linux-toradex.git, branch v2.6.32.17

Linux 2.6.32.17

2010-08-02T17:24:59+00:00

V4L/DVB (13830): uvcvideo: add another YUYV format GUID for iSight cameras

2010-08-02T17:21:30+00:00

commit 68f194e027ecfbbc8d5515bc40787e542eed59e9 upstream.

For some unknown reason, on a MacBookPro5,3 the iSight sometimes report
a different video format GUID. This patch add the other (wrong) GUID to
the format table, making the iSight work always w/o other problems.

What it should report: 32595559-0000-0010-8000-00aa00389b71
What it often reports: 32595559-0000-0010-8000-000000389b71

Signed-off-by: Daniel Ritz 
Signed-off-by: Laurent Pinchart 
Signed-off-by: Mauro Carvalho Chehab 
Cc: Leann Ogasawara 
Signed-off-by: Greg Kroah-Hartman

Input: RX51 keymap - fix recent compile breakage

2010-08-02T17:21:30+00:00

commit 2e65a2075cc740b485ab203430bdf3459d5551b6 upstream.

Commit 3fea60261e73 ("Input: twl40300-keypad - fix handling of "all
ground" rows") broke compilation as I managed to use non-existent
keycodes.

Reported-by: Arjan van de Ven 
Signed-off-by: Dmitry Torokhov 
Signed-off-by: Linus Torvalds 
Signed-off-by: Greg Kroah-Hartman

ath5k: initialize ah->ah_current_channel

2010-08-02T17:21:29+00:00

commit b6855772f4a22c4fbdd4fcaceff5c8a527035123 upstream.

ath5k assumes ah_current_channel is always a valid pointer in
several places, but a newly created interface may not have a
channel.  To avoid null pointer dereferences, set it up to point
to the first available channel until later reconfigured.

This fixes the following oops:
$ rmmod ath5k
$ insmod ath5k
$ iw phy0 set distance 11000

BUG: unable to handle kernel NULL pointer dereference at 00000006
IP: [] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/devices/pci0000:00/0000:00:0e.0/ieee80211/phy0/index
Modules linked in: usbhid option usb_storage usbserial usblp evdev lm90
scx200_acb i2c_algo_bit i2c_dev i2c_core via_rhine ohci_hcd ne2k_pci
8390 leds_alix2 xt_IMQ imq nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_cc

Pid: 1597, comm: iw Not tainted (2.6.32.14 #8)
EIP: 0060:[] EFLAGS: 00010296 CPU: 0
EIP is at ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
EAX: 000000c2 EBX: 00000000 ECX: ffffffff EDX: c12d2080
ESI: 00000019 EDI: cf8c0000 EBP: d0a30edc ESP: cfa09bf4
  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process iw (pid: 1597, ti=cfa09000 task=cf88a000 task.ti=cfa09000)
Stack:
  d0a34f35 d0a353f8 d0a30edc 000000fe cf8c0000 00000000 1900063d cfa8c9e0
<0> cfa8c9e8 cfa8c0c0 cfa8c000 d0a27f0c 199d84b4 cfa8c200 00000010 d09bfdc7
<0> 00000000 00000000 ffffffff d08e0d28 cf9263c0 00000001 cfa09cc4 00000000
Call Trace:
  [] ? ath5k_hw_attach+0xc8c/0x3c10 [ath5k]
  [] ? __ieee80211_request_smps+0x1347/0x1580 [mac80211]
  [] ? nl80211_send_scan_start+0x7b8/0x4520 [cfg80211]
  [] ? nla_parse+0x59/0xc0
  [] ? genl_rcv_msg+0x169/0x1a0
  [] ? genl_rcv_msg+0x0/0x1a0
  [] ? netlink_rcv_skb+0x38/0x90
  [] ? genl_rcv+0x19/0x30
  [] ? netlink_unicast+0x1b3/0x220
  [] ? netlink_sendmsg+0x26e/0x290
  [] ? sock_sendmsg+0xbe/0xf0
  [] ? autoremove_wake_function+0x0/0x50
  [] ? __alloc_pages_nodemask+0x106/0x530
  [] ? do_lookup+0x53/0x1b0
  [] ? __link_path_walk+0x9b9/0x9e0
  [] ? verify_iovec+0x50/0x90
  [] ? sys_sendmsg+0x1e1/0x270
  [] ? find_get_page+0x10/0x50
  [] ? filemap_fault+0x5f/0x370
  [] ? __do_fault+0x319/0x370
  [] ? sys_socketcall+0x244/0x290
  [] ? do_page_fault+0x1ec/0x270
  [] ? do_page_fault+0x0/0x270
  [] ? syscall_call+0x7/0xb
Code: 00 b8 fe 00 00 00 b9 f8 53 a3 d0 89 5c 24 14 89 7c 24 10 89 44 24
0c 89 6c 24 08 89 4c 24 04 c7 04 24 35 4f a3 d0 e8 7c 30 60 f0 <0f> b7
43 06 ba 06 00 00 00 a8 10 75 0e 83 e0 20 83 f8 01 19 d2
EIP: [] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] SS:ESP
0068:cfa09bf4
CR2: 0000000000000006
---[ end trace 54f73d6b10ceb87b ]---

Reported-by: Steve Brown 
Signed-off-by: Bob Copeland 
Signed-off-by: John W. Linville 
Signed-off-by: Greg Kroah-Hartman

ecryptfs: Bugfix for error related to ecryptfs_hash_buckets

2010-08-02T17:21:29+00:00

commit a6f80fb7b5986fda663d94079d3bba0937a6b6ff upstream.

The function ecryptfs_uid_hash wrongly assumes that the
second parameter to hash_long() is the number of hash
buckets instead of the number of hash bits.
This patch fixes that and renames the variable
ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
clearer.

Fixes: CVE-2010-2492

Signed-off-by: Andre Osterhues 
Signed-off-by: Tyler Hicks 
Signed-off-by: Linus Torvalds 
Signed-off-by: Greg Kroah-Hartman

Fix spinaphore down_spin()

2010-08-02T17:21:29+00:00

commit b70f4e85bfc4d7000036355b714a92d5c574f1be upstream.

Typo in down_spin() meant it only read the low 32 bits of the
"serve" value, instead of the full 64 bits. This results in the
system hanging when the values in ticket/serve get larger than
32-bits. A big enough system running the right test can hit this
in a just a few hours.

Broken since 883a3acf5b0d4782ac35981227a0d094e8b44850
    [IA64] Re-implement spinaphores using ticket lock concepts

Reported via IRC by Bjorn Helgaas

Signed-off-by: Tony Luck 
Signed-off-by: Greg Kroah-Hartman

eeepc-laptop: check wireless hotplug events

2010-08-02T17:21:29+00:00

commit bc9d24a3aeb1532fc3e234907a8b6d671f7ed68f upstream.

Before we mark the wireless device as unplugged, check PCI config space
to see whether the wireless device is really disabled (and vice versa).
This works around newer models which don't want the hotplug code, where
we end up disabling the wired network device.

My old 701 still works correctly with this.  I can also simulate an
afflicted model by changing the hardcoded PCI bus/slot number in the
driver, and it seems to work nicely (although it is a bit noisy).

In future this type of hotplug support will be implemented by the PCI
core.  The existing blacklist and the new warning message will be
removed at that point.

Signed-off-by: Alan Jenkins 
Signed-off-by: Corentin Chary 
Cc: Tim Gardner 
Signed-off-by: Greg Kroah-Hartman

kbuild: Fix modpost segfault

2010-08-02T17:21:29+00:00

commit 1c938663d58b5b2965976a6f54cc51b5d6f691aa upstream.

Alan  writes:

> program: /home/alan/GitTrees/linux-2.6-mid-ref/scripts/mod/modpost -o
> Module.symvers -S vmlinux.o
>
> Program received signal SIGSEGV, Segmentation fault.

It just hit me.
It's the offset calculation in reloc_location() which overflows:
        return (void *)elf->hdr + sechdrs[section].sh_offset +
               (r->r_offset - sechdrs[section].sh_addr);

E.g. for the first rodata r entry:
r->r_offset < sechdrs[section].sh_addr
and the expression in the parenthesis produces 0xFFFFFFE0 or something
equally wise.

Reported-by: Alan 
Signed-off-by: Krzysztof Hałasa 
Tested-by: Alan 
Signed-off-by: Michal Marek 
Signed-off-by: Greg Kroah-Hartman

iwlagn: verify flow id in compressed BA packet

2010-08-02T17:21:28+00:00

commit b561e8274f75831ee87e4ea378cbb1f9f050a51a upstream.

The flow id (scd_flow) in a compressed BA packet should match the txq_id
of the queue from which the aggregated packets were sent. However, in
some hardware like the 1000 series, sometimes the flow id is 0 for the
txq_id (10 to 19). This can cause the annoying message:
[ 2213.306191] iwlagn 0000:01:00.0: Received BA when not expected
[ 2213.310178] iwlagn 0000:01:00.0: Read index for DMA queue txq id (0),
index 5, is out of range [0-256] 7 7.

And even worse, if agg->wait_for_ba is true when the bad BA is arriving,
this can cause system hang due to NULL pointer dereference because the
code is operating in a wrong tx queue!

Signed-off-by: Shanyu Zhao 
Signed-off-by: Pradeep Kulkarni 
Signed-off-by: Reinette Chatre 
Signed-off-by: Greg Kroah-Hartman

V4L/DVB: uvcvideo: Add support for V4L2_PIX_FMT_Y16

2010-08-02T17:21:28+00:00

commit 61421206833a4085d9bdf35b2b84cd9a67dfdfac upstream.

The Miricle 307K (17dc:0202) camera reports a 16-bit greyscale format,
support it in the driver.

Signed-off-by: Laurent Pinchart 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Greg Kroah-Hartman