git.osdn.net Git - linux-kernel-docs/linux-2.4.36.git/log

security: insufficient range checks in certain fault handlers

This is the 2.4 version of Nick Piggin's work on 2.6 fault handlers.
This deals with security vulnerability CVE-2008-0007.

Drivers that register a ->nopage handler, that does not range-check its
offset argument, must set VM_DONTEXPAND in the vm_flags to ensure the
offset is within bounds.

Signed-off-by: Willy Tarreau <w@1wt.eu>

i386: fix setCx86/getCx86 race in macros

Because of the way the setCx86 macro is defined, a call to
setCx86(XXXX, getCx86(XXXX)) will produce the wrong output sequence.
This affects at least one place in arch/i386/kernel/setup.c :

/* Enable MMX extensions (App note 108) */
setCx86(CX86_CCR7, getCx86(CX86_CCR7)|1);

A correct solution consists in passing the value argument via a
temporary variable. 2.6 has a different fix using inline functions,
which produce equivalent code though.

Signed-off-by: Willy Tarreau <w@1wt.eu>

2.4: USB: fix DoS in pwc USB video driver

This is a 2.4 backport of a linux-2.6 change by Oliver Neukum.
(commit 85237f202d46d55c1bffe0c5b1aa3ddc0f1dce4d)

CVE-2007-5093 was assigned for this issue.
This backport has been compile-tested only.

Commit log from 2.6 follows.

  the pwc driver has a disconnect method that waits for user space to
  close the device. This opens up an opportunity for a DoS attack,
  blocking the USB subsystem and making khubd's task busy wait in
  kernel space. This patch shifts freeing resources to close if an opened
  device is disconnected.

Signed-off-by: dann frazier <dannf@hp.com>

2.4: [SCSI] aacraid: Fix security hole

This is a 2.4 backport of a linux-2.6 change by Alan Cox.
(commit 60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f)

It has been build-tested only (I don't have the hardware).
CVE-2007-4308 was assigned for this issue.

Commit log from 2.6 follows.

  On the SCSI layer ioctl path there is no implicit permissions check for
  ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
  however allows all sorts of very admin only things to be done so should
  check.

2.4: fix memory corruption from misinterpreted bad_inode_ops return values

This is a 2.4 backport of a linux-2.6 change by Eric Sandeen
(commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)

CVE-2006-5753 was assigned for this issue.

I've built and boot-tested this, but I'm not sure how to exercise
these codepaths.

Commit log from 2.6 follows.

  CVE-2006-5753 is for a case where an inode can be marked bad, switching
  the ops to bad_inode_ops, which are all connected as:

  static int return_EIO(void)
  {
          return -EIO;
  }

  #define EIO_ERROR ((void *) (return_EIO))

  static struct inode_operations bad_inode_ops =
  {
          .create         = bad_inode_create
  ...etc...

  The problem here is that the void cast causes return types to not be
  promoted, and for ops such as listxattr which expect more than 32 bits of
  return value, the 32-bit -EIO is interpreted as a large positive 64-bit
  number, i.e. 0x00000000fffffffa instead of 0xfffffffa.

  This goes particularly badly when the return value is taken as a number of
  bytes to copy into, say, a user's buffer for example...

  I originally had coded up the fix by creating a return_EIO_<TYPE> macro
  for each return type, like this:

  static int return_EIO_int(void)
  {
   return -EIO;
  }
  #define EIO_ERROR_INT ((void *) (return_EIO_int))

  static struct inode_operations bad_inode_ops =
  {
   .create = EIO_ERROR_INT,
  ...etc...

  but Al felt that it was probably better to create an EIO-returner for each
  actual op signature.  Since so few ops share a signature, I just went ahead
  & created an EIO function for each individual file & inode op that returns
  a value.

Signed-off-by: dann frazier <dannf@hp.com>

memory leak when socket is release()d before PPPIOCGCHAN has been called on it

This is a 2.4 backport of a linux-2.6 change by Florian Zumbiehl.
(commit 202a03acf9994076055df40ae093a5c5474ad0bd)

CVE-2007-2525 was assigned for this issue - compile-tested only.

Commit log from 2.6 follows.

  below you find a patch that fixes a memory leak when a PPPoE socket is
  release()d after it has been connect()ed, but before the PPPIOCGCHAN ioctl
  ever has been called on it.

  This is somewhat of a security problem, too, since PPPoE sockets can be
  created by any user, so any user can easily allocate all the machine's
  RAM to non-swappable address space and thus DoS the system.

  Is there any specific reason for PPPoE sockets being available to any
  unprivileged process, BTW? After all, you need a packet socket for the
  discovery stage anyway, so it's unlikely that any unprivileged process
  will ever need to create a PPPoE socket, no? Allocating all session IDs
  for a known AC is a kind of DoS, too, after all - with Juniper ERXes,
  this is really easy, actually, since they don't ever assign session ids
  above 8000 ...

ext2: skip pages past number of blocks in ext2_find_entry

This is a 2.4 backport of a linux-2.6 change by Eric Sandeen
(commit d8adb9cef7e406a9a82881695097c702bc98422f)

CVE-2006-6054 was assigned for this issue, which is easily reproducible in 2.4.
However, this changeset alone does not resolve the issue for 2.4 - two earlier
backports for ext2_readdir() are required.

Commit log from 2.6 follows.

  [PATCH] ext2: skip pages past number of blocks in ext2_find_entry

  This one was pointed out on the MOKB site:
  http://kernelfun.blogspot.com/2006/11/mokb-09-11-2006-linux-26x-ext2checkpage.html

  If a directory's i_size is corrupted, ext2_find_entry() will keep
  processing pages until the i_size is reached, even if there are no more
  blocks associated with the directory inode.  This patch puts in some
  minimal sanity-checking so that we don't keep checking pages (and issuing
  errors) if we know there can be no more data to read, based on the block
  count of the directory inode.

  This is somewhat similar in approach to the ext3 patch I sent earlier this
  year.

Signed-off-by: dann frazier <dannf@hp.com>

avoid semi-infinite loop when mounting bad ext2

This is a 2.4 backport of a linux-2.6 change by Andries Brouwer
(old-2.6-bkcvs commit c279c5343b1796bf1db4c0b4af2c99479a6575fe)

Commit log from 2.6 follows.

  The routine ext2_readdir() will, when reading a directory page
  returns an error, try the next page, without reporting the
  error to user space. That is bad, and the patch below changes that.

  In my case the filesystem was damaged, and ext2_readdir wanted
  to read 60000+ pages and wrote as many error messages to syslog
  ("attempt to access beyond end"), not what one wants.

  [no doubt a similar patch is appropriate for ext3]

Signed-off-by: dann frazier <dannf@hp.com>

ext2_readdir() filp->f_pos fix

This is a 2.4 backport of a linux-2.6 change by Jan Blunck
(old-2.6-bkcvs commit 2196b4744393d4f6c06fc4d63b98556d05b90933)

Commit log from 2.6 follows.

  [PATCH] ext2_readdir() filp->f_pos fix

  If the whole directory is read, ext2_readdir() sets the f_pos to a multiple
  of the page size (because of the conditions of the outer for loop).  This
  sets the wrong f_pos for directory inodes on ext2 partitions with a block
  size differing from the page size.

Signed-off-by: dann frazier <dannf@hp.com>

Do not complain about gcc 4.2 for user-space

Some user-space include compiler.h, so do not disable gcc 4.2
if __KERNEL__ is not defined.

Problem reported and fix confirmed by Gabor Z. Papp :
"
gcc -Wp,-MT,syslinux.o,-MMD,.syslinux.o.d -W -Wall -D_FILE_OFFSET_BITS=64 -g -Os -I. -I.. -I../libinstaller -c -o syslinux.o syslinux.c
In file included from /usr/include/asm/byteorder.h:5,
                 from /usr/include/linux/msdos_fs.h:11,
                 from syslinux.c:51:
/usr/include/linux/compiler.h:45:2: error: #error "GCC >= 4.2 miscompiles kernel 2.4, do not use it!"
/usr/include/linux/compiler.h:46:2: error: #error "While the resulting kernel may boot, you will encounter random bugs"
/usr/include/linux/compiler.h:47:2: error: #error "at runtime. Only versions 2.95.3 to 4.1 are known to work reliably."
/usr/include/linux/compiler.h:48:2: error: #error "To build with another version, for instance 3.3, please do"
/usr/include/linux/compiler.h:49:2: error: #error "   make bzImage CC=gcc-3.3 "
make[1]: *** [syslinux.o] Error 1

After patching compiler.h, compile was fine.
"

Signed-off-by: Willy Tarreau <w@1wt.eu>

Change VERSION to 2.4.36

Change VERSION to 2.4.36-rc1

    - net/ipv4/arp.c: Fix arp reply when sender ip 0
    - fix arch/i386/config.in to be able to boot on 386
    - usb: Move linux-usb-devel
    - GCC >= 4.2 miscompiles the kernel
    - prevent do_brk() from allocating below mmap_min_addr
    - fix build of ia32entry.S on x86_64
    - vfs: coredumping fix
    - isdn: avoid copying overly-long strings
    - prevent SIGCONT from waking up a PTRACED process (CVE-2007-4774)
    - isdn: fix isdn_ioctl memory overrun vulnerability

[PATCH] isdn: fix isdn_ioctl memory overrun vulnerability

Backport of 2.6 commit eafe1aa37e6ec2d56f14732b5240c4dd09f0613a by Karsten Keil

    I4L: fix isdn_ioctl memory overrun vulnerability

    Fix possible memory overrun issue in the isdn ioctl code.

    Found by ADLAB <adlab@venustech.com.cn>

Signed-off-by: Karsten Keil <kkeil@suse.de>
Cc: ADLAB <adlab@venustech.com.cn>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] prevent SIGCONT from waking up a PTRACED process (CVE-2007-4774)

Tavis Ormandy discovered that it was possible to bypass systrace policies
by flooding the ptraced process with SIGCONT signals. The same is possible
with SIGKILL, but obviously the attacker has to finely adjust its target
as it can only shoot once.

This issue was assigned identifier CVE-2007-4774.

The following patch fixes the SIGCONT case and adds some documentation for
authors of monitoring programs such as systrace.

Signed-off-by: Willy Tarreau <w@1wt.eu>
Acked-by: Tavis Ormandy <taviso@sdf.lonestar.org>

[PATCH] isdn: avoid copying overly-long strings

Backport of 2.6 commit 0f13864e5b24d9cbe18d125d41bfa4b726a82e40 by Karsten Keil

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] vfs: coredumping fix

Backport of 2.6 commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af by Ingo Molnar.

fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043

only allow coredumping to the same uid that the coredumping
task runs under.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] fix build of ia32entry.S on x86_64

Krzysztof Strasburger reported the following problem.
Commit 7e6ba255062b79f2cf34590ac0987abb335d29f1 broke build
of arch/x86_64/ia32/ia32entry.S with the following message :

ia32entry.S: Assembler messages:
ia32entry.S:76: Error: Incorrect register `%rax' used with `l' suffix

Solution is simply to replace cmpl with cmpq to fix the register problem.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] fix arch/i386/config.in to be able to boot on 386

I tried to run 2.4 on a really old machine with 386 processor, only to find
that the kernel does not boot, claiming that TSC is needed. It seems that
nobody (except me, of course) uses 386, as the bug in the config
script arch/i386/config.in, leading to CONFIG_X86_TSC enabled for 386,
seems to be very old and never noticed.

[PATCH] prevent do_brk() from allocating below mmap_min_addr

This is the 2.4 equivalent of the following 2.6 patch by Eric Paris :
ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5

Given a specifically crafted binary do_brk() can be used to get low
pages available in userspace virtually memory and can thus be used to
circumvent the mmap_min_addr low memory protection. Add security checks
in do_brk().

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] GCC >= 4.2 miscompiles the kernel

Add a check for GCC >= 4.2 and refuse to use it. It miscompiles
kernel 2.4 in a very nasty way, and it's hard to identify faulty
modules.

[PATCH] net/ipv4/arp.c: Fix arp reply when sender ip 0

Fix arp reply when received arp probe with sender ip 0.

Send arp reply with target ip address 0.0.0.0 and target hardware address
set to hardware address of requester. Previously sent reply with target
ip address and target hardware address set to same as source fields.

Signed-off-by: Jonas Danielsson <the.sator@gmail.com>
Acked-by: Alexey Kuznetov <kuznet@ms2.inr.ac.ru>

usb: Move linux-usb-devel

Update documentation to reflect the new home of linux-usb list.
I did not try to fix any fiction accumulated (except taking over
printer from Vojtech). There is too much, so I only moved the list.

The patch was originally written by Steve Bangert.

Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>

Change VERSION to 2.4.36-pre2

    - x86_64: Make sure to validate all 64bits of ptrace information
    - fix missing MODULE_LICENSE in some drivers
    - fix unresolved symbols on alpha
    - corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)
    - Bridge STP timer fixes
    - sym53c8xx_2 SMP deadlock on driver load
    - ATM: avoid kernel panic upon access to /proc/net/atm/arp
    - PPP: fix crash using usb-serial on high speed devices
    - [OpenPROM]: Fix signedness bug in openprom char driver
    - [OpenPROM]: Fix user-access checking bugs in openpromfs
    - [OpenPROM] Prevent overflow of sprintf buffer
    - [OpenPROM] Prevent unsigned roll-overs in
    - IDE: enable support for JMicron 20363
    - IDE: enable PATA UDMA support for ICH7

[PATCH] IDE: enable PATA UDMA support for ICH7

Hello,

I have ASUS P5LD2-VM mobo with Intel ICH7 PATA IDE. It works only
in PIO mode, so I changed piix driver in 2.4.35 to support UDMA modes -
patch is bellow.

I'm a little bit confused about the specifications of ICH7 PATA, from ASUS
say it is UDMA 100, but from Intel and in 2.6.XX kernel tree it is as UDMA
133. My confusion became stronger and from bios ide SATA/PATA options of
my mobo.

Anyway, the patch works for me and it should work for all mobos with 945
chipset, but need to be tested. If there are any volunteers to apply patch
and test it will be good.

Please report the results and play around with mobo bios SATA/PATA IDE
setings.

Best Regards,
Ivaylo Josifov

[PATCH] IDE: enable support for JMicron 20363

Hello,

I have ASUS P5B-VM DO mobo with JMicron SATA/PATA controler. I write mail
to Alan Cox and he told me that PATA part of JMicron controler can be
pressant as generic ide. So I make some changes to generic ide driver in
kernel 2.4.35 to be support JMicron PATA controler, but I'm not advanced
in C programing and not sure what I did is right. It works for me.

If there are any interes I send you (see bellow) changes.

Best Regards.
Ivaylo Josifov

[PATCH] corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)

From http://projects.info-pull.com/mokb/MOKB-07-11-2006.html :

| The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a
| denial of service (crash) via a malformed filesystem that uses zlib
| compression that triggers memory corruption, as demonstrated using cramfs.

We could reproduce this with 2.4.27, since there aren't any changes to git
for cramfs since initial import this is likely unfixed in 2.4.35 too.
2.6 patch below.

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8bb0269160df2a60764013994d0bc5165406cf4a

| Steve Grubb's fzfuzzer tool (http://people.redhat.com/sgrubb/files/
| fsfuzzer-0.6.tar.gz) generates corrupt Cramfs filesystems which cause
| Cramfs to kernel oops in cramfs_uncompress_block().  The cause of the oops
| is an unchecked corrupted block length field read by cramfs_readpage().
|
| This patch adds a sanity check to cramfs_readpage() which checks that the
| block length field is sensible.  The (PAGE_CACHE_SIZE << 1) size check is
| intentional, even though the uncompressed data is not going to be larger
| than PAGE_CACHE_SIZE, gzip sometimes generates compressed data larger than
| the original source data.  Mkcramfs checks that the compressed size is
| always less than or equal to PAGE_CACHE_SIZE << 1.  Of course Cramfs could
| use the original uncompressed data in this case, but it doesn't.
|
| Signed-off-by: Phillip Lougher <phillip@lougher.org.uk>
| Signed-off-by: Andrew Morton <akpm@osdl.org>
| Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] PPP: fix crash using usb-serial on high speed devices

Problem discussed here and reported and tracked by Gilles Espinasse :
https://sourceforge.net/tracker/index.php?func=detail&aid=1678777&group_id=40604&atid=428519

Patch and description provided by David W Studeman :
"...This patch prevents the kernel from crashing during uploads with
some 3G devices. On my XU870, certain irc rooms would cause my machine
to crash and reboot. This also happened with the Nozomi drivers and
the Option GT Max when uploading torrents. Neither happen anymore with
the ppp_async patched driver."

On linux-ppp, James Cameron confirmed to Gilles that the patch fixes
the hangs problem for him :
http://marc.info/?l=linux-ppp&m=118711617415737&w=2

[PATCH] sym53c8xx_2 SMP deadlock on driver load

This patch fixes two problems with sym53c8xx_2.o in 2.4.x kernels:

1) A system hang when loading sym53c8xx_2.o on a SMP system with two
dual-channel LSI HBAs (http://bugzilla.kernel.org/show_bug.cgi?id=3680)

2) A function improperly marked __init.

Comment from Matthew Wilcox:
" This is a pretty ugly patch, but I think the three alternatives are
  worse:

   - Drop the iorl at the beginning of ->detect and reacquire it at exit.
     We don't know what else the iorl might be protecting.  Probably
     nothing, but I don't want to audit it.
   - Convert sym2 back to old error handling so the midlayer doesn't
     acquire the iorl for us in ->detect.
   - Acquire the iorl in ->release.  We might deadlock on something.

   So, sure, apply this patch. "

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>

[PATCH] fix unresolved symbols on alpha

When compiling the out-of-tree e100 driver, some unresolved symbols
errors happened due to the fact that asm-alpha/pci.h does not include
asm/io.h, contrarily to most other archs.

This trivial patch fixes the problem.

[PATCH] fix missing MODULE_LICENSE in some drivers

I was looking at our installer output (IPCop) and saw
module 3C523 tainting kernel.

Looking at the source (drivers/net/3C523.c) it is gpl
source and it misses then
MODULE_LICENSE("GPL");

Reading that this source '3c523.c' is based on 'ni52.c' a
look inside 'ni52.c' shows the MODULE_LICENSE....
but not inside the correct #ifdef module ..... #endif

Here come fixes for other missing GPL entries in drivers/net
when GPL was indicated somewhere.

[PATCH 4/4] [OpenPROM] Prevent unsigned roll-overs in
property_read/property_write

These overflow fixes were originally submitted to 2.5 by Dave Miller:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=3d69d83b4f8vl6uetYp1vi77lhBJOQ
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=3d6aabcc3jBCcQB6wlZ7s3G9WGPYsg

Signed-off-by: dann frazier <dannf@hp.com>

[PATCH 3/4] [OpenPROM] Prevent overflow of sprintf buffer

This patch fixes a few potential overflows, originally submitted to 2.5 by
Dave Miller:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=3d69d753xoJv6rAeuQzdAcJK6Njncg
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=3d6aabcc3jBCcQB6wlZ7s3G9WGPYsg

Signed-off-by: dann frazier <dannf@hp.com>

[PATCH 2/4] [OpenPROM]: Fix user-access checking bugs in openpromfs

This patch backports a number of user-access checking fixes, originally
submitted to 2.5 by Dave Miller:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=3d686423le0SEotURGfYEbgMpPGKqw

Signed-off-by: dann frazier <dannf@hp.com>

[PATCH 1/4] [OpenPROM]: Fix signedness bug in openprom char driver

CVE-2004-2731 describes two issues in the openprom driver.
The first issue, an integer overflow in copyin_string(), appears to be
fixed in 2.4. The second issue, an overflow in copyin(), is still present.

A description of both issues is here:
http://www.securityfocus.com/archive/1/367575

The user-provided 'bufsize' is checked for being too large, but is not checked
for being negative. This patch avoids this situation by making bufsize
unsigned.

This change has been in 2.6 for a number of years now:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=patch&REV=3d686423le0SEotURGfYEbgMpPGKqw

Signed-off-by: dann frazier <dannf@hp.com>

[PATCH] ATM: avoid kernel panic upon access to /proc/net/atm/arp

Gilles Espinasse reported that if one user tried to read
/proc/net/atm/arp with the atm.o module loaded but without
clip.o, then the kernel would panic.

This is caused by a neighbour table which is NULL when the
CLIP module is not loaded. 2.6 has fixed this by managing
the "arp" entry within clip.o. Here, a less intrusive workaround
consists in returning -EAGAIN to open() if CLIP is not loaded.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] x86_64: Make sure to validate all 64bits of ptrace information

This is CVE-2007-4573, found by Wojciech Purczynski.

Signed-off-by: Andi Kleen <ak@suse.de>

[PATCH] Bridge STP timer fixes

Fix a couple of obvious places in 2.4 code where bridge timers are
set to values < current jiffies. This was a bug (mostly harmless)
that makes timer fires too soon.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>

Change VERSION to 2.4.36-pre1

    - b44: fix force mac address before ifconfig up
    - build fix for lvm with gcc 4
    - fix wdt83627 build breakage with gcc 4.x
    - wdt83627: fix wdt_init() return code
    - module fdomain_cs requires fdomain_setup()
    - do not use gcc's builtin strpbrk
    - fix incorrect use of -fno-unit-at-a-time on GCC >= 4
    - second build fix for some rare buggy versions of GCC 4
    - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
    - i386: do_test_wp_bit() must not be inlined
    - restore -fno-unit-at-a-time on GCC >= 4
    - sysctl to prevent normal processes from mapping NULL

[PATCH] sysctl to prevent normal processes from mapping NULL

After a patch proposal from Solar Designer, and discussions with
Alan Cox and Chris Wright, I modeled this patch which permits to
restrict mapping of lower virtual addresses to CAP_RAW_IO capable
processes only.

This makes it harder for processes to try to exploit NULL pointer
dereference bugs in the kernel.

In order to ease transition from 2.4 to 2.6, the patch has also
been inspired by Eric Paris's patch now present in 2.6, which
adds the sys/vm/mmap_min_addr sysctl by which the lowest mappable
address is set. This sysctl defaults to zero, meaning NULL is
allowed by default.

According to test ran by Solar Designer, both Xorg and Wine run
correctly as a normal user with the restriction enabled. There
should be very few regressions when enabling it, and it is
recommended to enable it on servers after the obviously needed
validation.

Alan points that some rare programs use a trick consisting in
mapping this page in order to reduce the number of NULL checks
in linked lists for instance.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] restore -fno-unit-at-a-time on GCC >= 4

-fno-unit-at-a-time was removed for gcc >= 4 in order to
support gcc 4.2. Unfortunately, this caused nasty problems
in many modules which had some of their read-only parameters
optimized away.

So we have to restore -fno-unit-at-a-time for the moment.
This will break gcc 4.2 again, and another solution will be
needed in order to support it. Note that -fno-unit-at-a-time
may not be supported in future versions of gcc.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] i386: do_test_wp_bit() must not be inlined

do_test_wp_bit() has a comment stating that it must not be inlined.
Unfortunately, the trick to prevent it from being inlined is not
reliable under gcc 4.x.

The simple fix consists in specifying the noinline attribute.
Tested and confirmed to produce the correct code for gcc versions
2.95.3, 3.3.6, 3.4.6, 4.0.2, 4.1.1 and 4.2.1.

Special thanks to Axel Reinhold and Richard Kojedzinszky for their
continuous feedback when trying to solve this issue.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG

Fix the "parent process death signal" vulnerability in the Linux kernel
discovered by Wojciech Purczynski of COSEINC PTE Ltd. and iSEC Security
Research (CVE-2007-3848).

To sum up, any local user could manage to start a setuid program then
send it an arbitrary signal while it is running, by first setting the
PR_SET_PDEATHSIG argument of the prctl() system call, and then running
another setuid program from the parent process. This is something the
user is normally supposed to be able to do only as long as the setuid
program has not completely switched its UID.

Depending on the installed setuid programs, this may lead to either a
denial of service or even to a privilege escalation, so this issue is
very distribution specific.

For more information regarding this issue, please refer to the original
advisory :

http://www.isec.pl/vulnerabilities/isec-0024-death-signal.txt

The following fix has been provided by Solar Designer and is already
part of the latest Openwall kernel.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] second build fix for some rare buggy versions of GCC 4

Last gcc4 fix 78bf0892b4008a0011f7af916460bc59103acd0a uncoverred a known
bug which appeared in gcc between 4.1 and 4.2.0 and which makes it ignore
the first -fno-builtin-xxx when more than one of those params is passed.
This resulted in the kernel not building with some versions such as
gcc version 4.1.2 20061115 (prerelease) as shipped by Debian as version
4.1.1-21.

Since those versions do not need -fno-builtin-strpbrk, set this option
first so that it doesn't matter wether it's ignored. This fix was confirmed
by Richard Kojedzinszky. So with this fix, we know the kernel builds on x86
with gcc-4.1.1 (already did), 4.1.2-20061115, and 4.2.1.

Reference to the thread discussing this bug on gcc-ml :

http://gcc.gnu.org/ml/gcc-bugs/2006-07/msg01514.html

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] fix incorrect use of -fno-unit-at-a-time on GCC >= 4

Axel Reinhold reported wrong code being emitted for arch/i386/kernel/i8259.c
using gcc-4.2, while the same code with gcc-4.1 was valid. The problem was
tracked down to gcc-4.2 messing up with sections with this option which is
already deprecated for gcc 4.x, and the asm statements were incorrectly
assigned to section .data. It was also possible to trick gcc-4.1 into the
same error by simply declaring an array before any asm statement.

The correct fix is to remove -fno-unit-at-a-time with gcc >= 4, which is
also what has been done in 2.6. In anticipation of such other problems with
gcc 4.x, a new function "if_gcc4" has been added to the main Makefile.

Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] do not use gcc's builtin strpbrk

Some drivers rely on strpbrk and complain about a lack of strchr().
This is caused by gcc's builtin strpbrk which must be disabled.

[PATCH] module fdomain_cs requires fdomain_setup()

The function which was called was once declared static
and once extern. Also, the arguments were messed up. That
one must not have worked for a long time.

[PATCH] wdt83627: fix wdt_init() return code

wdt_init() could return an uninitialized value if it
could not create a /proc entry.

[PATCH] fix wdt83627 build breakage with gcc 4.x

gcc 4 complains about a function declared static after
being used.

[PATCH] b44: fix force mac address before ifconfig up

Hi Willy,
I discovered that a bug in the Broadcom driver that has been fixed in the 2.6
tree is still present in 2.4 (up to 2.4.35). In our case it resulted in a
complete system crash when starting the net-snmp daemon (not even a kernel
panic is seen; the system is just gone).

The patch is rather trivial, here's the link to the patch from the netdev
tree:

http://git.kernel.org/?p=linux/kernel/git/jgarzik/netdev-2.6.git;a=commit;h=5c5131297db57b501f371ab53c40343eac6f2af7

It applies cleanly to 2.4.35 (with fuzz offset, of course :-)

Bye,
Marc

--
Marc Haisenko
Comdasys AG

---- patch below ----

From: Gary Zambrano <zambrano@broadcom.com>
Date: Wed, 29 Mar 2006 22:12:05 -0500
Subject: b44: fix force mac address before ifconfig up

Initializing the b44 MAC & PCI functional blocks in the controller must
occur inside init_one(). This will allow access to the MAC registers.
The controller was being powered up in b44_open() which would not allow
access to the registers before ifconfig was up.
Philip Kohlbecher found this bug.

Signed-off-by: Gary Zambrano <zambrano@broadcom.com>

[PATCH] build fix for lvm with gcc 4

Reported by Marco Gatti :

I decided to upgrade from 2.4.34 to 2.4.35 in one of my servers but i
encountered a compile problem:

lvm.c:397: error: static declaration of 'vg_count' follows non-static
declaration
lvm-internal.h:48: error: previous declaration of 'vg_count' was here

I know this was an already fixed bug but now it seems to come out again
compiling 2.4.35 vanilla with gcc version 4.1.3 20070629 (prerelease) (Debian
4.1.2-13). 2.4.34.6 vanilla compiled fine.

Simple fix below tested and confirmed by Marco.

Change VERSION to 2.4.35

Change VERSION to 2.4.35-rc1

    - 2.4.34 - VIA VT8237A support
    - Add some AHCI PCI IDs
    - notsc support for x86_64
    - Fix divide by 0 in vegas_cong_avoid()
    - random device reseed bugfix, possibly security problem
    - SATA update: add ICH8 PCI IDs
    - Documentations/SubmittingPatches was outdated

[PATCH] Documentations/SubmittingPatches was outdated

Li Yang <leo@zh-kernel.org> proposed a patch to update
SubmittingPatches in 2.6, and looking at 2.4's state, it
was clearly outdated. I just updated to the 2.6 version
without the section about power management.

[PATCH] Add some AHCI PCI IDs

This patch adds support for some chipsets in AHCI driver.
The list comes from a patch for redhat kernel 2.6.9-34.
I only tested ICH8.

Ciao,
Filippo

[PATCH] 2.4.34 - VIA VT8237A support

This patch adds support for VIA VT8237A.
It enables DMA on IDE and it makes sata drives work.
Tested on an Asus VINTAGE V2-P5V90.

Ciao,
Filippo

[PATCH] SATA update: add ICH8 PCI IDs

I have patched 2.4.34 with the following patch to allow the use of
SATA drive on an ICH8 motherboard. This works fine for the disk but
this does not work for the SATA CDROM. There is no PATA controller
on the motherboard (Dell OptiPlex 745). There is no change when
disabling ATA/IDE support. With an ICH7 controller, CDROM is not
working either.

[PATCH] Fix divide by 0 in vegas_cong_avoid()

Hi,

I had a divide by zero on kernel 2.4.33 running with Vegas enabled.
What happens is that vegas_rtt_calc() gets rtt as -1, so when it adds
1 the rtt is set to zero.
It seems that the -1 came from tcp_clean_rtx_queue() so I made this
small patch to fix the problem. I think it is also relevant to 2.6.

Don't perform congestion avoidance on packets that we didn't calculate
there RTT, as this may result in a divide by zero later on.

Signed-off-by: Lior Dotan <liodot@gmail.com>

[PATCH] random device reseed bugfix, possibly security problem

hello,

recently while trying to figure out something i ran across
some code in drivers/char/random.c:xfer_secondary_pool() which
looked wrong and further investigation of history confirmed
it as well.

the problem is that xfer_secondary_pool() used to use a local
buffer in the past that was used during the reseed operation
however when this buffer was moved out to the caller site, the
sizeof(tmp) code wasn't properly adjusted, therefore the sizeof
now operates on a pointer type (vs. array) and gives the wrong
result.

in this case it means that when the code thinks it reseeds the
entire buffer (0x154 bytes on i386/sha1), it only reseeds
sizeof(ptr), 4 bytes on i386.

since all this 'catastrophic reseeding' has something to do with
some (maybe theoretical) attack (i'm not a crypto guy to tell ;),
i can imagine that this error has some security consequences,
please treat it as such until confirmed otherwise.

the commit that introduced the bug:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=1.889.325.12

the attached fix has been in PaX/grsecurity for a few weeks now
and seems to work.

2.6 doesn't have this bug as the buffer in question is again
local to the function that uses sizeof on it (i haven't checked
when it was fixed).

[PATCH] notsc support for x86_64

This patch deals with a problem with unsynced TSCs on dual core Athlon 64.
The time goes sometimes backwards with TSC based gettimeofday(), while the
dummy routine gives time resolution of 10 milliseconds, which is too coarse
for some applications. There are no HPET timers on the mainboard, so I ported
the good old gettimeoffset_slow routine from arch/i386. It seems to work and
gives nice time resolution of about 5 microseconds.

In order to use this code, one will have to specify the "notsc" option on
the kernel command line, just as on x86.

Kernel 2.6 does not need this code as it uses different techniques to
workaround the unsynced TSCs.

Change VERSION to 2.4.35-pre5

    - fix 'pc_keyb: controller jammed (0xA7)' error on systems with KVM
    - do not mark init_idle() __init
    - Bluetooth: correct fix for CVE-2007-1353
    - [BACKPORT] Bluetooth: Fix NULL pointer dereference in HCI line discipline
    - [BACKPORT] Bluetooth: Fix unintentional fall-through in HCI line discipline
    - lvm: update to latest fixes from the LVM package
    - lvm: do not update extent count if snapshot allocation fails

[PATCH] lvm: do not update extent count if snapshot allocation fails

Fix from RHEL3 U8, explained by Heinz Mauelshagen :

That change makes sure that the extent count *only* gets updated in
case the allocation of the snapshot succeeds. Like you said: proper
error path handling.

[PATCH] lvm: update to latest fixes from the LVM package

greg@enjellic.com suggested to apply the recommended patches from
the LVM package, as every LVM user will have to generate them and
apply them anyway. Heinz Mauelshagen agreed, except for the list_del
chunk in the snapshot code which was identified as responsible for
oopses encountered in RHEL3.

Now with this patch in 2.4, it should be safe(r) to not apply the
LVM patches anymore.

[BACKPORT] Bluetooth: Fix unintentional fall-through in HCI line discipline

Backport from this 2.6 patch :

A trivial fix to (what looks like) an unintentional fall-through in the
HCI line discipline.

Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[BACKPORT] Bluetooth: Fix NULL pointer dereference in HCI line discipline

Backport from this 2.6 patch :

Normally a serial Bluetooth device is opened, TIOSETD'ed to N_HCI line
discipline, HCIUARTSETPROTO'ed and finally closed. In case the device
fails to HCIUARTSETPROTO, closing it produces a NULL pointer dereference.

Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[PATCH] Bluetooth: correct fix for CVE-2007-1353

Marcel Holtmann notified me that my previous fix for CVE-2007-1353
was wrong because of a stupid memcpy() with unchecked length, which
indeed made it worse than the original bug. Next time I'll be more
careful with copy-pasting !

[PATCH] do not mark init_idle() __init

Zbigniew Baniewski reported a panic at boot when using
CONFIG_BLK_DEV_IDEDISK=m. The code crashed when calling init_idle().

PaX Team brought to my attention that init_idle() is marked __init,
and is called from cpu_idle() (which is not) itself called from
rest_init() (which is not either), on top of which there is a big
shiny comment :

* We need to finalize in a non-__init function or else race conditions
* between the root thread and the init thread may cause start_kernel to
* be reaped by free_initmem before the root thread has proceeded to
* cpu_idle.

Indeed. Simply removing __init from init_idle fixed the panic.

[PATCH 2.4.35-pre4] fix 'pc_keyb: controller jammed (0xA7)' error on systems with KVM

Ive had a few requests for this patch, so Im posting it against
linux-2.4.35-pre4 kernel.

Various hardware (IBM BladeCenter, Sun Fire servers, and many other
bladeserver systems)
have an integrated KVM or console switch.  The keyboard type on these
systems is often USB,
and the hardware usually does not have a legacy PS/2 console keyboard.
The 2.4 kernel always tries to
initialize the keyboard controller by default, and on systems without
such a keyboard present
at boot you get the following errors spewed to the logs:

Jun  3 10:21:06 sbknpwaq3 kernel: pc_keyb: controller jammed (0xA7).
Jun  3 10:21:08 sbknpwaq3 last message repeated 249 times
Jun  3 10:21:08 sbknpwaq3 kernel: Keyboard timed out[1]
Jun  3 10:21:08 sbknpwaq3 kernel: pc_keyb: controller jammed (0xA7).
Jun  3 10:21:08 sbknpwaq3 last message repeated 249 times
Jun  3 10:21:08 sbknpwaq3 kernel: Keyboard timed out[1]

This patch allows the kernel to skip the keyboard controller init so the
kernel does not try to initialize, fail
and spew errors when no keyboard is attached. This can also be used for
various systems without a traditional
console keyboard present at boot (includes USB or IrDA keyboard too and
systems connected to KVM's).
Ive provided the dmi_scan magic in this parch for the IBM BladeCenter,
but on other hardware, use the "nokeyb"
kernel-param at boot to skip the initialization.

Tested on IBM BladeCenter, and Sun Fire.

Signed-off-by: Brian Maly <bmaly@redhat>
Regards, Brian

Documentation/kernel-parameters.txt |    4 ++++
arch/i386/kernel/dmi_scan.c         |   24 ++++++++++++++++++++++++
drivers/char/pc_keyb.c              |   15 +++++++++++----
3 files changed, 39 insertions(+), 4 deletions(-)

Change VERSION to 2.4.35-pre4

- recent patch to fib_semantics broke build

[PATCH] recent patch to fib_semantics broke build

Fix label name.

Change VERSION to v2.4.35-pre3

    - init/main.c: remove comment that gcc 4 was not supported
    - Linux 2.4.x MTD CFI P30/P33 support
    - 2.6 backport of Watchdog wdt83627 (Winbond W83627HF/F/HG/G) driver
    - Watchdog w83977ef (Winbond W83977EF) driver
    - [DECNet] fib: Fix out of bound access of dn_fib_props[]
    - [IPv4] fib: Fix out of bound access of fib_props[]
    - [PPP]: Don't leak an sk_buff on interface destruction.
    - Fix TCP receiver side SWS handling
    - [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)

[PATCH] Watchdog w83977ef (Winbond W83977EF) driver

This driver has been derived from Netwinder's in order not to
modify it. Tested and working on AAEON GENE-6310B Subcompact
Board (also configured for same by default, should work elsewhere)
patch is against kernel 2.4.34.2

Changes/Features:

- Added ioctl support
- Disables watchdog on driver load
- Supports timeout in seconds
- Timeout defaults to 2 minutes
- No longer under NetWinder arch
- Configurable output GP (defaults to GP16)
- Configurable base IO address
- Non standard read only proc interface for status (/proc/watchdog)

Caveats:

- Only tested with GP16
- Utterly ignores inability to get its IO port, mostly because it's
already taken. I didn't know a way around that.
- release_region is called regardless of having acquired the region,
this might be trouble.

[PATCH] 2.6 backport of Watchdog wdt83627 (Winbond W83627HF/F/HG/G) driver

Tested and working on Kontron JREX-PM.
Fairly straightforward backport of w83627hf_wdt.c from 2.6.20.1

Changes from 2.6 version
- Default timeout set to 120 seconds
- Nonstandard read only proc interface (/proc/watchdog)
- Always reset timer on driver load
- Changed timeout limit to 255
- Ignores failure to acquire IO port

Caveats:
- Ignores failure to acquire IO port since it is always taken, there's
probably a better way around that.
- Releases IO port regardless of having acquired it.

[Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)

Problem reported by Ilja van Sprundel. Assigned CVE-2007-1353.
Fix below from Marcel Holtmann, backported to 2.4.

The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

[PATCH] Fix TCP receiver side SWS handling

Problem reported, analyzed and initially fixed by Alex Sidorenko.
Definitive fix by John Heffner, confirmed by Alex.

Analysis below :

this is a rare corner case met by one of HP partners on 2.4.20 on IA64.
Inspecting the sources of the latest 2.6.20.1 (net/ipv4/tcp_output.c) we can
see that the bug is still there.

Here is a description of the bug and the suggested fix.

The problem occurs when the remote host (not necessarily Linux - in our case
it was Solaris) does not implement SWS avoidance on sender side. If Linux
connection socket has rcvbuf<mtu, we can potentially advertise small rcv_wnd
for a long time (SWS).

The problem is due to SWS avoidance as implemented in __tcp_select_window().
Everything works fine when rcvbuf > mtu. But if we use small rcvbuf (set by
SO_RCVBUF), we can go into SWS mode.

[...]

If there is no SWS avoidance on sender side, we can see Linux advertising the
same small rcv_wnd over and over again. The problem here is that we never
advertise one-half the receiver's buffer space as described e.g. in

"TCP/IP Illustrated" by Stevens (v.1, Chapter 22.3):

"The normal algorithm is for the receiver not to advertise a larger window
than it is currently advertising (which can be 0) until the window can be
increased by either one full-sized segment (i.e. the MSS being received) or by
one-half the receiver's buffer space, whichever is smaller"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The fix.
--------

We have not been able to reproduce the problem inside HP as it is unclear what
conditions are needed to bring system into SWS mode (this needs very special
event timing). HP customer was seeing it every 2-3 days while running a
custom application (Solaris<->Linux) that was running with low priority on a
busy host running other custom applications with SCHED_RR. After going into
SWS mode, his application stayed in it until restarted.

[PPP]: Don't leak an sk_buff on interface destruction.

Initial 2.6 patch :
Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Acked-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[IPv4] fib: Fix out of bound access of fib_props[]

Backported from 2.6. Bug found and fixed by Thomas Graf :

Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

[DECNet] fib: Fix out of bound access of dn_fib_props[]

Backported from 2.6. Found and fixed from Thomas Graf :

Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

Signed-off-by: Thomas Graf <tgraf@suug.ch>

[PATCH] Linux 2.4.x MTD CFI P30/P33 support

The following patch adds support of P30 and P33 NOR FLASH support in
Linux 2.4
This flash is substitution of J3 flash which is widely used it on Linux
2.4 kernels. Currently many customers wishing to substitute J3 for P3x
face issues on Linux 2.4. This patch resolves issues with P3x on all
generic Linux kernels versions since 2.4.21.

The patch just allows using minor version "4" in CFI driver. Since
differences between CFI minor version "3" and minor version "4" are
small the CFI driver is not affected by this. Patch has been verified on
Mainstone (PXA27x based) platform.

Signed-off-by: Alexey Korolev <alexey.korolev@intel.com>

[PATCH] init/main.c: remove comment that gcc 4 was not supported

When the #error was removed, the comment was forgotten.

Signed-off-by: Adrian Bunk <bunk@stusta.de>

Change VERSION to v2.4.35-pre2

    - fix channel balance on TV cards with LG head
    - fix build of serial with DEBUG enabled
    - usb-storage: backport unusual_devs from 2.6.20
    - usb-storage: HP-FDC-GOLD need US_FL_SINGLE_LUN
    - make it possible to compile x86_64 without VT support
    - add nforce-MCP55 chipset ID
    - restore ability to set disk geometry on command line
    - parenthesis fixes
    - usb 2.4: Support high-speed HID
    - IPV6: ipv6_fl_socklist is inadvertently shared.

[PATCH] IPV6: ipv6_fl_socklist is inadvertently shared.

Backport from 2.6. Original patch from Masayuki Nakagawa, with
his description below :

"
The ipv6_fl_socklist from listening socket is inadvertently shared
with new socket created for connection. This leads to a variety of
interesting, but fatal, bugs. For example, removing one of the
sockets may lead to the other socket's encountering a page fault
when the now freed list is referenced.

The fix is to not share the flow label list with the new socket.
"

original patch:
Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Signed-off-by: Willy Tarreau <w@1wt.eu>

[PATCH] remove excess parenthesis in video/cyberfb

My previous fix was wrong, the parenthesis remained unbalanced.

[PATCH] restore ability to set disk geometry on command line

The second patch is a two-liner, which adds (restores?) the possibility to
specify your own disk geometry in the kernel command line. Default values
of 255 heads and 63 sectors can be nonoptimal, i.e. a small part of the
disk remains unused.

BTW sometimes it is desirable to set a specific geometry on small devices
such as flash disks.

[PATCH] add nforce-MCP55 chipset ID

This patch contains a backport of NFORCE-MCP55 chipset driver from 2.6.
In fact, the code was already there and it was sufficient to identify this
chipset.

[PATCH] make it possible to compile x86_64 without VT support

Add #ifdef CONFIG_VT where appropriate so that we can build the kernel
without VT support on x86_64.

[PATCH] fix missing parenthesis in unused macro in ip_nat_standalone

The bug found by Mariusz Kozlowski affects an unused macro. However,
I prefer to fix the macro than removing it because external patches
might be relying on it.

[PATCH] add missing parenthesis in video/cyberfb

The bug found by Mariusz Kozlowski affects an unused macro. However,
I prefer to fix the macro than removing it because external patches
might be relying on it.

[PATCH] ia64 kernel entry fix

Mariusz Kozlowski sent me this patch :
   I noticed some parenthesis thing here but I'd be glad if anyone would
   confirm thath the patch below is correct. This code looks magic to me ;-)

No replies. A quick look at 2.6 shows the code was fixed by removing the
excessive parenthesis and not adding any semi-colon.

Original patch sign-off :
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
arch/ia64/kernel/entry.h |    2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

[PATCH] reiserfs parenthesis fix

Hello,

This patch fixes parenthesis in B_PRIGHT_DELIM_KEY() macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/linux/reiserfs_fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] byteorder swab parenthesis fix

Hello,

This patch fixes byteorder swab 24 macro parenthesis.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/linux/byteorder/swab.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] sparc64 dma parenthesis fixes

Hello,

This patch fixes some sparc64 dma macros.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-sparc64/dma.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

[PATCH] ppc ppc4xx_dma parenthesis fix

Hello,

This patch adds missing parenthesis in DMA_DEC macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-ppc/ppc4xx_dma.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] ppc m48t35 parenthesis fix

Hello,

This patch adds missing parenthesis.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-ppc/m48t35.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] parisc pdc parenthesis fix

Hello,

This patch fixes removes an extra parenthesis in PAT_GET_MOD_PAGES() macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-parisc/pdc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] mips64 klconfig parenthesis fix

Hello,

This patch fixes parenthesis stuff in PTR_CH_MALLOC_HDR() macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-mips64/sn/klconfig.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] mips/mips64 mv64340 parenthesis fixes

Hello,

This patch fixes parenthesis mv64340 stuff in both mips and mips64 code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-mips/mv64340.h | 2 +-
include/asm-mips64/mv64340.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

[PATCH] arm sa1100 parenthesis fix

Hello,

This patch fixes parenthesis stuff.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
include/asm-arm/arch-sa1100/SA-1101.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

[PATCH] fs ufs macro parenthesis fix

Hello,

This patch fixes parenthesis stuff in ubh_get_addr16() macro code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
fs/ufs/util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] video sis parenthesis fix

Hello,

This patch removes an extra parenthesis in SetOEMLCDData() code.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
drivers/video/sis/init301.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] video pm3fb parenthesis fix

Hello,

This patch fixes parenthesis stuff.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
drivers/video/pm3fb.h | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)