linux-toradex.git/drivers/char, branch v2.6.22.13 Linux kernel for Apalis and Colibri modules i915: fix vbl swap allocation size. 2007-11-02T15:44:15+00:00 Dave Airlie airlied@linux.ie 2007-10-16T00:05:49+00:00 0a0225bae6d086e1ffa8a5aa3bf265ec83b57c34 This is upstream as 54583bf4efda79388fc13163e35c016c8bc5de81 Oops... Signed-off-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This is upstream as 54583bf4efda79388fc13163e35c016c8bc5de81

Oops...

Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fix TCP initial sequence number selection. 2007-11-02T15:44:11+00:00 Eric Dumazet dada1@cosmosbay.com 2007-10-10T10:28:33+00:00 dec0da2c0b439daf394957660e62824987f9b021 changeset 162f6690a65075b49f242d3c8cdb5caaa959a060 in mainline. TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock. In order to follow network speed increase, we can use a faster clock, but we should limit this clock so that the delay between two rollovers is greater than MSL (TCP Maximum Segment Lifetime : 2 minutes) Choosing a 64 nsec clock should be OK, since the rollovers occur every 274 seconds. Problem spotted by Denys Fedoryshchenko [ This bug was introduced by f85958151900f9d30fa5ff941b0ce71eaa45a7de ] Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
changeset 162f6690a65075b49f242d3c8cdb5caaa959a060 in mainline.

TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock.
In order to follow network speed increase, we can use a faster clock, but
we should limit this clock so that the delay between two rollovers is
greater than MSL (TCP Maximum Segment Lifetime : 2 minutes)

Choosing a 64 nsec clock should be OK, since the rollovers occur every
274 seconds.

Problem spotted by Denys Fedoryshchenko

[ This bug was introduced by f85958151900f9d30fa5ff941b0ce71eaa45a7de ]

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
random: fix bound check ordering (CVE-2007-3105) 2007-08-15T16:25:09+00:00 Matt Mackall mpm@selenic.com 2007-07-16T00:10:14+00:00 c712842ef701361ed3ee0f50f15797d7369b6628 If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
sx: switch subven and subid values 2007-08-09T21:27:47+00:00 Jiri Slaby jirislaby@gmail.com 2007-07-11T00:22:25+00:00 e9a96a1885017b4af9b74b40a0fbe9c721bc420b sx.c is failing to locate Graham's card. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Graham Murray <gmurray@webwayone.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
sx.c is failing to locate Graham's card.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Graham Murray <gmurray@webwayone.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drm/i915: Fix i965 secured batchbuffer usage (CVE-2007-3851) 2007-08-09T21:27:32+00:00 Dave Airlie airlied@redhat.com 2007-08-06T23:09:51+00:00 397f3076fdeb9f71d67c6376b8366dfddeaae4ed This 965G and above chipsets moved the batch buffer non-secure bits to another place. This means that previous drm's allowed in-secure batchbuffers to be submitted to the hardware from non-privileged users who are logged into X and and have access to direct rendering. Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This 965G and above chipsets moved the batch buffer non-secure bits to
another place. This means that previous drm's allowed in-secure batchbuffers
to be submitted to the hardware from non-privileged users who are logged
into X and and have access to direct rendering.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Add support SiS based XGI chips to SiS DRM. 2007-06-27T16:54:49+00:00 Ian Romanick idr@us.ibm.com 2007-06-26T20:38:00+00:00 ad5c980fdef0f339eb7c5888525acf9ce33855ec This adds support for some of the XGI Volari family that are based on the SiS. Signed-off-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This adds support for some of the XGI Volari family that are based on the
SiS.

Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Char: stallion, fix oops during init with ISA cards 2007-06-24T15:59:11+00:00 Ingo Korb ml@akana.de 2007-06-24T00:16:35+00:00 b08b5ad9473a972fdd5d739080d24a84b23525ac The stallion driver oopses while initializing ISA cards due to an uninitialized variable. This patch changes the initialisation order to match the PCI code path. Signed-off-by: Ingo Korb <ml@akana.de> Acked-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The stallion driver oopses while initializing ISA cards due to an
uninitialized variable.  This patch changes the initialisation order to
match the PCI code path.

Signed-off-by: Ingo Korb <ml@akana.de>
Acked-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
console UTF-8 fixes (fix) 2007-06-24T15:59:10+00:00 Egmont Koblinger egmont@uhulinux.hu 2007-06-24T00:16:27+00:00 1ed8a2b3c501bedd4b35130c8a52662ccf78abad Recently my console UTF-8 patch went mainline. Here is an additional patch that fixes two nasty issues and improves a third one, namely: 1. My patch changed the behavior if a glyph is not found in the Unicode mapping table. Previously for Unicode values less than 256 or 512 the kernel tried to display the glyph from that position of the glyph table, which could lead to a different accented letter being displayed. I removed this fallback possibility and changed it to display the replacement symbol. As Behdad pointed out, some fonts (e.g. sun12x22 from the kbd package) lack Unicode mapping information, hence all you get is lots of question marks. Though theoretically it's actually a user-space bug (the font should be fixed), Behdad and I both believe that it'd be good to work around in the kernel by re-introducing the fallback solution for ASCII characters only. This sounds a quite reasonable decision, since all fonts ship the ASCII characters in the first 128 positions. This way users won't be surprised by lots of question marks just because s/he issued a not-so-perfectly parameterized setfont command. As this fallback is only re-introduced for code points below 128, you still won't see an accented letter replaced by another, but at least you'll always get the English letters right. 2. My patch introduced "question mark with inverted color attributes" as a last resort fallback glyph. Though it perfectly works on VGA console, on framebuffer you may end up with question marks that are highlighed but shouldn't be, and normal characters that are accidentally highlighed. This is caused by missing FLUSHes when changing the color attribute. 3. I've updated the table of double-width character based on Markus's updated version. Only ten new code poings (one interval) is added. Signed-off-by: Egmont Koblinger <egmont@uhulinux.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Recently my console UTF-8 patch went mainline.  Here is an additional patch
that fixes two nasty issues and improves a third one, namely:

1. My patch changed the behavior if a glyph is not found in the Unicode
   mapping table. Previously for Unicode values less than 256 or 512 the
   kernel tried to display the glyph from that position of the glyph table,
   which could lead to a different accented letter being displayed. I
   removed this fallback possibility and changed it to display the
   replacement symbol.

   As Behdad pointed out, some fonts (e.g. sun12x22 from the kbd package)
   lack Unicode mapping information, hence all you get is lots of question
   marks. Though theoretically it's actually a user-space bug (the font
   should be fixed), Behdad and I both believe that it'd be good to work
   around in the kernel by re-introducing the fallback solution for ASCII
   characters only. This sounds a quite reasonable decision, since all fonts
   ship the ASCII characters in the first 128 positions. This way users
   won't be surprised by lots of question marks just because s/he issued a
   not-so-perfectly parameterized setfont command. As this fallback is only
   re-introduced for code points below 128, you still won't see an accented
   letter replaced by another, but at least you'll always get the English
   letters right.

2. My patch introduced "question mark with inverted color attributes" as a
   last resort fallback glyph. Though it perfectly works on VGA console, on
   framebuffer you may end up with question marks that are highlighed but
   shouldn't be, and normal characters that are accidentally highlighed.
   This is caused by missing FLUSHes when changing the color attribute.

3. I've updated the table of double-width character based on Markus's
   updated version. Only ten new code poings (one interval) is added.

Signed-off-by: Egmont Koblinger <egmont@uhulinux.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[AGPGART] intel_agp: don't load if no IGD and AGP port 2007-06-21T16:49:11+00:00 Wang Zhenyu zhenyu.z.wang@intel.com 2007-06-21T05:43:18+00:00 47d46379eb66278107947729e34a833c76dca252 After i915 chip, GMCH has no AGP port. Origin bridge driver in device table will try to access illegal regs like APBASE, APSIZE, etc. This may cause problem. So mark them as NULL in the table, we won't load if no IGD got detect and bridge has no AGP port. Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com> Signed-off-by: Dave Jones <davej@redhat.com> 
After i915 chip, GMCH has no AGP port. Origin bridge driver in device
table will try to access illegal regs like APBASE, APSIZE, etc. This
may cause problem.

So mark them as NULL in the table, we won't load if no IGD got detect
and bridge has no AGP port.

Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
random: fix output buffer folding 2007-06-16T20:16:16+00:00 Matt Mackall mpm@selenic.com 2007-06-16T17:16:11+00:00 679ce0ace6b1a07043bc3b405a34ddccad808886 (As reported by linux@horizon.com) Folding is done to minimize the theoretical possibility of systematic weakness in the particular bits of the SHA1 hash output. The result of this bug is that 16 out of 80 bits are un-folded. Without a major new vulnerability being found in SHA1, this is harmless, but still worth fixing. Signed-off-by: Matt Mackall <mpm@selenic.com> Cc: <linux@horizon.com> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
(As reported by linux@horizon.com)

Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output.  The result of
this bug is that 16 out of 80 bits are un-folded.  Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>