Linux Kernel Documents

Fork

• linux-2.6
• linux-2.4.36

[PATCH] lvm: update to latest fixes from the LVM package

greg@enjellic.com suggested to apply the recommended patches from
the LVM package, as every LVM user will have to generate them and
apply them anyway. Heinz Mauelshagen agreed, except for the list_del
chunk in the snapshot code which was identified as responsible for
oopses encountered in RHEL3.

Now with this patch in 2.4, it should be safe(r) to not apply the
LVM patches anymore.

[BACKPORT] Bluetooth: Fix unintentional fall-through in HCI line discipline

Backport from this 2.6 patch :

A trivial fix to (what looks like) an unintentional fall-through in the
HCI line discipline.

Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[BACKPORT] Bluetooth: Fix NULL pointer dereference in HCI line discipline

Backport from this 2.6 patch :

Normally a serial Bluetooth device is opened, TIOSETD'ed to N_HCI line
discipline, HCIUARTSETPROTO'ed and finally closed. In case the device
fails to HCIUARTSETPROTO, closing it produces a NULL pointer dereference.

Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[PATCH] Bluetooth: correct fix for CVE-2007-1353

Marcel Holtmann notified me that my previous fix for CVE-2007-1353
was wrong because of a stupid memcpy() with unchecked length, which
indeed made it worse than the original bug. Next time I'll be more
careful with copy-pasting !

[PATCH] do not mark init_idle() __init

Zbigniew Baniewski reported a panic at boot when using
CONFIG_BLK_DEV_IDEDISK=m. The code crashed when calling init_idle().

PaX Team brought to my attention that init_idle() is marked __init,
and is called from cpu_idle() (which is not) itself called from
rest_init() (which is not either), on top of which there is a big
shiny comment :

* We need to finalize in a non-__init function or else race conditions
* between the root thread and the init thread may cause start_kernel to
* be reaped by free_initmem before the root thread has proceeded to
* cpu_idle.

Indeed. Simply removing __init from init_idle fixed the panic.

[PATCH 2.4.35-pre4] fix 'pc_keyb: controller jammed (0xA7)' error on systems with KVM

Ive had a few requests for this patch, so Im posting it against
linux-2.4.35-pre4 kernel.

Various hardware (IBM BladeCenter, Sun Fire servers, and many other
bladeserver systems)
have an integrated KVM or console switch. The keyboard type on these
systems is often USB,
and the hardware usually does not have a legacy PS/2 console keyboard.
The 2.4 kernel always tries to
initialize the keyboard controller by default, and on systems without
such a keyboard present
at boot you get the following errors spewed to the logs:

Jun 3 10:21:06 sbknpwaq3 kernel: pc_keyb: controller jammed (0xA7).
Jun 3 10:21:08 sbknpwaq3 last message repeated 249 times
Jun 3 10:21:08 sbknpwaq3 kernel: Keyboard timed out[1]
Jun 3 10:21:08 sbknpwaq3 kernel: pc_keyb: controller jammed (0xA7).
Jun 3 10:21:08 sbknpwaq3 last message repeated 249 times
Jun 3 10:21:08 sbknpwaq3 kernel: Keyboard timed out[1]

This patch allows the kernel to skip the keyboard controller init so the
kernel does not try to initialize, fail
and spew errors when no keyboard is attached. This can also be used for
various systems without a traditional
console keyboard present at boot (includes USB or IrDA keyboard too and
systems connected to KVM's).
Ive provided the dmi_scan magic in this parch for the IBM BladeCenter,
but on other hardware, use the "nokeyb"
kernel-param at boot to skip the initialization.

Tested on IBM BladeCenter, and Sun Fire.

Signed-off-by: Brian Maly <bmaly@redhat>

Regards, Brian

Documentation/kernel-parameters.txt | 4 ++++
arch/i386/kernel/dmi_scan.c | 24 ++++++++++++++++++++++++
drivers/char/pc_keyb.c | 15 +++++++++++----
3 files changed, 39 insertions(+), 4 deletions(-)

Change VERSION to 2.4.35-pre4

- recent patch to fib_semantics broke build

[PATCH] recent patch to fib_semantics broke build

Fix label name.

Change VERSION to v2.4.35-pre3

- init/main.c: remove comment that gcc 4 was not supported
- Linux 2.4.x MTD CFI P30/P33 support
- 2.6 backport of Watchdog wdt83627 (Winbond W83627HF/F/HG/G) driver
- Watchdog w83977ef (Winbond W83977EF) driver
- [DECNet] fib: Fix out of bound access of dn_fib_props[]
- [IPv4] fib: Fix out of bound access of fib_props[]
- [PPP]: Don't leak an sk_buff on interface destruction.
- Fix TCP receiver side SWS handling
- [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)

[PATCH] Watchdog w83977ef (Winbond W83977EF) driver

This driver has been derived from Netwinder's in order not to
modify it. Tested and working on AAEON GENE-6310B Subcompact
Board (also configured for same by default, should work elsewhere)
patch is against kernel 2.4.34.2

Changes/Features:

- Added ioctl support
- Disables watchdog on driver load
- Supports timeout in seconds
- Timeout defaults to 2 minutes
- No longer under NetWinder arch
- Configurable output GP (defaults to GP16)
- Configurable base IO address
- Non standard read only proc interface for status (/proc/watchdog)

Caveats:

- Only tested with GP16
- Utterly ignores inability to get its IO port, mostly because it's
already taken. I didn't know a way around that.
- release_region is called regardless of having acquired the region,
this might be trouble.

[PATCH] 2.6 backport of Watchdog wdt83627 (Winbond W83627HF/F/HG/G) driver

Tested and working on Kontron JREX-PM.
Fairly straightforward backport of w83627hf_wdt.c from 2.6.20.1

Changes from 2.6 version
- Default timeout set to 120 seconds
- Nonstandard read only proc interface (/proc/watchdog)
- Always reset timer on driver load
- Changed timeout limit to 255
- Ignores failure to acquire IO port

Caveats:
- Ignores failure to acquire IO port since it is always taken, there's
probably a better way around that.
- Releases IO port regardless of having acquired it.

[Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)

Problem reported by Ilja van Sprundel. Assigned CVE-2007-1353.
Fix below from Marcel Holtmann, backported to 2.4.

The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[PATCH] Fix TCP receiver side SWS handling

Problem reported, analyzed and initially fixed by Alex Sidorenko.
Definitive fix by John Heffner, confirmed by Alex.

Analysis below :

this is a rare corner case met by one of HP partners on 2.4.20 on IA64.
Inspecting the sources of the latest 2.6.20.1 (net/ipv4/tcp_output.c) we can
see that the bug is still there.

Here is a description of the bug and the suggested fix.

The problem occurs when the remote host (not necessarily Linux - in our case
it was Solaris) does not implement SWS avoidance on sender side. If Linux
connection socket has rcvbuf<mtu, we can potentially advertise small rcv_wnd
for a long time (SWS).

The problem is due to SWS avoidance as implemented in __tcp_select_window().
Everything works fine when rcvbuf > mtu. But if we use small rcvbuf (set by
SO_RCVBUF), we can go into SWS mode.

[...]

If there is no SWS avoidance on sender side, we can see Linux advertising the
same small rcv_wnd over and over again. The problem here is that we never
advertise one-half the receiver's buffer space as described e.g. in

"TCP/IP Illustrated" by Stevens (v.1, Chapter 22.3):

"The normal algorithm is for the receiver not to advertise a larger window
than it is currently advertising (which can be 0) until the window can be
increased by either one full-sized segment (i.e. the MSS being received) or by
one-half the receiver's buffer space, whichever is smaller"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The fix.
--------

We have not been able to reproduce the problem inside HP as it is unclear what
conditions are needed to bring system into SWS mode (this needs very special
event timing). HP customer was seeing it every 2-3 days while running a
custom application (Solaris<->Linux) that was running with low priority on a
busy host running other custom applications with SCHED_RR. After going into
SWS mode, his application stayed in it until restarted.

[PPP]: Don't leak an sk_buff on interface destruction.

Initial 2.6 patch :
Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Acked-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[IPv4] fib: Fix out of bound access of fib_props[]

Backported from 2.6. Bug found and fixed by Thomas Graf :

Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

[DECNet] fib: Fix out of bound access of dn_fib_props[]

Backported from 2.6. Found and fixed from Thomas Graf :

Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

Signed-off-by: Thomas Graf <tgraf@suug.ch>

[PATCH] Linux 2.4.x MTD CFI P30/P33 support

The following patch adds support of P30 and P33 NOR FLASH support in
Linux 2.4
This flash is substitution of J3 flash which is widely used it on Linux
2.4 kernels. Currently many customers wishing to substitute J3 for P3x
face issues on Linux 2.4. This patch resolves issues with P3x on all
generic Linux kernels versions since 2.4.21.

The patch just allows using minor version "4" in CFI driver. Since
differences between CFI minor version "3" and minor version "4" are
small the CFI driver is not affected by this. Patch has been verified on
Mainstone (PXA27x based) platform.

Signed-off-by: Alexey Korolev <alexey.korolev@intel.com>

[PATCH] init/main.c: remove comment that gcc 4 was not supported

When the #error was removed, the comment was forgotten.

Signed-off-by: Adrian Bunk <bunk@stusta.de>

Change VERSION to v2.4.35-pre2

- fix channel balance on TV cards with LG head
- fix build of serial with DEBUG enabled
- usb-storage: backport unusual_devs from 2.6.20
- usb-storage: HP-FDC-GOLD need US_FL_SINGLE_LUN
- make it possible to compile x86_64 without VT support
- add nforce-MCP55 chipset ID
- restore ability to set disk geometry on command line
- parenthesis fixes
- usb 2.4: Support high-speed HID
- IPV6: ipv6_fl_socklist is inadvertently shared.

[PATCH] IPV6: ipv6_fl_socklist is inadvertently shared.

Backport from 2.6. Original patch from Masayuki Nakagawa, with
his description below :

"
The ipv6_fl_socklist from listening socket is inadvertently shared
with new socket created for connection. This leads to a variety of
interesting, but fatal, bugs. For example, removing one of the
sockets may lead to the other socket's encountering a page fault
when the now freed list is referenced.

The fix is to not share the flow label list with the new socket.
"

original patch:
Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] remove excess parenthesis in video/cyberfb

My previous fix was wrong, the parenthesis remained unbalanced.

[PATCH] restore ability to set disk geometry on command line

The second patch is a two-liner, which adds (restores?) the possibility to
specify your own disk geometry in the kernel command line. Default values
of 255 heads and 63 sectors can be nonoptimal, i.e. a small part of the
disk remains unused.

BTW sometimes it is desirable to set a specific geometry on small devices
such as flash disks.

[PATCH] add nforce-MCP55 chipset ID

This patch contains a backport of NFORCE-MCP55 chipset driver from 2.6.
In fact, the code was already there and it was sufficient to identify this
chipset.

[PATCH] make it possible to compile x86_64 without VT support

Add #ifdef CONFIG_VT where appropriate so that we can build the kernel
without VT support on x86_64.

[PATCH] fix missing parenthesis in unused macro in ip_nat_standalone

The bug found by Mariusz Kozlowski affects an unused macro. However,
I prefer to fix the macro than removing it because external patches
might be relying on it.

[PATCH] add missing parenthesis in video/cyberfb

The bug found by Mariusz Kozlowski affects an unused macro. However,
I prefer to fix the macro than removing it because external patches
might be relying on it.

[PATCH] ia64 kernel entry fix

Mariusz Kozlowski sent me this patch :
I noticed some parenthesis thing here but I'd be glad if anyone would
confirm thath the patch below is correct. This code looks magic to me ;-)

No replies. A quick look at 2.6 shows the code was fixed by removing the
excessive parenthesis and not adding any semi-colon.

Original patch sign-off :
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>

arch/ia64/kernel/entry.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

[PATCH] reiserfs parenthesis fix

Hello,

This patch fixes parenthesis in B_PRIGHT_DELIM_KEY() macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>

include/linux/reiserfs_fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] byteorder swab parenthesis fix

Hello,

This patch fixes byteorder swab 24 macro parenthesis.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>

include/linux/byteorder/swab.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] sparc64 dma parenthesis fixes

Hello,

This patch fixes some sparc64 dma macros.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>

include/asm-sparc64/dma.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)