月, 2006 5 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog: (33 commits) [WATCHDOG] remove experimental on iTCO_wdt.c [WATCHDOG] Atmel AT91RM9200 rename. [WATCHDOG] includes for sample watchdog program. [WATCHDOG] watchdog/iTCO_wdt: fix bug related to gcc uninit warning [WATCHDOG] add ich8 support to iTCO_wdt.c (patch 2) [WATCHDOG] add ich8 support to iTCO_wdt.c [WATCHDOG] ioremap balanced with iounmap for drivers/char/watchdog/s3c2410_wdt.c [WATCHDOG] w83697hf/hg WDT driver - Kconfig patch [WATCHDOG] w83697hf/hg WDT driver - autodetect patch [WATCHDOG] w83697hf/hg WDT driver - patch 16 [WATCHDOG] w83697hf/hg WDT driver - patch 15 [WATCHDOG] w83697hf/hg WDT driver - patch 14 [WATCHDOG] w83697hf/hg WDT driver - patch 13 [WATCHDOG] w83697hf/hg WDT driver - patch 12 [WATCHDOG] w83697hf/hg WDT driver - patch 11 [WATCHDOG] w83697hf/hg WDT driver - patch 10 [WATCHDOG] w83697hf/hg WDT driver - patch 9 [WATCHDOG] w83697hf/hg WDT driver - patch 8 [WATCHDOG] w83697hf/hg WDT driver - patch 7 [WATCHDOG] w83697hf/hg WDT driver - patch 6 ...
-
由 Linus Torvalds 提交于
In commit 4e8a5201 ("[PKT_SCHED] netem: Orphan SKB when adding to queue.") Davem mistakenly also included a temporary diff in his tree that disabled the pci_fixup_video VGA quirk, which broke sparc64. This reverts that part of the commit. Sayeth Davem: "Greg KH has a patch coming to you soon which will move that VGA code back into x86/x86_64/IA64 specific areas and will fix the sparc64 problem properly." Special thanks to Claudio Martins <ctpm@ist.utl.pt> for noticing the error in the first place. Cc: Claudio Martins <ctpm@ist.utl.pt> Cc: David Miller <davem@davemloft.net> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Russell King 提交于
Eliminate more __must_check madness. The return code from device_for_each_child() depends on the values which the helper function returns. If the helper function always returns zero, it's utterly pointless to check the return code from device_for_each_child(). The only code which knows if the return value should be checked is the caller itself, so forcing the return code to always be checked is silly. Hence, remove the __must_check annotation. Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/perex/alsa由 Linus Torvalds 提交于
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/perex/alsa: [ALSA] hda-intel - Add check of MSI availabity [ALSA] version 1.0.13 [ALSA] Fix addition of user-defined boolean controls [ALSA] Fix AC97 power-saving mode [ALSA] Fix re-use of va_list [ALSA] hda_intel: add ATI RS690 HDMI audio support [ALSA] hda-codec - Add model entry for ASUS U5F laptop [ALSA] Fix dependency of snd-adlib driver in Kconfig [ALSA] Various fixes for suspend/resume of ALSA PCI drivers [ALSA] hda-codec - Fix assignment of PCM devices for Realtek codecs [ALSA] sound/isa/opti9xx/opti92x-ad1848.c: check kmalloc() return value [ALSA] sound/isa/ad1816a/ad1816a.c: check kmalloc() return value [ALSA] sound/isa/cmi8330.c: check kmalloc() return value [ALSA] sound/isa/gus/interwave.c: check kmalloc() return value
-
- 23 10月, 2006 8 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6: JFS: pageno needs to be long
-
由 Linus Torvalds 提交于
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [PKT_SCHED] netem: Orphan SKB when adding to queue. [NET]: kernel-doc fix for sock.h [NET]: Reduce sizeof(struct flowi) by 20 bytes. [IPv6] fib: initialize tb6_lock in common place to give lockdep a key [ATM] nicstar: Fix a bogus casting warning [ATM] firestream: handle thrown error [ATM]: No need to return void [ATM]: handle sysfs errors [DCCP] ipv6: Fix opt_skb leak. [DCCP]: Fix Oops in DCCPv6
-
由 Linus Torvalds 提交于
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC64]: 8-byte align return value from compat_alloc_user_space()
-
由 Linus Torvalds 提交于
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: Convert INTC2 to IRQ table registration. sh: Updates for irq-flow-type naming changes. sh: Add some missing board headers. sh: Fix exception_handling_table alignment. sh: Cleanup board header directories. sh: Remove board-specific ide.h headers. sh: Proper show_stack/show_trace() implementation.
-
由 Takashi Iwai 提交于
Check the availability of MSI and turn off MSI automatically when it's not available on the hardware. MSI seems broken on some hardwares but the kernel doesn't know exactly, thus we have to turn the MSI feature off on the sound driver manually. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 David S. Miller 提交于
Otherwise we get a ton of unaligned exceptions, for cases such as compat_sys_msgrcv() which go: p = compat_alloc_user_space(second + sizeof(struct msgbuf)); and here 'second' can for example be an arbitrary odd value. Based upon a bug report from Jurij Smakov. Signed-off-by: NDavid S. Miller <davem@davemloft.net> -
由 David S. Miller 提交于
The networking emulator can queue SKBs for a very long time, so if you're using netem on the sender side for large bandwidth/delay product testing, the SKB socket send queue sizes become artificially larger. Correct this by calling skb_orphan() in netem_enqueue(). Signed-off-by: NDavid S. Miller <davem@davemloft.net> -
由 Randy Dunlap 提交于
Fix kernel-doc warning in include/net/sock.h: Warning(/var/linsrc/linux-2619-rc1-pv//include/net/sock.h:894): No description found for parameter 'rcu' Signed-off-by: NRandy Dunlap <rdunlap@xenotime.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 10月, 2006 23 次提交
-
-
由 Jaroslav Kysela 提交于
Signed-off-by: NJaroslav Kysela <perex@suse.cz> -
由 Takashi Iwai 提交于
Fixed the addition of user-defined boolean controls, the private data size is corrected to be handled properly. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
Fix the bug in AC97 power-saving mode that the power isn't turned on when power_save is set to 1 via sysfs during the power off state. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
The va_list is designed to be used only once. The current code may pass va_list arguments multiple times and may cause Oops. Copy/release the arguments temporarily to avoid this problem. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Felix Kuehling 提交于
This patch adds support for the HDMI codec of the ATI RS690 IGP northbridge. Signed-off-by: NFelix Kuehling <fkuehlin@ati.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
Added a model entry for ASUS U5F laptop with AD1986A codec. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
Added the missing dependency on CONFIG_SND for snd-adlib driver. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
- Check the return value of pci_enable_device() and request_irq() in the suspend. If any error occurs there, disable the device using snd_card_disconnect(). - Call pci_set_power_state() properly with pci_choose_state(). - Fix the order to call pci_set_power_state(). - Removed obsolete house-made PM codes in some drivers. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Takashi Iwai 提交于
Fixed the assignment of PCM devices for Realtek codecs. The secondary analog capture should be statically asigned to the third device regardless whether SPDIF exists or not. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Amit Choudhary 提交于
Check the return value of kmalloc() in function snd_card_opti9xx_pnp(), in file sound/isa/opti9xx/opti92x-ad1848.c. Signed-off-by: NAmit Choudhary <amit2030@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Amit Choudhary 提交于
Check the return value of kmalloc() in function snd_card_ad1816a_pnp(), in file sound/isa/ad1816a/ad1816a.c. Signed-off-by: NAmit Choudhary <amit2030@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Amit Choudhary 提交于
Check the return value of kmalloc() in function snd_cmi8330_pnp(), in file sound/isa/cmi8330.c. Signed-off-by: NAmit Choudhary <amit2030@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Amit Choudhary 提交于
Check the return value of kmalloc() in function snd_interwave_pnp(), in file sound/isa/gus/interwave.c. Signed-off-by: NAmit Choudhary <amit2030@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJaroslav Kysela <perex@suse.cz>
-
由 Eric Dumazet 提交于
As suggested by David, just kill off some unused fields in dnports to reduce sizef(struct flowi). If they come back, they should be moved to nl_u.dn_u in order not to enlarge again struct flowi [ Modified to really delete this stuff instead of using #if 0. -DaveM ] Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Graf 提交于
Signed-off-by: NThomas Graf <tgraf@suug.ch> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alan Cox 提交于
Not enough to make Nicstar 64bit friendly but got squashed in passing so might as well be applied Signed-off-by: NAlan Cox <alan@redhat.com> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jeff Garzik 提交于
gcc emits the following warning: drivers/atm/firestream.c: In function ‘fs_open’: drivers/atm/firestream.c:870: warning: ‘tmc0’ may be used uninitialized in this function This indicates a real bug. We should check make_rate() return value for potential errors. Signed-off-by: NJeff Garzik <jeff@garzik.org> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Tobias Klauser 提交于
The module_exit function has return-type void and pci_unregister_driver() returns void anyway. Signed-off-by: NTobias Klauser <tklauser@distanz.ch> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jeff Garzik 提交于
Signed-off-by: NJeff Garzik <jeff@garzik.org> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Based upon a patch from Jesper Juhl. Try to match the TCP IPv6 code this was copied from as much as possible, so that it's easy to see where to add the ipv6 pktoptions support code. Signed-off-by: NDavid S. Miller <davem@davemloft.net> -
由 Gerrit Renker 提交于
I think I got the cause for the Oops observed in http://www.mail-archive.com/dccp@vger.kernel.org/msg00578.html The problem is always with applications listening on PF_INET6 sockets. Apart from the mentioned oops, I observed another one one, triggered at irregular intervals via timer interrupt: run_timer_softirq -> dccp_keepalive_timer -> inet_csk_reqsk_queue_prune -> reqsk_free -> dccp_v6_reqsk_destructor The latter function is the problem and is also the last function to be called in said kernel panic. In any case, there is a real problem with allocating the right request_sock which is what this patch tackles. It fixes the following problem: - application listens on PF_INET6 - DCCPv4 packet comes in, is handed over to dccp_v4_do_rcv, from there to dccp_v4_conn_request Now: socket is PF_INET6, packet is IPv4. The following code then furnishes the connection with IPv6 - request_sock operations: req = reqsk_alloc(sk->sk_prot->rsk_prot); The first problem is that all further incoming packets will get a Reset since the connection can not be looked up. The second problem is worse: --> reqsk_alloc is called instead of inet6_reqsk_alloc --> consequently inet6_rsk_offset is never set (dangling pointer) --> the request_sock_ops are nevertheless still dccp6_request_ops --> destructor is called via reqsk_free --> dccp_v6_reqsk_destructor tries to free random memory location (inet6_rsk_offset not set) --> panic I have tested this for a while, DCCP sockets are now handled correctly in all three scenarios (v4/v6 only/v4-mapped). Commiter note: I've added the dccp_request_sock_ops forward declaration to keep the tree building and to reduce the size of the patch for 2.6.19, later I'll move the functions to the top of the affected source code to match what we have in the TCP counterpart, where this problem hasn't existed in the first place, dumb me not to have done the same thing on DCCP land 8) Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: NArnaldo Carvalho de Melo <acme@mandriva.com>
-
git://one.firstfloor.org/home/andi/git/linux-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6: [PATCH] x86-64: increase PHB1 split transaction timeout [PATCH] x86-64: Fix C3 timer test
-
由 Muli Ben-Yehuda 提交于
This patch increases the timeout for PCI split transactions on PHB1 on the first Calgary to work around an issue with the aic94xx adapter. Fixes kernel.org bugzilla #7180 (http://bugzilla.kernel.org/show_bug.cgi?id=7180) Based on excellent debugging and a patch by Darrick J. Wong <djwong@us.ibm.com> Signed-off-by: NMuli Ben-Yehuda <muli@il.ibm.com> Signed-off-by: NJon Mason <jdmason@kudzu.us> Signed-off-by: NAndi Kleen <ak@suse.de> Acked-by: NDarrick J. Wong <djwong@us.ibm.com>
-