Commit: 09204999e7c5f83d3741f39df96dd3873f1a82f7 Author: Adrian Bunk Tue, 30 Jan 2007 21:10:08 +0100 Linux 2.6.16.39 Commit: 08ceda6f8c5d68108308cf01fc5c3ec35775baa9 Author: Adrian Bunk Fri, 26 Jan 2007 20:47:08 +0100 Linux 2.6.16.39-rc1 Commit: 7c59646310d59f004f14d7a65df7d4201d8f1d6d Author: Marcel Holtmann Thu, 25 Jan 2007 20:54:35 +0100 [Bluetooth] Fix deadlock in the L2CAP layer The Bluetooth L2CAP layer has 2 locks that are used in softirq context, (one spinlock and one rwlock, where the softirq usage is readlock) but where not all usages of the lock were _bh safe. The patch below corrects this. Signed-off-by: Arjan van de Ven Signed-off-by: Ingo Molnar Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: c2afb6058b25bc201d7ca24e2541941d09d03ae9 Author: Marcel Holtmann Thu, 25 Jan 2007 20:38:15 +0100 [Bluetooth] Add locking for bt_proto array manipulation The bt_proto array needs to be protected by some kind of locking to prevent a race condition between bt_sock_create and bt_sock_register. And in addition all calls to sk_alloc need to be made GFP_ATOMIC now. Signed-off-by: Masatake YAMATO Signed-off-by: Frederik Deweerdt Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: ac4d63dab8bb425f1ae037abf349090c12f16883 Author: Marcel Holtmann Thu, 25 Jan 2007 20:34:48 +0100 [Bluetooth] Fix compat ioctl for BNEP, CMTP and HIDP There exists no attempt do deal with the fact that a structure with a uint32_t followed by a pointer is going to be different for 32-bit and 64-bit userspace. Any 32-bit process trying to use it will be failing with -EFAULT if it's lucky; suffering from having data dumped at a random address if it's not. Signed-off-by: David Woodhouse Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: ecfad2cc55c3de17bc896816c49597cfacf2e3cf Author: Marcel Holtmann Thu, 25 Jan 2007 20:32:22 +0100 [Bluetooth] Handle command complete event for exit periodic inquiry The command complete event of the exit periodic inquiry command must clear the HCI_INQUIRY flag and finish the HCI request. Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: c850ae1c17cacc4d9dd68616635ca1af4ed6c97e Author: Marcel Holtmann Thu, 25 Jan 2007 20:29:55 +0100 [Bluetooth] Return EINPROGRESS for non-blocking socket calls In case of non-blocking socket calls we should return EINPROGRESS and not EAGAIN. Signed-off-by: Ulisses Furquim Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: 1189f487af2e660c5b4ad530eae73f69a1d54f96 Author: Adrian Bunk Fri, 26 Jan 2007 20:49:10 +0100 kbuild: explicitly turn off gcc stack-protector Ubuntu has enabled -fstack-protector per default in gcc breaking kernel build. Explicit turn it off for now. Backported based on several patches by Sam Ravnborg . Signed-off-by: Adrian Bunk Commit: a248193aae90d51be4981fec07bb97dd289bd534 Author: Marcel Holtmann Thu, 25 Jan 2007 19:40:43 +0100 [Bluetooth] Fix uninitialized return value for RFCOMM sendmsg() When calling send() with a zero length parameter on a RFCOMM socket it returns a positive value. In this rare case the variable err is used uninitialized and unfortunately its value is returned. Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: 79d1a7868cfc721a9e67248c502edaaed69b4c4a Author: Marcel Holtmann Thu, 25 Jan 2007 19:37:21 +0100 [Bluetooth] More checks if DLC is still attached to the TTY If the DLC device is no longer attached to the TTY device, then return errors or default values for various callbacks of the TTY layer. Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: d5b430696919770914e83ef8ef18047077298c7f Author: David S. Miller Thu, 25 Jan 2007 19:36:01 +0100 BLUETOOTH: Fix unaligned access in hci_send_to_sock. The "u16 *" derefs of skb->data need to be wrapped inside of a get_unaligned(). Thanks to Gustavo Zacarias for the bug report. Signed-off-by: David S. Miller Acked-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: cf4aeafe86d3cba8c96e0c093196ea3309a126f0 Author: Marcel Holtmann Thu, 25 Jan 2007 19:35:01 +0100 [Bluetooth] Check if DLC is still attached to the TTY If the DLC device is no longer attached to the TTY device, then it makes no sense to go through with changing the termios settings. Signed-off-by: Marcel Holtmann Signed-off-by: Adrian Bunk Commit: 1987ad05d5aaadd104dfe66b2caee35dc83b0b6f Author: Jan Andersson Thu, 25 Jan 2007 00:10:10 +0100 sparc32: add offset in pci_map_sg() Add sg->offset to sg->dvma_address in pci_map_sg() on sparc32. Without the offset, transfers to buffers that do not begin on a page boundary will not work as expected. Signed-off-by: Jan Andersson Acked-By: David Miller Commit: 0a55d471f11619490031ccbf834d9b9521d19681 Author: Eric Sesterhenn Thu, 25 Jan 2007 00:05:10 +0100 V4L/DVB: Missing statement in drivers/media/dvb/frontends/cx22700.c Stumbled over this because of coverity (id #492), seems like we are missing a return statement here and fail to do proper bounds checking. If this assumption is false we should at least change the identation to make it clear Signed-off-by: Eric Sesterhenn Signed-off-by: Adrian Bunk Commit: 28a25f33e5d2bfb0fd422976a1f7c9184c9ee546 Author: Alexey Dobriyan Wed, 24 Jan 2007 19:02:31 +0100 V4L/DVB: Flexcop-usb: fix debug printk .. fix debug printk. Why, oh why, one would want to do (u16 & 0xff) << 8 and print it with %02x format? Signed-off-by: Alexey Dobriyan Signed-off-by: Adrian Bunk Commit: 14c22e2cfb749a49263f5bff87616e8f7a0a0c2e Author: Andrew de Quincey Wed, 24 Jan 2007 19:00:43 +0100 V4L/DVB: Fix uninitialised variable in dvb_frontend_swzigzag Spotted by coverity/Adrian Bunk. Signed-off-by: Andrew de Quincey Signed-off-by: Adrian Bunk Commit: 99c7cf71bccc43394d3aceaf501c89a0807f244c Author: Adrian Bunk Wed, 24 Jan 2007 00:29:07 +0100 [Bluetooth] Let BT_HIDP depend on INPUT This patch lets BT_HIDP depend on instead of select INPUT. This fixes the following warning during an s390 build: net/bluetooth/hidp/Kconfig:4:warning: 'select' used by config symbol 'BT_HIDP' refer to undefined symbol 'INPUT' A dependency on INPUT also implies !S390 (and therefore makes the explicit dependency obsolete) since INPUT is not available on s390. The practical difference should be nearly zero, since INPUT is always set to y unless EMBEDDED=y (or S390=y). Signed-off-by: Adrian Bunk Commit: 32b7d973f1bfaf221ad53957fd360187815d29c2 Author: Shaohua Li Tue, 23 Jan 2007 16:52:07 +0100 i386: fix CPU hotplug with 2GB VMSPLIT In VMSPLIT mode, kernel PGD might have more entries than user space Signed-off-by: Shaohua Li Signed-off-by: Adrian Bunk Commit: faa309e7b921b2104a42d4ac0e0122f3399a3789 Author: Hugh Dickins Tue, 23 Jan 2007 16:46:22 +0100 read_zero_pagealigned() locking fix Ramiro Voicu hits the BUG_ON(!pte_none(*pte)) in zeromap_pte_range: kernel bugzilla 7645. Right: read_zero_pagealigned uses down_read of mmap_sem, but another thread's racing read of /dev/zero, or a normal fault, can easily set that pte again, in between zap_page_range and zeromap_page_range getting there. It's been wrong ever since 2.4.3. The simple fix is to use down_write instead, but that would serialize reads of /dev/zero more than at present: perhaps some app would be badly affected. So instead let zeromap_page_range return the error instead of BUG_ON, and read_zero_pagealigned break to the slower clear_user loop in that case - there's no need to optimize for it. Use -EEXIST for when a pte is found: BUG_ON in mmap_zero (the other user of zeromap_page_range), though it really isn't interesting there. And since mmap_zero wants -EAGAIN for out-of-memory, the zeromaps better return that than -ENOMEM. Signed-off-by: Hugh Dickins Signed-off-by: Adrian Bunk Commit: 891ff634a279da34545787413355a2fd6f8487d4 Author: Alan Cox Mon, 22 Jan 2007 20:39:00 +0100 atiixp: hang fix When the old IDE layer calls into methods in the driver during error handling it is essentially random whether ide_lock is already held. This causes a deadlock in the atiixp driver which also uses ide_lock internally for locking. Switch to a private lock instead. [akpm@osl.org: cleanup] Signed-off-by: Alan Cox Acked-by: Bartlomiej Zolnierkiewicz Signed-off-by: Andrew Morton Signed-off-by: Adrian Bunk Commit: 4c9b69a98c625f00289719ad94e1242d3a1436ea Author: Jens Axboe Mon, 22 Jan 2007 20:34:31 +0100 cdrom: set default timeout to 7 seconds It's a known fact that Windows times out commands after 7 seconds, so drives generally try and respond if they can before that happens. We default to 5 seconds, which sometimes is a bit too short. Jeremy Higdon reported here: http://lkml.org/lkml/2007/1/1/145 that his drive takes longer than 5 seconds for a "read track information" command, later confirming that it is about 6.7 seconds. So just do the sane thing and change the default command timeout to 7 seconds to avoid other surprises. Signed-off-by: Jens Axboe Signed-off-by: Adrian Bunk Commit: 6516dfec53f26f6de42785fd27f4e2a42950c793 Author: Jes Sorensen Mon, 22 Jan 2007 20:21:31 +0100 [SCSI] qla1280 bus reset typo Fix typo in check of return value of qla1280_bus_reset() which would result in an adapter reset in addition to the bus reset. Signed-off-by: Jes Sorensen Signed-off-by: Adrian Bunk Commit: 12143549cc27c4ba4f83ab97d78d495c34c220f2 Author: Jes Sorensen Mon, 22 Jan 2007 20:20:21 +0100 [SCSI] qla1280 command timeout Original patch from Ian Dall in bugzilla. Set command timeout as specified by the SCSI layer rather than hardcode it to 30 seconds. I have received a couple of reports of people hitting this one with various tape configurations and the patch looks obviously correct. From http://bugzilla.kernel.org/show_bug.cgi?id=6275 Ian Dall : The command sent to the card was using a 30second timeout regardless of the timeout requested in the scsi command passed down from higher levels. Signed-off-by: Jes Sorensen Signed-off-by: Adrian Bunk Commit: c57c54983f560848ab6018a962762676fc9c7e6c Author: James Bursa Sat, 20 Jan 2007 22:58:51 +0100 adfs: fix filename handling Fix filenames on adfs discs being terminated at the first character greater than 128 (adfs filenames are Latin 1). I saw this problem when using a loopback adfs image on a 2.6.17-rc5 x86_64 machine, and the patch fixed it there. Signed-off-by: Adrian Bunk Commit: 56d696e3ba23d39d0383beab744e6adae57edc77 Author: Martin Schwidefsky Sat, 20 Jan 2007 22:49:42 +0100 s390: connector support Include connector config in the s390 arch Kconfig to get support for connectors. This also fixes the following Kconfig warning: fs/Kconfig:1728:warning: 'select' used by config symbol 'CIFS_UPCALL' refer to undefined symbol 'CONNECTOR' Signed-off-by: Martin Schwidefsky Signed-off-by: Adrian Bunk Commit: 57ec068c31de12ca418887e99167ccb9669d44ea Author: Patrick McHardy Mon, 22 Jan 2007 21:39:03 +0100 NETFILTER: arp_tables: missing unregistration on module unload Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Adrian Bunk Commit: 6ed8c5d391a6fe262c8acbdabf7569f790135180 Author: Patrick McHardy Sat, 20 Jan 2007 22:18:30 +0100 NETFILTER: NAT: fix NOTRACK checksum handling The whole idea with the NOTRACK netfilter target is that you can force the netfilter code to avoid connection tracking, and all costs assosciated with it, by making traffic match a NOTRACK rule. But this is totally broken by the fact that we do a checksum calculation over the packet before we do the NOTRACK bypass check, which is very expensive. People setup NOTRACK rules explicitly to avoid all of these kinds of costs. This patch from Patrick, already in Linus's tree, fixes the bug. Move the check for ip_conntrack_untracked before the call to skb_checksum_help to fix NOTRACK excemptions from NAT. Pre-2.6.19 NAT code breaks TSO by invalidating hardware checksums for every packet, even if explicitly excluded from NAT through NOTRACK. 2.6.19 includes a fix that makes NAT and TSO live in harmony, but the performance degradation caused by this deserves making at least the workaround work properly in -stable. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Adrian Bunk Commit: 01f02a48774e7ec4fedd6efeed0f15cb6f04b78a Author: Nick Piggin Sat, 20 Jan 2007 22:16:03 +0100 mm: fix bug in set_page_dirty_buffers This was triggered, but not the fault of, the dirty page accounting patches. Suitable for -stable as well, after it goes upstream. Unable to handle kernel NULL pointer dereference at virtual address 0000004c EIP is at _spin_lock+0x12/0x66 Call Trace: [<401766e7>] __set_page_dirty_buffers+0x15/0xc0 [<401401e7>] set_page_dirty+0x2c/0x51 [<40140db2>] set_page_dirty_balance+0xb/0x3b [<40145d29>] __do_fault+0x1d8/0x279 [<40147059>] __handle_mm_fault+0x125/0x951 [<401133f1>] do_page_fault+0x440/0x59f [<4034d0c1>] error_code+0x39/0x40 [<08048a33>] 0x8048a33 ======================= Signed-off-by: Nick Piggin Signed-off-by: Adrian Bunk