commit 5356f664e1d2149b67d2aeed644cc1def128a4ac Merge: aaa594c... d172f4e... Author: Linus Torvalds Date: Sun Dec 23 13:06:49 2007 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6 * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6: Modules: fix memory leak of module names UIO: Add a MAINTAINERS entry for Userspace I/O commit aaa594cd11c6dff4e3545602be1aadd79969f953 Merge: 2634d06... 014840e... Author: Linus Torvalds Date: Sun Dec 23 13:06:32 2007 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: USB: New device ID for the CP2101 driver USB: VID/PID update for sierra USB: Unbreak fsl_usb2_udc commit 2634d064c16cc897bc850a109bbea781b50d1ad5 Merge: c63f702... bdcba15... Author: Linus Torvalds Date: Sun Dec 23 13:05:46 2007 -0800 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: MACB: clear transmit buffers properly on transmit underrun 3c359 endianness annotations and fixes fec_mpc52xx: write in C... 3c574 and 3c589 endianness fixes (.24?) rrunner: use offsetof() instead of homegrown insanity r8169 endianness dl2k endianness fixes (.24 fodder?) yellowfin: annotations and fixes (.24 fodder?) asix fixes cycx: annotations and fixes (.24 fodder?) typhoon: trivial endianness annotations typhoon: memory corruptor on big-endian if TSO is enabled typhoon: missed rx overruns on big-endian typhoon: set_settings broken on big-endian typhoon: missing le32_to_cpu() in get_drvinfo typhoon: endianness bug in tx/rx byte counters ipw2200: prevent alloc of unspecified size on stack iwlwifi: fix possible priv->mutex deadlock during suspend p54: add Kconfig description rtl8187: Add USB ID for Sitecom WL-168 v1 001 commit c63f702068a445f682d7590c5fadfc266785a071 Author: Al Viro Date: Sun Dec 23 20:01:04 2007 +0000 uml: user of helper_wait() got missed when it got extra arguments Signed-off-by: Al Viro Signed-off-by: Linus Torvalds commit db99247ac68fc352100090ad7704fb5efb9327b6 Author: Cory T. Tusar Date: Sun Dec 23 12:34:51 2007 -0800 tty: fix logic change introduced by wait_event_interruptible_timeout() Commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8 introduced a subtle logic change in tty_wait_until_sent(). The original version would only error out of the 'do { ... } while (timeout)' loop if signal_pending() evaluated to true; a timeout or break due to an empty buffer would fall out of the loop and into the tty->driver->wait_until_sent handling. The current implementation will error out on either a pending signal or an empty buffer, falling through to the tty->driver->wait_until_sent handling only on a timeout. The ->wait_until_sent() will not be reached if the buffer empties before timeout jiffies have elapsed. This behavior differs from that prior to commit 5a52bd4a2dcb570333ce6fe2e16cd311650dbdc8. I turned this up while using a little serial download utility to bootstrap an ARM-based eval board. The util worked fine on 2.6.22.x, but consistently failed on 2.6.23.x. Once I'd determined that, I narrowed things down with git bisect, and found the above difference in logic in tty_wait_until_sent() by inspection. This change reverts the logic flow in tty_wait_until_sent() to match that prior to the aforementioned commit. Signed-off-by: Cory T. Tusar Cc: Alan Cox Acked-by: Jiri Slaby Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 870e6f7e15980d1a33615de572078406737ac22e Author: Paul Mundt Date: Sat Dec 22 14:03:30 2007 -0800 kconfig: obey KCONFIG_ALLCONFIG choices with randconfig. Currently when using KCONFIG_ALLCONFIG with randconfig the choice options are clobbered. As recommended by Roman, this adds an is_new test to see whether to select a new option or obey the existing one. This is a resend of the earlier patch a couple of weeks ago, since there was no reply. Original thread is at http://lkml.org/lkml/2007/11/28/94 Signed-off-by: Paul Mundt Cc: Roman Zippel Cc: Sam Ravnborg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7bbaac12a6036f55111a54b01908d0f3afe8622d Author: David Brownell Date: Sat Dec 22 14:03:29 2007 -0800 pcmcia: remove pxa2xx_lubbock build warning Init section confusion. There will likely be some other similar issues, introduced by I'm-not-sure-what-patch. Signed-off-by: David Brownell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f16b34aa13e8c55085f346bcf07afb2312c56c0a Author: Peter Zijlstra Date: Sat Dec 22 14:03:29 2007 -0800 lib: proportion: fix underflow in prop_norm_percpu() Zhe Jiang noticed that its possible to underflow pl->events in prop_norm_percpu() when the value returned by percpu_counter_read() is less than the error on that read and the period delay > 1. In that case half might not trigger the batch increment and the value will be identical on the next iteration, causing the same half to be subtracted again and again. Fix this by rewriting the division as a single subtraction instead of a subtraction loop and using percpu_counter_sum() when the value returned by percpu_counter_read() is smaller than the error. The latter is still needed if we want pl->events to shrink properly in the error region. [akpm@linux-foundation.org: cleanups] Signed-off-by: Peter Zijlstra Reviewed-by: Jiang Zhe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cc295d0e95063809af31971e4aec1d809247f13b Author: Daniel Walker Date: Sat Dec 22 14:03:28 2007 -0800 ps3: vuart: fix error path locking This stray down would cause a permanent sleep which doesn't seem correct. The other uses of this semaphore appear fairly mutex like it's even initialized with init_MUTEX() .. So here a patch for removing this one down(). Signed-off-by: Geoff Levand Signed-off-by: Daniel Walker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 04bdfb9191eaf7330ac88edf83d7b49878c9b2d1 Author: Joe Perches Date: Sat Dec 22 14:03:27 2007 -0800 MAINTAINERS: mailing list archives are web links L: entries should be email addresses Change L:http entries to W:http Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 16317ec2e5a85884fea680d24c1b228a5602159f Author: Eric Sandeen Date: Sat Dec 22 14:03:26 2007 -0800 ecryptfs: redo dget,mntget on dentry_open failure Thanks to Jeff Moyer for pointing this out. If the RDWR dentry_open() in ecryptfs_init_persistent_file fails, it will do a dput/mntput. Need to re-take references if we retry as RDONLY. Signed-off-by: Eric Sandeen Acked-by: Mike Halcrow Signed-off-by: Jeff Moyer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c8161f64ccdcc3ac05c7bbfebc031e7ad5ca6412 Author: Eric Sandeen Date: Sat Dec 22 14:03:26 2007 -0800 ecryptfs: fix unlocking in error paths Thanks to Josef Bacik for finding these. A couple of ecryptfs error paths don't properly unlock things they locked. Signed-off-by: Eric Sandeen Cc: Josef Bacik Cc: Michael Halcrow Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c525460e2754dbb33abe2b37d3d941126b2ea830 Author: Jan Kara Date: Sat Dec 22 14:03:25 2007 -0800 Don't send quota messages repeatedly when hardlimit reached We should send quota message to netlink only once when hardlimit is reached. Otherwise user could easily make the system busy by trying to exceed the hardlimit (and also the messages could be anoying if you cannot stop writing just now). Signed-off-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 22dd483721939b4ea22d5d3925e69112f63c42bc Author: Jan Kara Date: Sat Dec 22 14:03:25 2007 -0800 Fix computation of SKB size for quota messages Fix computation of size of skb needed for quota message. We should use netlink provided functions and not just an ad-hoc number. Also don't print the return value from nla_put_foo() as it is always -1. Signed-off-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b88629060b03adc58639f818fe0968bf5fe81b5d Author: Eric Sandeen Date: Sat Dec 22 14:03:24 2007 -0800 ecryptfs: fix string overflow on long cipher names Passing a cipher name > 32 chars on mount results in an overflow when the cipher name is printed, because the last character in the struct ecryptfs_key_tfm's cipher_name string was never zeroed. Signed-off-by: Eric Sandeen Acked-by: Michael Halcrow Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ed367fc3a7349b17354c7acef551533337764859 Author: Christoph Lameter Date: Sat Dec 22 14:03:23 2007 -0800 quicklists: do not release off node pages early quicklists must keep even off node pages on the quicklists until the TLB flush has been completed. Signed-off-by: Christoph Lameter Cc: Dhaval Giani Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 014840ec57760ec555cd6f694d1f65a4f54e4155 Author: Martin Kusserow Date: Fri Dec 21 12:02:17 2007 +0100 USB: New device ID for the CP2101 driver attached please find a new device ID for CP2101 driver. This device is a usb stick from Dynastream to communicate with ANT wireless devices which I suppose is fairly similar to the ANT dev board having product id 0x1003. From: Martin Kusserow Signed-off-by: Greg Kroah-Hartman commit ed0ccdbb616cd7e1d5570b8078e0deb37c1c3c16 Author: Kevin R Page Date: Thu Dec 13 01:10:48 2007 +0000 USB: VID/PID update for sierra Adds VID/PID for the MC8775 found internally in the Thinkpad X61s laptop (and likely others). For commercial reasons the driver maintainer cannot add VID/PIDs for laptop OEM devices himself. Signed-off-by: Kevin R Page Cc: stable Signed-off-by: Greg Kroah-Hartman commit 3bf44688df34b6cb948d30b85766d0dab6cf6d21 Author: Peter Korsgaard Date: Fri Dec 21 08:33:46 2007 -0800 USB: Unbreak fsl_usb2_udc Commit a4e3ef5... (USB: gadget: gadget_is_{dualspeed,otg} predicates and cleanup) broke fsl_usb2_udc; the build test didn't cover peripheral drivers, just gadget drivers. Signed-off-by: Peter Korsgaard Signed-off-by: David Brownell Signed-off-by: Greg Kroah-Hartman commit d172f4ef31bec924c6ebcb242c9d7d290811e1e5 Author: Greg Kroah-Hartman Date: Sat Dec 22 21:18:25 2007 -0800 Modules: fix memory leak of module names Due to the change in kobject name handling, the module kobject needs to have a null release function to ensure that the name it previously set will be properly cleaned up. All of this wierdness goes away in 2.6.25 with the rework of the kobject name and cleanup logic, but this is required for 2.6.24. Thanks to Alexey Dobriyan for finding the problem, and to Kay Sievers for pointing out the simple way to fix it after I tried many complex ways. Cc: Alexey Dobriyan Cc: Kay Sievers Signed-off-by: Greg Kroah-Hartman commit e5f114e97d6e4833e90ca408af9eb1e7a3262b5e Author: Hans-Jürgen Koch Date: Wed Dec 5 15:08:07 2007 +0100 UIO: Add a MAINTAINERS entry for Userspace I/O This patch adds an entry for the Userspace I/O framework to MAINTAINERS. Signed-off-by: Hans J. Koch Signed-off-by: Greg Kroah-Hartman commit bdcba1511b98f2e728b3a910b8771a0d3fce5bf3 Author: Gregory CLEMENT Date: Wed Dec 19 18:23:44 2007 +0100 MACB: clear transmit buffers properly on transmit underrun Initially transmit buffer pointers were only reset. But buffer descriptors were possibly still set as ready, and buffer in upper layer was not freed. This caused driver hang under big load. Now reset clean properly the buffer descriptor and freed upper layer. Signed-off-by: Gregory CLEMENT Signed-off-by: Haavard Skinnemoen Signed-off-by: Jeff Garzik commit 61c93f4eb45493f203d6bad24156599668be614f Merge: 9914cad... 412e9e7... Author: Jeff Garzik Date: Sat Dec 22 23:25:16 2007 -0500 Merge branch 'fixes-jgarzik' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes commit 9914cad54c79d0b89b1f066c0894f00e1344131c Author: Al Viro Date: Sat Dec 22 19:44:10 2007 +0000 3c359 endianness annotations and fixes Same story as with olympic - htons(readw()) when swab16(readw()) is needed, missing conversions to le32 when dealing with shared descriptors, etc. Olympic got those fixes in 2.4.0-test2, 3c359 didn't. Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit cc154ac64aa8d3396b187f64cef01ce67f433324 Author: Al Viro Date: Sat Dec 22 18:56:53 2007 +0000 fec_mpc52xx: write in C... If you need to find a difference between addresses of two struct members, subtract offsetof() or cast addresses to char * and subtract those if you prefer it that way. Doing that same with s/char */u32/, OTOH... Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit b1e247ad8e4ff29b5c7fa2b9a081b4a0f483b0d3 Author: Al Viro Date: Sat Dec 22 18:56:13 2007 +0000 3c574 and 3c589 endianness fixes (.24?) Both store MAC address in CIS; there's no decoder for that type (0x88) so the drivers work with raw data. It is byteswapped, so ntohs() works for little-endian, but for big-endian it's wrong. ntohs(le16_to_cpu()) does the right thing on both (and always expands to swab16()). Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit cf96237837ec6d4fc48bc2f735c71027cc0fc5fa Author: Al Viro Date: Sat Dec 22 18:55:29 2007 +0000 rrunner: use offsetof() instead of homegrown insanity Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 95e0918dbb6d83020ef3eb0a4276413264abd14d Author: Al Viro Date: Sat Dec 22 18:55:39 2007 +0000 r8169 endianness missing conversions in a couple of places Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 78ce8d3d1c75c22ae593ad4ccaffa19ee0e2576d Author: Al Viro Date: Sat Dec 22 18:11:18 2007 +0000 dl2k endianness fixes (.24 fodder?) * shift before cpu_to_le64(), not after it * writel() converts to l-e itself * misc missing conversions * in set_multicast() hash_table[] is host-endian; we feed it to card via writel() and populate it as host-endian, so we'd better put the first element into it also in host-endian * pci_unmap_single() et.al. expect host-endian, not little-endian Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit e5a314210087558f21617255754e7687e9a7f81d Author: Al Viro Date: Sat Dec 22 17:53:02 2007 +0000 yellowfin: annotations and fixes (.24 fodder?) pci_unmap_single() and friends getting a little-endian address... Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 51bf2976b55d07f9daae9697a0a3ac9f58abcedc Author: Al Viro Date: Sat Dec 22 17:42:36 2007 +0000 asix fixes * usb_control_message() to/from stack (breaks on e.g. arm); some places did kmalloc() for buffer, some just worked from stack. Added kmalloc()/memcpy()/kfree() in asix_read_cmd()/asix_write_cmd(), removed that crap from callers. * Fixed a leak in ax88172_bind() - on success it forgot to kfree() the buffer. * Endianness bug in ax88178_bind() - we read a word from eeprom and work with it without converting to host-endian Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 7fd71e58b038a7244c2ac1ee579c43947f3968c4 Author: Al Viro Date: Sat Dec 22 17:27:24 2007 +0000 cycx: annotations and fixes (.24 fodder?) skb->protocol is net-endian, TYVM... Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 71f1bb1a8f17db3caba1237dfd478c2a13faf63e Author: Al Viro Date: Fri Dec 21 06:21:14 2007 +0000 typhoon: trivial endianness annotations Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 8cc085c7aceb78d26d0a5355e111b2330f089161 Author: Al Viro Date: Fri Dec 21 06:21:03 2007 +0000 typhoon: memory corruptor on big-endian if TSO is enabled txlo_dma_addr should be host-endian; we pass it to typhoon_tso_fill(), which does arithmetics on it, converts to l-e and passes it to card. Unfortunately, we forgot le32_to_cpu() when initializing it from face->txLoAddr, which sits in shared memory and is little-endian. Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 8a5ed9efe661dd42bc140e522c2635e0d7b26141 Author: Al Viro Date: Fri Dec 21 06:20:53 2007 +0000 typhoon: missed rx overruns on big-endian rxBuffCleared is little-endian; we miss le32_to_cpu() in checks for rx ring overruns. Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit b46281f9c5d6ab7b6e412e83f8c62cecf4ebbdfd Author: Al Viro Date: Fri Dec 21 06:20:43 2007 +0000 typhoon: set_settings broken on big-endian One cpu_to_le16() too many when passing argument for TYPHOON_CMD_XCVR_SELECT; we end up passing host-endian while the hardware expects little-endian. The other place doing that (typhoon_start_runtime()) does the right thing, so the card will recover at the next ifconfig up/tx timeout/resume, which limits the amount of mess, but still, WTF? Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit fdcfd77c813ef7997a60856812805f4cfbeb6222 Author: Al Viro Date: Fri Dec 21 06:20:33 2007 +0000 typhoon: missing le32_to_cpu() in get_drvinfo in typhoon_get_drvinfo() .parm2 is little-endian; not critical since we just get the firmware id flipped in get_drvinfo output on big-endian boxen, but... Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 73eac0640ebfb30fee99e06ee029444af0d7ae8d Author: Al Viro Date: Fri Dec 21 06:20:23 2007 +0000 typhoon: endianness bug in tx/rx byte counters txBytes and rxBytesGood are both 64bit; using le32_to_cpu() won't work on big-endian for obvious reasons. Signed-off-by: Al Viro Signed-off-by: Jeff Garzik commit 5b825ed22b02691e39774e8b2a077d1807969ec7 Merge: a4c80d2... d883a03... Author: Linus Torvalds Date: Fri Dec 21 15:52:24 2007 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (23 commits) [IPV4]: OOPS with NETLINK_FIB_LOOKUP netlink socket [NET]: Fix function put_cmsg() which may cause usr application memory overflow [ATM]: Spelling fixes [NETFILTER] ipv4: Spelling fixes [NETFILTER]: Spelling fixes [SCTP]: Spelling fixes [NETLABEL]: Spelling fixes [PKT_SCHED]: Spelling fixes [NET] net/core/: Spelling fixes [IPV6]: Spelling fixes [IRDA]: Spelling fixes [DCCP]: Spelling fixes [NET] include/net/: Spelling fixes [NET]: Correct two mistaken skb_reset_mac_header() conversions. [IPV4] ip_gre: set mac_header correctly in receive path [XFRM]: Audit function arguments misordered [IPSEC]: Avoid undefined shift operation when testing algorithm ID [IPV4] ARP: Remove not used code [TG3]: Endianness bugfix. [TG3]: Endianness annotations. ... commit a4c80d2ae2cac531c6655f75658dae02c488abc7 Merge: 76be895... 5b2afff... Author: Linus Torvalds Date: Fri Dec 21 15:52:01 2007 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC32]: Spelling fixes [SPARC64]: Spelling fixes [SPARC64]: Fix OOPS in dma_sync_*_for_device() commit 76be895001f2b0bee42a7685e942d3e08d5dd46c Author: Christoph Lameter Date: Fri Dec 21 14:37:37 2007 -0800 SLUB: Improve hackbench speed Increase the mininum number of partial slabs to keep around and put partial slabs to the end of the partial queue so that they can add more objects. Signed-off-by: Christoph Lameter Reviewed-by: Pekka Enberg Acked-by: Ingo Molnar Signed-off-by: Linus Torvalds commit d883a0367149506e8b7a3f31891d1ea30b9377f3 Author: Denis V. Lunev Date: Fri Dec 21 02:01:53 2007 -0800 [IPV4]: OOPS with NETLINK_FIB_LOOKUP netlink socket [ Regression added by changeset: cd40b7d3983c708aabe3d3008ec64ffce56d33b0 [NET]: make netlink user -> kernel interface synchronious -DaveM ] nl_fib_input re-reuses incoming skb to send the reply. This means that this packet will be freed twice, namely in: - netlink_unicast_kernel - on receive path Use clone to send as a cure, the caller is responsible for kfree_skb on error. Thanks to Alexey Dobryan, who originally found the problem. Signed-off-by: Denis V. Lunev Signed-off-by: David S. Miller commit 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 Author: Wei Yongjun Date: Thu Dec 20 14:36:44 2007 -0800 [NET]: Fix function put_cmsg() which may cause usr application memory overflow When used function put_cmsg() to copy kernel information to user application memory, if the memory length given by user application is not enough, by the bad length calculate of msg.msg_controllen, put_cmsg() function may cause the msg.msg_controllen to be a large value, such as 0xFFFFFFF0, so the following put_cmsg() can also write data to usr application memory even usr has no valid memory to store this. This may cause usr application memory overflow. int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm = (__force struct cmsghdr __user *)msg->msg_control; struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); ~~~~~~~~~~~~~~~~~~~~~ int err; if (MSG_CMSG_COMPAT & msg->msg_flags) return put_cmsg_compat(msg, level, type, len, data); if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { msg->msg_flags |= MSG_CTRUNC; return 0; /* XXX: return error? check spec. */ } if (msg->msg_controllen < cmlen) { ~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_flags |= MSG_CTRUNC; cmlen = msg->msg_controllen; } cmhdr.cmsg_level = level; cmhdr.cmsg_type = type; cmhdr.cmsg_len = cmlen; err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) goto out; cmlen = CMSG_SPACE(len); ~~~~~~~~~~~~~~~~~~~~~~~~~~~ If MSG_CTRUNC flags is set, msg->msg_controllen is less than CMSG_SPACE(len), "msg->msg_controllen -= cmlen" will cause unsinged int type msg->msg_controllen to be a large value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_control += cmlen; msg->msg_controllen -= cmlen; ~~~~~~~~~~~~~~~~~~~~~ err = 0; out: return err; } The same promble exists in put_cmsg_compat(). This patch can fix this problem. Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller commit c5c0f33d8e5b1219c86757e6afffd6f96823e521 Author: Joe Perches Date: Thu Dec 20 14:05:37 2007 -0800 [ATM]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit e00ccd4a787fe03887f81467babcf8d057f8718d Author: Joe Perches Date: Thu Dec 20 14:05:03 2007 -0800 [NETFILTER] ipv4: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit c82381775062cd8d55579959e1fd710f0e607985 Author: Joe Perches Date: Thu Dec 20 14:04:24 2007 -0800 [NETFILTER]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 7aa1b54b74d813e01c46a5344c52f06037a95da0 Author: Joe Perches Date: Thu Dec 20 14:03:52 2007 -0800 [SCTP]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit e185446ce83f327428624fc4a0392794249311a2 Author: Joe Perches Date: Thu Dec 20 14:03:11 2007 -0800 [NETLABEL]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 9a94b35184bf095b885ca80099381f8547d5be3a Author: Joe Perches Date: Thu Dec 20 14:02:40 2007 -0800 [PKT_SCHED]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 53ccaae1ef749ef87a484a0aa5351c557c0a690e Author: Joe Perches Date: Thu Dec 20 14:02:06 2007 -0800 [NET] net/core/: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit bea851954717ebb0dee557a951e28bb277e1cc1d Author: Joe Perches Date: Thu Dec 20 14:01:35 2007 -0800 [IPV6]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit cc53ded272ecf8d62c9f3b48baadc5165a0b6d7b Author: Joe Perches Date: Thu Dec 20 14:00:51 2007 -0800 [IRDA]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 5e8e034cc5154abd639aa5c05d13e24e535c6a9c Author: Joe Perches Date: Thu Dec 20 13:59:39 2007 -0800 [DCCP]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit f4ab2f72e9340207ae95e2a7622a74220a61f46a Author: Joe Perches Date: Thu Dec 20 13:56:32 2007 -0800 [NET] include/net/: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 5b2afff23ab7f34222398fc357253c1e5caed363 Author: Joe Perches Date: Thu Dec 20 13:55:45 2007 -0800 [SPARC32]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 33ccc190d1ef5a7ad519c35bb1ef1d0d68a65287 Author: Joe Perches Date: Thu Dec 20 13:55:10 2007 -0800 [SPARC64]: Spelling fixes Signed-off-by: Joe Perches Signed-off-by: David S. Miller commit 36bb61346d9e64b55285f27363e93a6e96f2abba Author: David S. Miller Date: Thu Dec 20 01:29:45 2007 -0800 [SPARC64]: Fix OOPS in dma_sync_*_for_device() I included these operations vector cases for situations where we never need to do anything, the entries aren't filled in by any implementation, so we OOPS trying to invoke NULL pointer functions. Really make them NOPs, to fix the bug. Signed-off-by: David S. Miller commit c6e6ca712b5cc06a662f900c0484d49d7334af64 Author: David S. Miller Date: Thu Dec 20 00:25:54 2007 -0800 [NET]: Correct two mistaken skb_reset_mac_header() conversions. This operation helper abstracts: skb->mac_header = skb->data; but it was done in two more places which were actually: skb->mac_header = skb->network_header; and those are corrected here. Signed-off-by: David S. Miller commit 1d0691674764098304ae4c63c715f5883b4d3784 Author: Timo Teras Date: Thu Dec 20 00:10:33 2007 -0800 [IPV4] ip_gre: set mac_header correctly in receive path mac_header update in ipgre_recv() was incorrectly changed to skb_reset_mac_header() when it was introduced. Signed-off-by: Timo Teras Signed-off-by: David S. Miller commit 5951cab136d8b7e84696061dc2e69c402bc94f61 Author: Paul Moore Date: Thu Dec 20 00:00:45 2007 -0800 [XFRM]: Audit function arguments misordered In several places the arguments to the xfrm_audit_start() function are in the wrong order resulting in incorrect user information being reported. This patch corrects this by pacing the arguments in the correct order. Signed-off-by: Paul Moore Signed-off-by: David S. Miller commit f398035f2dec0a6150833b0bc105057953594edb Author: Herbert Xu Date: Wed Dec 19 23:44:29 2007 -0800 [IPSEC]: Avoid undefined shift operation when testing algorithm ID The aalgos/ealgos fields are only 32 bits wide. However, af_key tries to test them with the expression 1 << id where id can be as large as 253. This produces different behaviour on different architectures. The following patch explicitly checks whether ID is greater than 31 and fails the check if that's the case. We cannot easily extend the mask to be longer than 32 bits due to exposure to user-space. Besides, this whole interface is obsolete anyway in favour of the xfrm_user interface which doesn't use this bit mask in templates (well not within the kernel anyway). Signed-off-by: Herbert Xu Signed-off-by: David S. Miller commit e0260feddf8a68301c75cdfff9ec251d5851b006 Author: Mark Ryden Date: Wed Dec 19 23:38:11 2007 -0800 [IPV4] ARP: Remove not used code In arp_process() (net/ipv4/arp.c), there is unused code: definition and assignment of tha (target hw address ). Signed-off-by: Mark Ryden Signed-off-by: David S. Miller commit 412e9e7800360ec93b6ba319b30666f6bfc721bd Author: Reinette Chatre Date: Tue Dec 18 22:01:02 2007 -0800 ipw2200: prevent alloc of unspecified size on stack if log_len is larger than 4K then we are killing the stack. allocate on heap instead and limit size to what practically can be used (PAGE_SIZE) Signed-off-by: Reinette Chatre Signed-off-by: John W. Linville commit b24d22b1d12c436a86282347868785207cff8a88 Author: Zhu Yi Date: Wed Dec 19 13:59:52 2007 +0800 iwlwifi: fix possible priv->mutex deadlock during suspend This patch moves _cancel_deferred_work out of mutex protection and removes unnecessary mutex in pci_suspend and pci_resume. Cc: Johannes Berg Signed-off-by: Zhu Yi Signed-off-by: John W. Linville commit 7d2e941b0b741d17e95baf095dbf1c77f2b95b56 Author: Michael Wu Date: Tue Dec 18 18:36:10 2007 -0500 p54: add Kconfig description Some people would like to know what p54 is. Signed-off-by: Michael Wu Signed-off-by: John W. Linville commit 9934550d7ff69b222d4c751b5712204d5511c39e Author: Matthias Mueller Date: Sun Dec 2 17:17:51 2007 -0500 rtl8187: Add USB ID for Sitecom WL-168 v1 001 Thanks to Matthias Mueller for reporting this device. Signed-off-by: Michael Wu Signed-off-by: John W. Linville commit 286e310f94b9459f3fa975333781c969b1041522 Author: Al Viro Date: Mon Dec 17 23:00:31 2007 -0800 [TG3]: Endianness bugfix. tg3_nvram_write_block_unbuffered() is reading data from nvram into allocated buffer before overwriting a part of it with user-supplied data. Then it feeds the entire page back to nvram. It should be storing the words it had read as little-endian, not as host-endian. Note that tg3_set_eeprom() does exactly that for padding the same data to full words before it gets passed down to tg3_nvram_write_block() and then to tg3_nvram_write_block_unbuffered(). Moreover, when we get to sending the entire thing back to nvram, we go through it word-by-word, doing essentially writel(swab32(le32_to_cpu(word)), ...) so if we want them to reach the card in host-independent endianness, we'd better really have all that buffer filled with fixed-endian. For user-supplied part we obviously do have that (it's an array of octets memcpy'd in), ditto for padding of user-supplied part to word boundaries (taken care of in tg3_set_eeprom()). The rest of the buffer gets filled by tg3_nvram_write_block_unbuffered() and it would damn better be consistent with that (and with tg3_get_eeprom(), while we are at it - there we also convert the words read from nvram to little-endian before returning the buffer to user). The bug should get triggered on big-endian boxen when set_eeprom is done for less than entire page. Then the words that should've been unaffected at all will actually get byteswapped in place in nvram. Signed-off-by: Al Viro Signed-off-by: David S. Miller commit b9fc7dc514566e9788c7f064bb08f8b6e2fe6f72 Author: Al Viro Date: Mon Dec 17 22:59:57 2007 -0800 [TG3]: Endianness annotations. Fixed misannotations, introduced a new helper - tg3_nvram_read_le(). It gets __le32 * instead of u32 * and puts there the value converted to little-endian. A lot of callers of tg3_nvram_read() were doing that; converted them to tg3_nvram_read_le(). At that point the driver is practically endian-clean; the only remaining place is an actual bug, AFAICS; will be dealt with in the next patch. Signed-off-by: Al Viro Signed-off-by: David S. Miller commit 20880e8936e467fe30d79aa838c8d24b7073648f Author: Cyrill Gorcunov Date: Thu Dec 13 16:17:03 2007 -0800 NET: mac80211: fix inappropriate memory freeing Fix inappropriate memory freeing in case of requested rate_control_ops was not found. In this case the list head entity is going to be accidentally wasted. Signed-off-by: Cyrill Gorcunov Acked-by: Michael Wu Signed-off-by: Andrew Morton Signed-off-by: John W. Linville commit 3333590e94262aebb5d0fb767cc7ed8b2359705c Author: Johannes Berg Date: Wed Dec 12 16:31:52 2007 +0100 mac80211: fix header ops When using recvfrom() on a SOCK_DGRAM packet socket, I noticed that the MAC address passed back for wireless frames was always completely wrong. The reason for this is that the header parse function assigned to our virtual interfaces is a function parsing an 802.11 rather than 802.3 header. This patch fixes it by keeping the default ethernet header operations assigned. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville commit 2d192d9552881f4cf88e62072047c72ef2b5aa7f Author: Michael Wu Date: Sat Nov 10 00:15:25 2007 -0500 mac80211: Drop out of associated state if link is lost There is no point in staying in IEEE80211_ASSOCIATED if there is no sta_info entry to receive frames with. Signed-off-by: Michael Wu Signed-off-by: John W. Linville