linux-toradex.git/drivers, branch v2.6.23.15 Linux kernel for Apalis and Colibri modules PCI: Fix fakephp deadlock 2008-02-08T20:01:52+00:00 Ian Abbott abbotti@mev.co.uk 2008-02-04T13:52:38+00:00 f70995b2044350bd966a32ecf43164c204293689 This patch works around a problem in the fakephp driver when a process writing "0" to a "power" sysfs file to fake removal of a PCI device ends up deadlocking itself in the sysfs code. The patch is functionally identical to the one in Linus' tree post 2.6.24: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff I have tested it on a 2.6.23 kernel. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This patch works around a problem in the fakephp driver when a process
writing "0" to a "power" sysfs file to fake removal of a PCI device ends
up deadlocking itself in the sysfs code.

The patch is functionally identical to the one in Linus' tree post 2.6.24:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff

I have tested it on a 2.6.23 kernel.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
ACPI: sync blacklist w/ latest 2008-02-08T20:01:51+00:00 Len Brown len.brown@intel.com 2008-02-04T05:38:13+00:00 a1959dbf34a76f7c21f4d5c842af8dd376a904a8 This patch is appropriate for supporting a 2.6.23-based products. Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This patch is appropriate for supporting a 2.6.23-based products.

Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
atl1: fix frame length bug 2008-02-08T20:01:50+00:00 Jay Cliburn jacliburn@bellsouth.net 2008-01-31T02:11:08+00:00 d57625ca789cdddf99b5f6540722dc9b77ce9845 Upstream commit: 2a49128f0a6edee337174ea341c1d6d7565be350 The driver sets up the hardware to accept a frame with max length equal to MTU + Ethernet header + FCS + VLAN tag, but we neglect to add the VLAN tag size to the ingress buffer. When a VLAN-tagged frame arrives, the hardware passes it, but bad things happen because the buffer is too small. This patch fixes that. Thanks to David Harris for reporting the bug and testing the fix. Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net> Tested-by: David Harris <david.harris@cpni-inc.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Upstream commit: 2a49128f0a6edee337174ea341c1d6d7565be350

The driver sets up the hardware to accept a frame with max length
equal to MTU + Ethernet header + FCS + VLAN tag, but we neglect to
add the VLAN tag size to the ingress buffer.  When a VLAN-tagged
frame arrives, the hardware passes it, but bad things happen
because the buffer is too small.  This patch fixes that.

Thanks to David Harris for reporting the bug and testing the fix.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Tested-by: David Harris <david.harris@cpni-inc.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
forcedeth: mac address mcp77/79 2008-02-08T20:01:50+00:00 Ayaz Abdulla aabdulla@nvidia.com 2008-01-28T15:24:40+00:00 e04f1635f373f638b5f96e2b1a85f11408cc7bec patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline. This patch is a critical fix for MCP77 and MCP79 devices. The feature flags were missing the define for correct mac address (DEV_HAS_CORRECT_MACADDR). Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline.

This patch is a critical fix for MCP77 and MCP79 devices. The feature
flags were missing the define for correct mac address
(DEV_HAS_CORRECT_MACADDR).

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fix oops on rmmod capidrv 2008-02-08T20:01:48+00:00 Karsten Keil kkeil@suse.de 2008-01-25T12:42:23+00:00 0bf056904b95fa555c36eb0cfbcee9c015747f59 patch eb36f4fc019835cecf0788907f6cab774508087b in mainline. Fix overwriting the stack with the version string (it is currently 10 bytes + zero) when unloading the capidrv module. Safeguard against overwriting it should the version string grow in the future. Should fix Kernel Bug Tracker Bug 9696. Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch eb36f4fc019835cecf0788907f6cab774508087b in mainline.

Fix overwriting the stack with the version string
(it is currently 10 bytes + zero) when unloading the
capidrv module. Safeguard against overwriting it
should the version string grow in the future.

Should fix Kernel Bug Tracker Bug 9696.

Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
libata: port and host should be stopped before hardware resources are released 2008-02-08T20:01:47+00:00 Tejun Heo htejun@gmail.com 2008-01-18T12:52:50+00:00 236dd7e3143e79b216e9f51e2488f9e3a60b4161 This is backport of 32ebbc0c0d5d18c0135b55d1eb0029f48c54aff0 and fixes oops on driver module unload. Port / host stop calls used to be made from ata_host_release() which is called after all hardware resources acquired after host allocation are released. This is wrong as port and host stop routines often access the hardware. Add separate devres for port / host stop which is invoked right after IRQ is released but with all other hardware resources intact. The devres is added iff ->host_stop and/or ->port_stop exist. This problem has been spotted by Mark Lord. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Mark Lord <liml@rtr.ca> Signed-off-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This is backport of 32ebbc0c0d5d18c0135b55d1eb0029f48c54aff0 and fixes
oops on driver module unload.

Port / host stop calls used to be made from ata_host_release() which
is called after all hardware resources acquired after host allocation
are released.  This is wrong as port and host stop routines often
access the hardware.

Add separate devres for port / host stop which is invoked right after
IRQ is released but with all other hardware resources intact.  The
devres is added iff ->host_stop and/or ->port_stop exist.

This problem has been spotted by Mark Lord.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
spi: omap2_mcspi PIO RX fix 2008-02-08T20:01:47+00:00 Kalle Valo kalle.valo@nokia.com 2008-01-24T22:00:40+00:00 1ce946cdae3bef836416d8ced58eab4d18c45675 patch feed9bab7b14b77be8d796bcee95e2343fb82955 in mainline. Before transmission of the last word in PIO RX_ONLY mode rx+tx mode is enabled: /* prevent last RX_ONLY read from triggering * more word i/o: switch to rx+tx */ if (c == 0 && tx == NULL) mcspi_write_cs_reg(spi, OMAP2_MCSPI_CHCONF0, l); But because c is decremented after the test, c will never be zero and rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers. Fix it by decrementing c in the beginning of the various I/O loops. Signed-off-by: Kalle Valo <kalle.valo@nokia.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch feed9bab7b14b77be8d796bcee95e2343fb82955 in mainline.

Before transmission of the last word in PIO RX_ONLY mode rx+tx mode
is enabled:

	/* prevent last RX_ONLY read from triggering
	 * more word i/o: switch to rx+tx
	 */
	if (c == 0 && tx == NULL)
		mcspi_write_cs_reg(spi,
				OMAP2_MCSPI_CHCONF0, l);

But because c is decremented after the test, c will never be zero and
rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers.

Fix it by decrementing c in the beginning of the various I/O loops.

Signed-off-by: Kalle Valo <kalle.valo@nokia.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
sata_promise: ASIC PRD table bug workaround 2008-02-08T20:01:46+00:00 Mikael Pettersson mikpe@it.uu.se 2008-01-16T09:33:00+00:00 d7dc95b98ebadd96b511ca0d1155778e16543f85 patch 03116d67e0973bb493fe9307e28973a24a272bcc in mainline. Second-generation Promise SATA controllers have an ASIC bug which can trigger if the last PRD entry is larger than 164 bytes, resulting in intermittent errors and possible data corruption. Work around this by replacing calls to ata_qc_prep() with a private version that fills the PRD, checks the size of the last entry, and if necessary splits it to avoid the bug. Also reduce sg_tablesize by 1 to accommodate the new entry. Tested on the second-generation SATA300 TX4 and SATA300 TX2plus, and the first-generation PDC20378. Thanks to Alexander Sabourenkov for verifying the bug by studying the vendor driver, and for writing the initial patch upon which this one is based. Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 03116d67e0973bb493fe9307e28973a24a272bcc in mainline.

Second-generation Promise SATA controllers have an ASIC bug
which can trigger if the last PRD entry is larger than 164 bytes,
resulting in intermittent errors and possible data corruption.

Work around this by replacing calls to ata_qc_prep() with a
private version that fills the PRD, checks the size of the
last entry, and if necessary splits it to avoid the bug.
Also reduce sg_tablesize by 1 to accommodate the new entry.

Tested on the second-generation SATA300 TX4 and SATA300 TX2plus,
and the first-generation PDC20378.

Thanks to Alexander Sabourenkov for verifying the bug by
studying the vendor driver, and for writing the initial patch
upon which this one is based.

Signed-off-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) 2008-02-08T20:01:45+00:00 Nick Piggin npiggin@suse.de 2008-02-02T02:08:53+00:00 d4dd8e3a7287146e479c77e0456eaa315875972a Drivers that register a ->fault handler, but do not range-check the offset argument, must set VM_DONTEXPAND in the vm_flags in order to prevent an expanding mremap from overflowing the resource. I've audited the tree and attempted to fix these problems (usually by adding VM_DONTEXPAND where it is not obvious). Signed-off-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Drivers that register a ->fault handler, but do not range-check the
offset argument, must set VM_DONTEXPAND in the vm_flags in order to
prevent an expanding mremap from overflowing the resource.

I've audited the tree and attempted to fix these problems (usually by
adding VM_DONTEXPAND where it is not obvious).

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
md: fix data corruption when a degraded raid5 array is reshaped 2008-02-08T20:01:44+00:00 Dan Williams dan.j.williams@intel.com 2008-01-08T23:32:53+00:00 7b21cc0a0e0787b428948873f5b7d3f67e938ef2 patch 0f94e87cdeaaac9f0f9a28a5dd2a5070b87cd3e8 in mainline. We currently do not wait for the block from the missing device to be computed from parity before copying data to the new stripe layout. The change in the raid6 code is not techincally needed as we don't delay data block recovery in the same way for raid6 yet. But making the change now is safer long-term. This bug exists in 2.6.23 and 2.6.24-rc Signed-off-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 0f94e87cdeaaac9f0f9a28a5dd2a5070b87cd3e8 in mainline.

We currently do not wait for the block from the missing device to be
computed from parity before copying data to the new stripe layout.

The change in the raid6 code is not techincally needed as we don't delay
data block recovery in the same way for raid6 yet.  But making the change
now is safer long-term.

This bug exists in 2.6.23 and 2.6.24-rc

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>