commit 87d81ba62bfa79149ace0653278eac00233c2853 Author: Greg Kroah-Hartman Date: Fri Feb 8 11:55:30 2008 -0800 Linux 2.6.24.1 commit cece280a46c9b5c0adb4d5251f42c082a578e1ad Author: Jens Axboe Date: Fri Feb 8 08:49:14 2008 -0800 splice: missing user pointer access verification (CVE-2008-0009/10) patch 8811930dc74a503415b35c4a79d14fb0b408a361 in mainline. vmsplice_to_user() must always check the user pointer and length with access_ok() before copying. Likewise, for the slow path of copy_from_user_mmap_sem() we need to check that we may read from the user region. Signed-off-by: Jens Axboe Cc: Wojciech Purczynski Signed-off-by: Greg Kroah-Hartman Signed-off-by: Linus Torvalds commit 1dcde8747cb95109b731894bde1a39634d6089f3 Author: Dave Airlie Date: Thu Feb 7 05:43:11 2008 +0000 drm: the drm really should call pci_set_master.. (submitted upstream as 19a8f59ab8ceee751ea720085098355d53f727d6) perhaps bonghits could turn on my bus-mastering because the drm certainly never bothered doing it before. Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 71591e87172bda0d1bf239dd4c7f9aef57a69c28 Author: Michael E Brown Date: Tue Jan 29 15:35:01 2008 -0600 Driver core: Revert "Fix Firmware class name collision" patch 7d640c4a5b36c4733460065db1554da924044511 in mainline. This reverts commit 109f0e93b6b728f03c1eb4af02bc25d71b646c59. The original patch breaks BIOS updates on all Dell machines. The path to the firmware file for the dell_rbu driver changes, which breaks all of the userspace tools which rely on it. Note that this patch re-introduces a problem with i2c name collision that was previously fixed by this patch. Signed-off-by: Michael E Brown Signed-off-by: Greg Kroah-Hartman commit 145eb46ca9f10a16790a59a327bcb59362bf40bc Author: Nick Piggin Date: Sat Feb 2 15:01:17 2008 +0100 fix writev regression: pan hanging unkillable and un-straceable patch 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 in mainline. Frederik Himpe reported an unkillable and un-straceable pan process. Zero length iovecs can go into an infinite loop in writev, because the iovec iterator does not always advance over them. The sequence required to trigger this is not trivial. I think it requires that a zero-length iovec be followed by a non-zero-length iovec which causes a pagefault in the atomic usercopy. This causes the writev code to drop back into single-segment copy mode, which then tries to copy the 0 bytes of the zero-length iovec; a zero length copy looks like a failure though, so it loops. Put a test into iov_iter_advance to catch zero-length iovecs. We could just put the test in the fallback path, but I feel it is more robust to skip over zero-length iovecs throughout the code (iovec iterator may be used in filesystems too, so it should be robust). Signed-off-by: Nick Piggin Signed-off-by: Ingo Molnar Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ac005b49fd49bc8c624ad51bc7aca7945e177ece Author: Srivatsa Vaddagiri Date: Thu Jan 31 22:45:22 2008 +0100 sched: fix high wake up latencies with FAIR_USER_SCHED patch 296825cbe14d4c95ee9c41ca5824f7487bfb4d9d in mainline. The reason why we are getting better wakeup latencies for !FAIR_USER_SCHED is because of this snippet of code in place_entity(): if (!initial) { /* sleeps upto a single latency don't count. */ if (sched_feat(NEW_FAIR_SLEEPERS) && entity_is_task(se)) ^^^^^^^^^^^^^^^^^^ vruntime -= sysctl_sched_latency; /* ensure we never gain time by being placed backwards. */ vruntime = max_vruntime(se->vruntime, vruntime); } NEW_FAIR_SLEEPERS feature gives credit for sleeping only to tasks and not group-level entities. With the patch attached, I could see that wakeup latencies with FAIR_USER_SCHED are restored to the same level as !FAIR_USER_SCHED. Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 818b7bc903fc96665eb6c885b1180e3268756d33 Author: Peter Zijlstra Date: Thu Jan 31 22:45:22 2008 +0100 sched: let +nice tasks have smaller impact patch ef9884e6f29bbe1075204f962a00f7533bf7e8f3 in mainline. Michel Dänzr has bisected an interactivity problem with plus-reniced tasks back to this commit: 810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8 is first bad commit commit 810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8 Author: Peter Zijlstra Date: Mon Oct 15 17:00:14 2007 +0200 sched: another wakeup_granularity fix unit mis-match: wakeup_gran was used against a vruntime fix this by assymetrically scaling the vtime of positive reniced tasks. Bisected-by: Michel Dänzer Signed-off-by: Peter Zijlstra Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 5df1d0f87854e9bcd6b32ad0d2e1f8676dbe9ea6 Author: Michael Buesch Date: Sat Jan 26 13:54:52 2008 +0100 b43: Reject new firmware early (not in mainline, as it is not applicable.) We must reject new incompatible firmware early to avoid running into strange transmission failures. The current development tree supports newer firmware revisions. These revisions cause strange failures on the stable 2.6.24 kernel. Add a check to avoid confusing users a lot. Signed-off-by: Michael Buesch Signed-off-by: Greg Kroah-Hartman commit 9a87ea3ee51fb81e7a33b820a8bb59d23c7be9ef Author: Stephen Smalley Date: Fri Jan 25 13:03:42 2008 -0500 selinux: fix labeling of /proc/net inodes patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline. The proc net rewrite had a side effect on selinux, leading it to mislabel the /proc/net inodes, thereby leading to incorrect denials. Fix security_genfs_sid to ignore extra leading / characters in the path supplied by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...". Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman commit 3ecd7e88c999f6c73694c30359c4d084c5ab90be Author: Stefano Brivio Date: Fri Jan 25 14:32:00 2008 +0100 b43legacy: fix DMA slot resource leakage patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline. This fixes four resource leakages. In any error path we must deallocate the DMA frame slots we previously allocated by request_slot(). This is done by storing the ring pointers before doing any ring allocation and restoring the old pointers in case of an error. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch Signed-off-by: Stefano Brivio Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 9c5149b9f241dcae61b9a20653b26d10b4738f24 Author: Stefano Brivio Date: Fri Jan 25 14:29:50 2008 +0100 b43legacy: drop packets we are not able to encrypt patch 9eca9a8e81928685b4de00ecef83a7c13c340fc9 in mainline. We must drop any packets we are not able to encrypt. We must not send them unencrypted or with an all-zero-key (which basically is the same as unencrypted, from a security point of view). This might only trigger shortly after resume before mac80211 reassociated and reconfigured the keys. It is safe to drop these packets, as the association they belong to is not guaranteed anymore anyway. This is a security fix in the sense that it prevents information leakage. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch Signed-off-by: Stefano Brivio Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit bee7e28170165cb0503dc04bc2b9b6a5cb1593f9 Author: Stefano Brivio Date: Fri Jan 25 14:26:21 2008 +0100 b43legacy: fix suspend/resume patch ada50731c0346bf900dc387edd3a6961297bf2d3 in mainline. This patch makes suspend/resume work with the b43legacy driver. We must not overwrite the MAC addresses in the init function, as this would also overwrite the MAC on resume. With an all-zero MAC the device firmware is not able to ACK any received packets anymore. Fix this by moving the initializion stuff that must be done on init but not on resume to the start function. Also zero out filter_flags to make sure we don't have some flags from a previous instance for a tiny timeframe until mac80211 reconfigures them. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch Signed-off-by: Stefano Brivio Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit c6ca9ee045051774b8e5035e5ffadbb53d5a3ad6 Author: Stefano Brivio Date: Fri Jan 25 14:24:05 2008 +0100 b43legacy: fix PIO crash patch 0cd67d48b519c3d8d89d238fab1cf68a5289638a in mainline. Fix the crash reported below, which seems to happen on bcm4306 rev. 2 devices only while using PIO: Oops: 0000 [#1] PREEMPT Modules linked in: b43(F) rfkill(F) led_class(F) input_polldev(F) arc4 b43legacy mac80211 cfg80211 i915 drm snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ohci1394 ieee1394 ssb pcmcia snd_intel8x0m ehci_hcd uhci_hcd evdev Pid: 0, comm: swapper Tainted: GF (2.6.24st3 #2) EIP: 0060:[] EFLAGS: 00010002 CPU: 0 EIP is at b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] EAX: 0000049b EBX: f11f8044 ECX: 00000001 EDX: 00000000 ESI: f1ff8000 EDI: 00000000 EBP: f11f8040 ESP: c04f4ef4 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 Process swapper (pid: 0, ti=c04f4000 task=c0488300 task.ti=c04b8000) Stack: f90f2788 c05009f0 c0500900 000010f7 f1053823 c04f4f24 dfb8e800 00000003 f1368000 00000007 00000296 f90f1975 00001000 010c0800 01000000 00000007 f90f6391 f11f8000 00000082 c04f4f4a 00000000 00004fd0 10f70000 8c061000 Call Trace: [] b43legacy_debugfs_log_txstat+0x48/0xb0 [b43legacy] [] b43legacy_handle_hwtxstatus+0x75/0x80 [b43legacy] [] b43legacy_pio_rx+0x201/0x280 [b43legacy] [] b43legacy_interrupt_tasklet+0x2e3/0x870 [b43legacy] [] tasklet_action+0x27/0x60 [] __do_softirq+0x54/0xb0 [] do_softirq+0x7b/0xe0 [] handle_level_irq+0x0/0x110 [] handle_level_irq+0x0/0x110 [] irq_exit+0x38/0x40 [] do_IRQ+0x83/0xd0 [] __update_rq_clock+0x4f/0x180 [] common_interrupt+0x23/0x28 [] wakeup_code+0x7b/0xde [] acpi_processor_idle+0x24a/0x3c9 [] cpu_idle+0x47/0x80 [] start_kernel+0x205/0x290 [] unknown_bootoption+0x0/0x1f0 ======================= Code: 0f 00 00 81 fb ff 00 00 00 0f 87 36 01 00 00 8d 04 db 85 ff 8d 6c c6 40 8d 5d 04 0f 85 ef 00 00 00 fe 4e 0e 0f b7 46 0c 8b 53 04 <8b> 4a 50 29 c8 83 e8 52 66 89 46 0c 8b 54 24 14 80 7a 0b 00 74 EIP: [] b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] SS:ESP 0068:c04f4ef4 Kernel panic - not syncing: Fatal exception in interrupt Signed-off-by: Stefano Brivio Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit a30954e2544519c8920c04b46f8300ec6179618f Author: Michael Buesch Date: Fri Jan 25 12:20:20 2008 +0100 b43: Fix dma-slot resource leakage patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline. This fixes four resource leakages. In any error path we must deallocate the DMA frame slots we previously allocated by request_slot(). This is done by storing the ring pointers before doing any ring allocation and restoring the old pointers in case of an error. Signed-off-by: Michael Buesch Signed-off-by: Stefano Brivio Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 2e892f92fe8b48824cf647e812d7fac1c289a854 Author: Michael Buesch Date: Fri Jan 25 12:15:07 2008 +0100 b43: Drop packets we are not able to encrypt patch 09552ccd8277e6382097e93a40f7311a09449367 in mainline We must drop any packets we are not able to encrypt. We must not send them unencrypted or with an all-zero-key (which basically is the same as unencrypted, from a security point of view). This might only trigger shortly after resume before mac80211 reassociated and reconfigured the keys. It is safe to drop these packets, as the association they belong to is not guaranteed anymore anyway. This is a security fix in the sense that it prevents information leakage. Signed-off-by: Michael Buesch Signed-off-by: John W. Linville Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b3b222ff9374f16ed55aad252b1817980699b9b7 Author: Michael Buesch Date: Fri Jan 25 12:11:45 2008 +0100 b43: Fix suspend/resume patch 7be1bb6b798d506693d2d8668e801951996b5a4a in mainline. This patch makes suspend/resume work with the b43 driver. We must not overwrite the MAC addresses in the init function, as this would also overwrite the MAC on resume. With an all-zero MAC the device firmware is not able to ACK any received packets anymore. Fix this by moving the initializion stuff that must be done on init but not on resume to the start function. Also zero out filter_flags to make sure we don't have some flags from a previous instance for a tiny timeframe until mac80211 reconfigures them. Signed-off-by: Michael Buesch Signed-off-by: John W. Linville Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit dbccde6478f3d8d11762d5f19322cbc152d4c99d Author: Stephen Hemminger Date: Thu Jan 24 19:46:10 2008 -0800 sky2: fix for WOL on some devices patch 82637e808478087ce861129745fa60cc37e7929d in mainline This patch disables config mode access after clearing PCI settings. Without this change WOL won't work on some BIOS's Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 31d722ee25d1b8139259483f8ab14c188ca52b2e Author: Stephen Hemminger Date: Thu Jan 24 19:44:50 2008 -0800 sky2: restore multicast addresses after recovery patch a7bffe722c996679b4fb2103ecaf673ec2b9b4a7 in mainline. If the sky2 deadman timer forces a recovery, the multicast hash list is lost. Move the call to sky2_set_multicast to the end of sky2_up() so all paths that bring device up will restore multicast. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit de0d21fac3d694b3d87a61557d561fb23b56679a Author: Sam Ravnborg Date: Sun Feb 3 13:19:38 2008 +0100 x86: restore correct module name for apm patch 3a900d89db35c133bc0874e71d9156b22db362b4 in mainline The apm module were renamed to apm_32 during the merge of 32 and 64 bit x86 which is unfortunate. As apm is 32 bit specific we like to keep the _32 in the filename but the module should be named apm. Fix this in the Makefile. Reported-by: "A.E.Lawrence" Signed-off-by: Sam Ravnborg Cc: Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: "A.E.Lawrence" Signed-off-by: Ingo Molnar Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit 9b0fb094a1bdbd7f93b8d0977ec0c113d6e31ff8 Author: Len Brown Date: Sun Feb 3 17:43:57 2008 -0500 ACPI: update ACPI blacklist These minor changes sync the latest ACPI blacklist into 2.6.24. The main benefit of this patch is to make any future changes easier to apply. The immediate benefit is one less dmesg line on Acer systems. Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 1d866417a3f8b531cdfb314aa693d634d5fef4a3 Author: Ian Abbott Date: Mon Feb 4 13:43:13 2008 +0000 PCI: Fix fakephp deadlock This patch works around a problem in the fakephp driver when a process writing "0" to a "power" sysfs file to fake removal of a PCI device ends up deadlocking itself in the sysfs code. The patch was recently accepted into Linus' tree after the 2.6.24 release: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman commit 7e3c396b7554c761718702a1a9d519bfab2fa430 Author: Oleg Nesterov Date: Mon Feb 4 22:27:18 2008 -0800 sys_remap_file_pages: fix ->vm_file accounting patch 8a459e44ad837018ea5c34a9efe8eb4ad27ded26 in mainline. Fix ->vm_file accounting, mmap_region() may do do_munmap(). Signed-off-by: Oleg Nesterov Signed-off-by: Miklos Szeredi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 56d4009e9628d07acb194a52a655c5fb9abc014f Author: Peter Zijlstra Date: Mon Feb 4 22:27:20 2008 -0800 lockdep: annotate epoll patch 0ccf831cbee94df9c5006dd46248c0f07847dd7c in mainline. On Sat, 2008-01-05 at 13:35 -0800, Davide Libenzi wrote: > I remember I talked with Arjan about this time ago. Basically, since 1) > you can drop an epoll fd inside another epoll fd 2) callback-based wakeups > are used, you can see a wake_up() from inside another wake_up(), but they > will never refer to the same lock instance. > Think about: > > dfd = socket(...); > efd1 = epoll_create(); > efd2 = epoll_create(); > epoll_ctl(efd1, EPOLL_CTL_ADD, dfd, ...); > epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...); > > When a packet arrives to the device underneath "dfd", the net code will > issue a wake_up() on its poll wake list. Epoll (efd1) has installed a > callback wakeup entry on that queue, and the wake_up() performed by the > "dfd" net code will end up in ep_poll_callback(). At this point epoll > (efd1) notices that it may have some event ready, so it needs to wake up > the waiters on its poll wait list (efd2). So it calls ep_poll_safewake() > that ends up in another wake_up(), after having checked about the > recursion constraints. That are, no more than EP_MAX_POLLWAKE_NESTS, to > avoid stack blasting. Never hit the same queue, to avoid loops like: > > epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...); > epoll_ctl(efd3, EPOLL_CTL_ADD, efd2, ...); > epoll_ctl(efd4, EPOLL_CTL_ADD, efd3, ...); > epoll_ctl(efd1, EPOLL_CTL_ADD, efd4, ...); > > The code "if (tncur->wq == wq || ..." prevents re-entering the same > queue/lock. Since the epoll code is very careful to not nest same instance locks allow the recursion. Signed-off-by: Peter Zijlstra Tested-by: Stefan Richter Acked-by: Davide Libenzi Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit d98837eca254bde37d9ce8d61709c977247c7582 Author: Ayaz Abdulla Date: Mon Jan 28 10:24:40 2008 -0500 forcedeth: mac address mcp77/79 patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline. This patch is a critical fix for MCP77 and MCP79 devices. The feature flags were missing the define for correct mac address (DEV_HAS_CORRECT_MACADDR). Signed-off-by: Ayaz Abdulla Signed-off-by: Jeff Garzik Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 7775972d879aa23bef49c57a7da5d921e7a2f130 Author: Stefan Bader Date: Fri Feb 1 15:18:38 2008 -0800 USB: Fix usb_serial_driver structure for Kobil cardreader driver. The device setup did miss to initialize the num_interrupt_out field, thus failing to successfully complete the probe function. Signed-off-by: Stefan Bader Cc: Alan Cox Signed-off-by: Greg Kroah-Hartman commit 073d5d745eac690f0d748a97eca815320a039098 Author: Greg Kroah-Hartman Date: Fri Feb 1 15:17:00 2008 -0800 USB: handle idVendor of 0x0000 Some crazy devices in the wild have a vendor id of 0x0000. If we try to add a module alias with this id, we just can't do it due to a check in the file2alias.c file. Change the test to verify that both the vendor and product ids are 0x0000 to show a real "blank" module alias. Note, the module-init-tools package also needs to be changed to properly generate the depmod tables. Cc: Janusz Cc: Jon Masters Signed-off-by: Greg Kroah-Hartman commit 0d3d1387be1e0801ec81b23d10f2259b9a2ea387 Author: Jan Andersson Date: Fri Feb 1 15:16:59 2008 -0800 USB: fix usbtest halt check on big endian systems usbtest did not swap the received status information when checking for a non-zero value and failed to discover halted endpoints on big endian systems. Signed-off-by: Jan Andersson Acked-by: David Brownell Signed-off-by: Greg Kroah-Hartman commit e4eb1fbba7ce7cf95520f5b07d76819d2afe3f80 Author: Grant Grundler Date: Fri Feb 1 15:16:58 2008 -0800 USB: storage: Add unusual_dev for HP r707 Add "FIX_CAPACITY" entry for HP Photosmart r707 Camera in "Disk" mode. Camera will wedge when /lib/udev/vol_id attempts to access the last sector, EIO gets reported to dmesg, and block device is marked "offline" (it is). Reproduced vol_id behavior with: "dd if=/dev/sda of=/dev/null skip=60800 count=1" Signed-off-by: Grant Grundler Signed-off-by: Phil Dibowitz Signed-off-by: Greg Kroah-Hartman commit cb0ba31a08707a87b7a600c65d93415d212e417b Author: Nate Carlson Date: Fri Feb 1 15:16:57 2008 -0800 USB: Variant of the Dell Wireless 5520 driver I've got a Dell wireless 5520 card with a different USB ID - specifically, 8136 instead of 8137. Attached a small patch to add support, and the output of an 'ati3'. If we could get this in, that'd be sweet. ;) Thanks! nc@knight:~/tmp/linux-2.6.24-rc8/drivers/usb/serial$ lsusb | grep 8136 Bus 001 Device 005: ID 413c:8136 Dell Computer Corp. nc@knight:~/tmp/linux-source-2.6.23/drivers/usb/serial$ cu -l ttyUSB0 -s 115200 Connected. ati3 Manufacturer: Novatel Wireless Incorporated Model: Expedite EU860D MiniCard Revision: 10.10.04.01-01 [2007-04-11 14:07:19] IMEI: 011186000228043 +GCAP: +CGSM,+DS,+ES From: Nate Carlson Signed-off-by: Greg Kroah-Hartman commit ce2193d7451caa92af6753b5cef6212be6bbb57f Author: Oliver Neukum Date: Fri Feb 1 15:16:56 2008 -0800 USB: use GFP_NOIO in reset path this function will run in the context of the scsi error handler thread. It must use GFP_NOIO instead of GFP_KERNEL to avoid a possible deadlock. Signed-off-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman commit 69421556bbdb1cc1447ba330f7411871a72b6e7b Author: Ed Beroset Date: Fri Feb 1 15:16:55 2008 -0800 USB: ftdi driver - add support for optical probe device Added support for the Elster Unicom III Optical Probe. The device ID has already been added to the usb.ids file. Signed-off-by: Ed Beroset Signed-off-by: Greg Kroah-Hartman commit a2624d8f16508d0a4e96c1142e07f19add7c3bc0 Author: Akira Tsukamoto Date: Fri Feb 1 15:16:54 2008 -0800 USB: pl2303: add support for RATOC REX-USB60F pl2303: add support for RATOC REX-USB60F This patch adds support for RATOC REX-USB60F Serial Adapters, which is widely used in Japan recently. Signed-off-by: Akira Tsukamoto Signed-off-by: Greg Kroah-Hartman commit abc1add25bc808649a31c8cb1462fe44d48a788a Author: Daniel Kozák Date: Fri Feb 1 15:16:53 2008 -0800 USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem Remove entry for Huawei E620 UMTS/HSDPA card (ID: 12d1:1001) in pl2303 driver Option driver is use instead Signed-off-by: Daniel Kozák Signed-off-by: Greg Kroah-Hartman commit cbf644cb0a745f7214538a416eb2810d88a2e516 Author: Bruno Redondi Date: Fri Feb 1 15:16:52 2008 -0800 USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless Added support for Onda H600/Zte MF330 GPRS/UMTS/HSDPA datacard Signed-off-by: Bruno Redondi Signed-off-by: Greg Kroah-Hartman commit 1b9843265b5290064495a5742eab76b0cc45dc02 Author: Franco Lanza Date: Fri Feb 1 15:16:51 2008 -0800 USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD little patches only to add vendor/device id of ATK_16IC CCD cam for astronomy. From: Franco Lanza Signed-off-by: Greg Kroah-Hartman commit 52c70fb37c41e47fd290aa66eca79a6b9951751e Author: Peter Stark Date: Fri Feb 1 15:16:50 2008 -0800 USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC I work with a group of people on a free home automation tool called FHEM. Some of the users own more than one USB-serial device by ELV. The ftdi_sio driver has most of the ELV devices disabled by default and needs to be re-enabled every time you get a new kernel. Additionally a new device (EM 1010 PC - enegry monitor) is missing in the list. Currently our users have to follow the instructions we provide at http://www.koeniglich.de/fhem/linux.html ... However, to some users it is too complicated to compile their own kernel module. We are aware that you can specify one additional device using the vendor/product option of the module. But lot's of users own more than one device. Signed-off-by: Peter Stark Signed-off-by: Greg Kroah-Hartman commit 9abbc804d2ff5988e13f9270503bcd5fe00287b6 Author: Kevin Lloyd Date: Fri Feb 1 15:16:48 2008 -0800 USB: sierra driver - add devices The following improvements were made: - Added new product support: MC5725, AC 880 U, MP 3G (UMTS & CDMA) Signed-off-by: Kevin Lloyd Signed-off-by: Greg Kroah-Hartman commit 649140eb725b886fdc353ba7421ef0585273e2b9 Author: Damien Stuart Date: Fri Feb 1 15:16:47 2008 -0800 USB: Adding YC Cable USB Serial device to pl2303 This simply adds the "YC Cable" as a vendor and its pl2303-based USB<->Serial adapter as a product. This particular adapter is sold by Radio Shack. I've done limited testing on a few different systems with no issues. Signed-off-by: Greg Kroah-Hartman commit f3c19c9871db7c076cfb068fb965e53612ae6e1c Author: Jessica L. Blank Date: Fri Feb 1 15:16:46 2008 -0800 USB: Sierra - Add support for Aircard 881U Adds the appropriate vendor and device IDs for the AirCard 881U to sierra.c. (This device is often rebadged by AT&T as the USBConnect 881). Signed-off-by: Jessica L Blank Signed-off-by: Greg Kroah-Hartman commit 8b5fc24779395a26ccf456321636c78339436b76 Author: Piotr Roszatycki Date: Fri Feb 1 15:16:45 2008 -0800 USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter add support for: 4348:5523 WinChipHead USB->RS 232 adapter with Prolifec PL 2303 chipset [ mingo@elte.hu: merged it and nursed it upstream ] Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit b2482c0bb4496a5f2ae1e596832dc19234ff660e Author: Craig Shelley Date: Fri Feb 1 15:16:44 2008 -0800 USB: CP2101 New Device IDs Six new device IDs for CP2101 driver. Signed-off-by: Craig Shelley Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman commit f3f25f6175790dc79028fd39d0eb3abce5f2222b Author: Li Yang Date: Fri Feb 1 15:16:43 2008 -0800 usb gadget: fix fsl_usb2_udc potential OOPS For fsl_usb2_udc driver, ep0 also has a descriptor. Current code is misleading and contains a logical mistake. Here is the patch to fix it. http://bugzilla.kernel.org/show_bug.cgi?id=9595 Signed-off-by: David Brownell Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman commit a9ceb6ce700eb40d9aff44c2601b51943eea6990 Author: Alan Cox Date: Fri Feb 1 15:16:42 2008 -0800 USB: keyspan: Fix oops If we get a data URB back from the hardware after we have put the tty to bed we go kaboom. Fortunately all we need to do is process the URB without trying to ram its contents down the throat of an ex-tty. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman commit f5871b9016c0ebce8acc58f7a230adcb9bd89577 Author: Nick Piggin Date: Sat Feb 2 03:08:53 2008 +0100 vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) Drivers that register a ->fault handler, but do not range-check the offset argument, must set VM_DONTEXPAND in the vm_flags in order to prevent an expanding mremap from overflowing the resource. I've audited the tree and attempted to fix these problems (usually by adding VM_DONTEXPAND where it is not obvious). Signed-off-by: Nick Piggin Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit f4ae0ab4b8237848ad5d687342a10cd3b7037705 Author: Pekka J Enberg Date: Sat Jan 26 14:15:54 2008 +0200 slab: fix bootstrap on memoryless node [ Upstream commit: 556a169dab38b5100df6f4a45b655dddd3db94c1 ] If the node we're booting on doesn't have memory, bootstrapping kmalloc() caches resorts to fallback_alloc() which requires ->nodelists set for all nodes. Fix that by calling set_up_list3s() for CACHE_CACHE in kmem_cache_init(). As kmem_getpages() is called with GFP_THISNODE set, this used to work before because of breakage in 2.6.22 and before with GFP_THISNODE returning pages from the wrong node if a node had no memory. So it may have worked accidentally and in an unsafe manner because the pages would have been associated with the wrong node which could trigger bug ons and locking troubles. Tested-by: Mel Gorman Tested-by: Olaf Hering Reviewed-by: Christoph Lameter [ With additional one-liner by Olaf Hering - Linus ] Signed-off-by: Linus Torvalds Signed-off-by: Pekka Enberg Signed-off-by: Chris Wright commit a869ec27f09435a48a6601c2c5543b457410b40c Author: Michael Krufky Date: Thu Jan 24 18:26:19 2008 -0500 DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail [PATCH] DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail Signed-off-by: Michael Krufky Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Chris Wright