linux-toradex.git, branch v2.6.16.50 Linux kernel for Apalis and Colibri modules Linux 2.6.16.50 2007-05-03T21:49:52+00:00 Adrian Bunk bunk@stusta.de 2007-05-03T21:49:52+00:00 e76e407ef9ac8b94f011b42375b9105923b41dd9 






Linux 2.6.16.50-rc1
2007-05-01T03:44:08+00:00

Adrian Bunk
bunk@stusta.de

2007-05-01T03:44:08+00:00

b15ca5bcd58b4dae7c40945ae0cecbd60e4d33cf












[IPV6]: Disallow RH0 by default (CVE-2007-2242)
2007-04-30T23:31:47+00:00

Adrian Bunk
bunk@stusta.de

2007-04-30T23:31:47+00:00

5225791117b564cd8b5683cf82d9eea45b0f0d59

A security issue is emerging.  Disallow Routing Header Type 0 by default
as we have been doing for IPv4.

This version already includes a fix for the original patch.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





A security issue is emerging.  Disallow Routing Header Type 0 by default
as we have been doing for IPv4.

This version already includes a fix for the original patch.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







[NETLINK]: Infinite recursion in netlink (CVE-2007-1861)
2007-04-30T23:11:29+00:00

Adrian Bunk
bunk@stusta.de

2007-04-30T23:11:29+00:00

ca80e5b5767e8a2bf0714f9797b872258e500ee6

Reply to NETLINK_FIB_LOOKUP messages were misrouted back to kernel,
which resulted in infinite recursion and stack overflow.

The bug is present in all kernel versions since the feature appeared.

The patch also makes some minimal cleanup:

1. Return something consistent (-ENOENT) when fib table is missing
2. Do not crash when queue is empty (does not happen, but yet)
3. Put result of lookup

Sergey Vlasov:
Oops fix

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Sergey Vlasov <vsu@altlinux.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





Reply to NETLINK_FIB_LOOKUP messages were misrouted back to kernel,
which resulted in infinite recursion and stack overflow.

The bug is present in all kernel versions since the feature appeared.

The patch also makes some minimal cleanup:

1. Return something consistent (-ENOENT) when fib table is missing
2. Do not crash when queue is empty (does not happen, but yet)
3. Put result of lookup

Sergey Vlasov:
Oops fix

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Sergey Vlasov <vsu@altlinux.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







Char: icom, mark __init as __devinit
2007-04-25T23:35:22+00:00

Jiri Slaby
jirislaby@gmail.com

2007-04-25T23:35:22+00:00

0ea2b4b19d3bc0d4075a4f176a9da5797be73304

Two functions are called from __devinit context, but they are marked as
__init. Fix this.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





Two functions are called from __devinit context, but they are marked as
__init. Fix this.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







aio: remove bare user-triggerable error printk
2007-04-25T22:47:15+00:00

Zach Brown
zach.brown@oracle.com

2007-04-25T22:47:15+00:00

70272a6c174b13f764322d1ac8c43f10372f4b0c

The user can generate console output if they cause do_mmap() to fail
during sys_io_setup().  This was seen in a regression test that does
exactly that by spinning calling mmap() until it gets -ENOMEM before
calling io_setup().

We don't need this printk at all, just remove it.

Signed-off-by: Zach Brown <zach.brown@oracle.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





The user can generate console output if they cause do_mmap() to fail
during sys_io_setup().  This was seen in a regression test that does
exactly that by spinning calling mmap() until it gets -ENOMEM before
calling io_setup().

We don't need this printk at all, just remove it.

Signed-off-by: Zach Brown <zach.brown@oracle.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







mca_nmi_hook() can be called at any point
2007-04-25T22:43:52+00:00

Al Viro
viro@zeniv.linux.org.uk

2007-04-25T22:43:52+00:00

89cd6ca5a57e67604e05076203e1da12723dae12

... and having it __init is a bad idea.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





... and having it __init is a bad idea.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







IrDA: irttp_dup spin_lock initialisation
2007-04-25T19:57:52+00:00

Guennadi Liakhovetski
gl@dsa-ac.de

2007-04-25T19:57:52+00:00

d19b7b09a83e1ef419a6bbe960a39b66c1d07e80

Without this initialization one gets

kernel BUG at kernel/rtmutex_common.h:80!

Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





Without this initialization one gets

kernel BUG at kernel/rtmutex_common.h:80!

Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







IrDA: Incorrect TTP header reservation
2007-04-25T19:53:20+00:00

Jeet Chaudhuri
jeetlinux@yahoo.co.in

2007-04-25T19:53:20+00:00

15485523f2deacb7663af61538fbd786ebc1f7db

We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in.
This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size
is greater than 0.

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in.
This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size
is greater than 0.

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>







x86 microcode: don't check the size
2007-04-23T23:25:26+00:00

Shaohua Li
shaohua.li@intel.com

2007-04-23T23:25:26+00:00

fe1a5ddff7186192f9c6316798a85b3095696ea6

IA32 manual says if micorcode update's size is 0, then the size is
default size (2048 bytes). But this doesn't suggest all microcode
update's size should be above 2048 bytes to me. We actually had a
microcode update whose size is 1024 bytes. The patch just removed the
check.

Backported by Daniel Drake.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>





IA32 manual says if micorcode update's size is 0, then the size is
default size (2048 bytes). But this doesn't suggest all microcode
update's size should be above 2048 bytes to me. We actually had a
microcode update whose size is 1024 bytes. The patch just removed the
check.

Backported by Daniel Drake.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>