Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.22.y 2008-02-25T23:59:19+00:00 2008-02-25T23:59:19+00:00 Kees Cook kees@ubuntu.com 2008-02-07T20:03:26+00:00 urn:sha1:366f6bc3be23358dd9796129373eeebfeffb79e1 mainline: 248bdd5efca5a113cbf443a993c69e53d370236b Fix a couple drivers that do not correctly terminate their pci_device_id lists. This results in garbage being spewed into modules.pcimap when the module happens to not have 28 NULL bytes following the table, and/or the last PCI ID is actually truncated from the table when calculating the modules.alias PCI aliases, cause those unfortunate device IDs to not auto-load. Signed-off-by: Kees Cook <kees@ubuntu.com> Acked-by: Corey Minyard <minyard@acm.org> Cc: David Woodhouse <dwmw2@infradead.org> Acked-by: Jeff Garzik <jeff@garzik.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Jeff Mahoney <jeffm@suse.com> CC: Oliver Pinter <oliver.pntr@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2008-02-25T23:59:19+00:00 Wang Zhenyu zhenyu.z.wang@intel.com 2008-02-07T20:03:21+00:00 urn:sha1:03f75e32447ea0de96cdb18e9a4383af39ae1b14 mainline: dde4787642ee3cb85aef80bdade04b6f8ddc3df8 Fix some missing places to check with device id info, which should probe the device gart correctly. Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Acked-by: Takashi Iwai <tiwai@suse.de> CC: Oliver Pinter <oliver.pntr@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2008-02-06T19:43:46+00:00 Nick Piggin npiggin@suse.de 2008-02-02T02:08:53+00:00 urn:sha1:83af8eda68a3f0c227d0eb05348e58ae27a62e7e Drivers that register a ->fault handler, but do not range-check the offset argument, must set VM_DONTEXPAND in the vm_flags in order to prevent an expanding mremap from overflowing the resource. I've audited the tree and attempted to fix these problems (usually by adding VM_DONTEXPAND where it is not obvious). Signed-off-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-11-02T15:44:15+00:00 Dave Airlie airlied@linux.ie 2007-10-16T00:05:49+00:00 urn:sha1:0a0225bae6d086e1ffa8a5aa3bf265ec83b57c34 This is upstream as 54583bf4efda79388fc13163e35c016c8bc5de81 Oops... Signed-off-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-11-02T15:44:11+00:00 Eric Dumazet dada1@cosmosbay.com 2007-10-10T10:28:33+00:00 urn:sha1:dec0da2c0b439daf394957660e62824987f9b021 changeset 162f6690a65075b49f242d3c8cdb5caaa959a060 in mainline. TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock. In order to follow network speed increase, we can use a faster clock, but we should limit this clock so that the delay between two rollovers is greater than MSL (TCP Maximum Segment Lifetime : 2 minutes) Choosing a 64 nsec clock should be OK, since the rollovers occur every 274 seconds. Problem spotted by Denys Fedoryshchenko [ This bug was introduced by f85958151900f9d30fa5ff941b0ce71eaa45a7de ] Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-08-15T16:25:09+00:00 Matt Mackall mpm@selenic.com 2007-07-16T00:10:14+00:00 urn:sha1:c712842ef701361ed3ee0f50f15797d7369b6628 If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-08-09T21:27:47+00:00 Jiri Slaby jirislaby@gmail.com 2007-07-11T00:22:25+00:00 urn:sha1:e9a96a1885017b4af9b74b40a0fbe9c721bc420b sx.c is failing to locate Graham's card. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Graham Murray <gmurray@webwayone.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-08-09T21:27:32+00:00 Dave Airlie airlied@redhat.com 2007-08-06T23:09:51+00:00 urn:sha1:397f3076fdeb9f71d67c6376b8366dfddeaae4ed This 965G and above chipsets moved the batch buffer non-secure bits to another place. This means that previous drm's allowed in-secure batchbuffers to be submitted to the hardware from non-privileged users who are logged into X and and have access to direct rendering. Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-06-27T16:54:49+00:00 Ian Romanick idr@us.ibm.com 2007-06-26T20:38:00+00:00 urn:sha1:ad5c980fdef0f339eb7c5888525acf9ce33855ec This adds support for some of the XGI Volari family that are based on the SiS. Signed-off-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-06-24T15:59:11+00:00 Ingo Korb ml@akana.de 2007-06-24T00:16:35+00:00 urn:sha1:b08b5ad9473a972fdd5d739080d24a84b23525ac The stallion driver oopses while initializing ISA cards due to an uninitialized variable. This patch changes the initialisation order to match the PCI code path. Signed-off-by: Ingo Korb <ml@akana.de> Acked-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>