Commit: f56983ef991e770274d482e3a78afc95395fea36 Author: Adrian Bunk Wed, 13 Dec 2006 18:15:47 +0100 Linux 2.6.16.36 Commit: 567e8e5877cca560de6f514498e9b1206853f021 Author: Adrian Bunk Sat, 09 Dec 2006 16:23:02 +0100 Linux 2.6.16.36-rc1 Commit: 40618f2d7dd3a6cfd21da9c4023d0fec5d3940f2 Author: Chuck Ebbert <76306.1226@compuserve.com> Sat, 09 Dec 2006 16:21:59 +0100 binfmt_elf: fix checks for bad address Fix check for bad address; use macro instead of open-coding two checks. Taken from RHEL4 kernel update. From: Ernie Petrides For background, the BAD_ADDR() macro should return TRUE if the address is TASK_SIZE, because that's the lowest address that is *not* valid for user-space mappings. The macro was correct in binfmt_aout.c but was wrong for the "equal to" case in binfmt_elf.c. There were two in-line validations of user-space addresses in binfmt_elf.c, which have been appropriately converted to use the corrected BAD_ADDR() macro in the patch you posted yesterday. Note that the size checks against TASK_SIZE are okay as coded. The additional changes that I propose are below. These are in the error paths for bad ELF entry addresses once load_elf_binary() has already committed to exec'ing the new image (following the tearing down of the task's original address space). The 1st hunk deals with the interp-side of the outer "if". There were two problems here. The printk() should be removed because this path can be triggered at will by a bogus interpreter image created and used by a malicious user. Further, the error code should not be ENOEXEC, because that causes the loop in search_binary_handler() to continue trying other exec handlers (twice, in fact). But it's too late for this to work correctly, because the user address space has already been torn down, and an exec() failure cannot be returned to the user code because the code no longer exists. The only recovery is to force a SIGSEGV, but it's best to terminate the search loop immediately. I somewhat arbitrarily chose EINVAL as a fallback error code, but any error returned by load_elf_interp() will override that (but this value will never be seen by user-space). The 2nd hunk deals with the non-interp-side of the outer "if". There were two problems here as well. The SIGSEGV needs to be forced, because a prior sigaction() syscall might have set the associated disposition to SIG_IGN. And the ENOEXEC should be changed to EINVAL as described above. Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Adrian Bunk Commit: 888d358eba2a74e6b70ce1b45d21a46c4a86bf41 Author: David S. Miller Sat, 09 Dec 2006 16:16:56 +0100 [IPSEC]: Fix inetpeer leak in ipv4 xfrm dst entries. We grab a reference to the route's inetpeer entry but forget to release it in xfrm4_dst_destroy(). Bug discovered by Kazunori MIYAZAWA Signed-off-by: David S. Miller Signed-off-by: Adrian Bunk Commit: 6a24340c98293f34d0b86310239066f4ed2af9fa Author: Patrick McHardy Sat, 09 Dec 2006 16:14:39 +0100 [XFRM]: Use output device disable_xfrm for forwarded packets Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Adrian Bunk Commit: dcb1715778026c4aec20d186dc794245d9a1f5de Author: Adrian Bunk Fri, 08 Dec 2006 17:00:35 +0100 revert the quirk_via_irq changes This patch reverts the quirk_via_irq changes in 2.6.16.17 that caused regressions for several people. Signed-off-by: Adrian Bunk Commit: 8b05b9a6318222fe783f322fb05a3261e7d9fe56 Author: Daniel Ritz Wed, 06 Dec 2006 20:36:32 +0100 PCI: add ICH7/8 ACPI/GPIO io resource quirks Signed-off-by: Daniel Ritz Signed-off-by: Adrian Bunk Commit: e5c8b1b830b76aadb9b9342d5c9b854dd4396f5b Author: Daniel Ritz Wed, 06 Dec 2006 20:19:36 +0100 PCI: fix ICH6 quirks - add the ICH6(R) LPC to the ICH6 ACPI quirks. currently only the ICH6-M is handled. [ PCI_DEVICE_ID_INTEL_ICH6_1 is the ICH6-M LPC, ICH6_0 is the ICH6(R) ] Signed-off-by: Daniel Ritz Signed-off-by: Adrian Bunk Commit: 197ee54e2400c6f891e28fbfcd014d456c1ac519 Author: Jean Delvare Wed, 06 Dec 2006 20:18:09 +0100 PCI: Unhide the SMBus on Asus PU-DLS Unhide the SMBus controller on the Asus PU-DLS board. This fixes bug #6763. Signed-off-by: Jean Delvare Signed-off-by: Adrian Bunk Commit: b7bdeae0e1679d8b70168d52d932092ae5ae0278 Author: Bjorn Helgaas Wed, 06 Dec 2006 20:17:30 +0100 PCI: quirk to disable e100 interrupt if RESET failed to Without this quirk, e100 can be pulling on a shared interrupt line when another device (eg. USB) loads, causing the interrupt to scream and get disabled. http://bugzilla.kernel.org/show_bug.cgi?id=5918 Signed-off-by: Bjorn Helgaas Signed-off-by: Adrian Bunk Commit: 4c2c7f77e630efe988ab02f71eb2da4015a86e97 Author: Linus Torvalds Wed, 06 Dec 2006 20:16:59 +0100 Add PIIX4 APCI quirk for the 440MX chipset too This is confirmed to fix a hang due to PCI resource conflicts with setting up the Cardbus bridge on old laptops with the 440MX chipsets. Original report by Alessio Sangalli, lspci debugging help by Pekka Enberg, and trial patch suggested by Daniel Ritz: "From the docs available i would _guess_ this thing is really similar to the 82443BX/82371AB combination. at least the SMBus base address register is hidden at the very same place (32bit at 0x90 in function 3 of the "south" brigde)" The dang thing is largely undocumented, but the patch was corroborated by Asit Mallick: "I am trying to find the register information. 440MX is an integration of 440BX north-bridge without AGP and PIIX4E (82371EB). PIIX4 quirk should cover the ACPI and SMBus related I/O registers." and verified to fix the problem by Alessio. Signed-off-by: Linus Torvalds Signed-off-by: Adrian Bunk Commit: e56ab8bf713d617754a099d9a857757475da51d8 Author: Brice Goglin Wed, 06 Dec 2006 20:15:55 +0100 PCI: nVidia quirk to make AER PCI-E extended capability visible The nVidia CK804 PCI-E chipset supports the AER extended capability but sometimes fails to link it (with some BIOS or after a warm reboot). It makes the AER cap invisible to pci_find_ext_capability(). The patch adds a quirk to set the missing bit that controls the linking of the capability. By the way, it removes the corresponding code in the myri10ge driver. Signed-off-by: Brice Goglin Signed-off-by: Adrian Bunk Commit: db52d091160727ad1705cff82b6f5187ceb8fce0 Author: John W. Linville Wed, 06 Dec 2006 19:06:04 +0100 pci_ids.h: correct naming of 1022:7450 (AMD 8131 Bridge) The naming of the constant defined for PCI ID 1022:7450 does not seem to match the information at http://pciids.sourceforge.net/: http://pci-ids.ucw.cz/iii/?i=1022 There 1022:7450 is listed as "AMD-8131 PCI-X Bridge" while 1022:7451 is listed as "AMD-8131 PCI-X IOAPIC". Yet, the current definition for 0x7450 is PCI_DEVICE_ID_AMD_8131_APIC. It seems to me like that name should map to 0x7451, while a name like PCI_DEVICE_ID_AMD_8131_BRIDGE should map to 0x7450. Signed-off-by: John W. Linville Signed-off-by: Adrian Bunk Commit: 4a740b27e8af5c858940a71a31d11e0e81191f8c Author: Ralf Baechle Wed, 06 Dec 2006 18:49:53 +0100 Fix mempolicy.h build error uses struct mm_struct and relies on a definition or declaration somehow magically being dragged in which may result in a build: CC mm/mempolicy.o In file included from mm/mempolicy.c:69: include/linux/mempolicy.h:150: warning: 'struct mm_struct' declared inside parameter list include/linux/mempolicy.h:150: warning: its scope is only this definition or declaration, which is probably not what you want include/linux/mempolicy.h:174: warning: 'struct mm_struct' declared inside parameter list mm/mempolicy.c:673: error: conflicting types for 'do_migrate_pages' include/linux/mempolicy.h:174: error: previous declaration of 'do_migrate_pages' was here mm/mempolicy.c:1696: error: conflicting types for 'mpol_rebind_mm' include/linux/mempolicy.h:150: error: previous declaration of 'mpol_rebind_mm' was here make[1]: *** [mm/mempolicy.o] Error 1 make: *** [mm] Error 2 $ Including is a step into direction of include hell so fixed by adding a forward declaration of struct mm_struct instead. Signed-off-by: Ralf Baechle Signed-off-by: Adrian Bunk