Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-2.6.15.y 2006-03-28T07:06:28Z 2006-03-28T07:06:28Z Greg Kroah-Hartman gregkh@suse.de 2006-03-28T07:06:28Z urn:sha1:f70602f4f6248735a02c61a1323c9151a33a3775 2006-03-28T07:00:23Z Al Viro viro@ftp.linux.org.uk 2006-03-15T21:41:59Z urn:sha1:6d4da66240b9fec065933928043b1365f97ab724 This fixes not one, but _two_, silly (but admittedly hard to hit) bugs in the ext2 filesystem "readdir()" function. It also cleans up the code to avoid the unnecessary goto mess. The bugs were related to re-valiating the f_pos value after somebody had either done an "lseek()" on the directory to an invalid offset, or when the offset had become invalid due to a file being unlinked in the directory. The code would not only set the f_version too eagerly, it would also not update f_pos appropriately for when the offset fixup took place. When that happened, we'd occasionally subsequently fail the readdir() even when we shouldn't (no real harm done, but an ugly printk, and obviously you would end up not necessarily seeing all entries). Thanks to Masoud Sharbiani <masouds@google.com> who noticed the problem and had a test-case for it, and also fixed up a thinko in the first version of this patch. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Masoud Sharbiani <masouds@google.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:23Z David S. Miller davem@davemloft.net 2006-03-24T06:54:18Z urn:sha1:107d25ba4fcacf8e29bcad240b95fd9ef7314dac The user can pass us arbitrary garbage so we should ensure the string they give us is null terminated before we pass it on to dev_get_by_index() et al. Found by Solar Designer. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:23Z Alexey Kuznetsov kuznet@ms2.inr.ac.ru 2006-03-22T22:34:42Z urn:sha1:739d40fed82810da8e923655c7f8140369641fc7 The problem is in ip_push_pending_frames(), which uses: if (!df) { __ip_select_ident(iph, &rt->u.dst, 0); } else { iph->id = htons(inet->id++); } instead of ip_select_ident(). Right now I think the code is a nonsense. Most likely, I copied it from old ip_build_xmit(), where it was really special, we had to decide whether to generate unique ID when generating the first (well, the last) fragment. In ip_push_pending_frames() it does not make sense, it should use plain ip_select_ident() instead. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:22Z Michael Krufky mkrufky@linuxtv.org 2006-03-21T03:34:58Z urn:sha1:a4ae7ec623c051cb681af82f9d62a821402c6a60 The cx25840 module requires external firmware in order to function, so it must select FW_LOADER, but saa7115 and saa7129 do not require it. Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Cc: Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:22Z Dave Johnson djohnson@sw.starentnetworks.com 2006-03-06T23:42:36Z urn:sha1:1421207ba3fd53f8090f6f337ac7de57015d3a5c Fix handling of cramfs images created by util-linux containing empty regular files. Images created by cramfstools 1.x were ok. Fill out inode contents in cramfs_iget5_set() instead of get_cramfs_inode() to prevent issues if cramfs_iget5_test() is called with I_LOCK|I_NEW still set. Signed-off-by: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com> Cc: Olaf Hering <olh@suse.de> Cc: Chris Mason <mason@suse.com> Cc: Andreas Gruenbacher <agruen@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:22Z Randy Dunlap rdunlap@xenotime.net 2006-03-09T01:43:17Z urn:sha1:8a3a2a3299081913c22f5d0e1ce893b781efe942 A recent change to compat. dev_ifconf() in fs/compat_ioctl.c causes ifconf data to be truncated 1 entry too early when copying it to userspace. The correct amount of data (length) is returned, but the final entry is empty (zero, not filled in). The for-loop 'i' check should use <= to allow the final struct ifreq32 to be copied. I also used the ifconf-corruption program in kernel bugzilla #4746 to make sure that this change does not re-introduce the corruption. Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:21Z David S. Miller davem@davemloft.net 2006-03-07T22:59:23Z urn:sha1:b7bec2ba8b776bc3d122375832105c792a1eda3b The size of the skb carrying the netlink message is not equivalent to the length of the actual netlink message due to padding. ip_queue matches the length of the payload against the original packet size to determine if packet mangling is desired, due to the above wrong assumption arbitary packets may not be mangled depening on their original size. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-28T07:00:21Z Roland Dreier rdreier@cisco.com 2006-03-07T04:23:33Z urn:sha1:2c07f6fae4b06515944c167e8aeb86217c797c03 Just fail abort and reset requests that come in after we've already decided to remove a target. This fixes a nasty crash if a storage target goes away. Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-05T19:07:54Z Chris Wright chrisw@sous-sol.org 2006-03-05T19:07:54Z urn:sha1:f0ad886be1b6b2288cfa100c317dc6e5ceb93fd9