<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/pci, branch linux-2.6.26.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Check mapped ranges on sysfs resource files</title>
<updated>2008-10-22T21:13:27+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2008-10-15T22:09:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fe2615638c671468e28b15d5e15f9b594b1fa23c'/>
<id>fe2615638c671468e28b15d5e15f9b594b1fa23c</id>
<content type='text'>
commit b5ff7df3df9efab511244d5a299fce706c71af48 upstream

Check mapped ranges on sysfs resource files

This is loosely based on a patch by Jesse Barnes to check the user-space
PCI mappings though the sysfs interfaces.  Quoting Jesse's original
explanation:

  It's fairly common for applications to map PCI resources through sysfs.
  However, with the current implementation, it's possible for an application
  to map far more than the range corresponding to the resourceN file it
  opened.  This patch plugs that hole by checking the range at mmap time,
  similar to what is done on platforms like sparc64 in their lower level
  PCI remapping routines.

  It was initially put together to help debug the e1000e NVRAM corruption
  problem, since we initially thought an X driver might be walking past the
  end of one of its mappings and clobbering the NVRAM.  It now looks like
  that's not the case, but doing the check is still important for obvious
  reasons.

and this version of the patch differs in that it uses a helper function
to clarify the code, and does all the checks in pages (instead of bytes)
in order to avoid overflows when doing "&lt;&lt; PAGE_SHIFT" etc.

[cebbert@redhat.com: backport, changing WARN() to printk()]

Acked-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit b5ff7df3df9efab511244d5a299fce706c71af48 upstream

Check mapped ranges on sysfs resource files

This is loosely based on a patch by Jesse Barnes to check the user-space
PCI mappings though the sysfs interfaces.  Quoting Jesse's original
explanation:

  It's fairly common for applications to map PCI resources through sysfs.
  However, with the current implementation, it's possible for an application
  to map far more than the range corresponding to the resourceN file it
  opened.  This patch plugs that hole by checking the range at mmap time,
  similar to what is done on platforms like sparc64 in their lower level
  PCI remapping routines.

  It was initially put together to help debug the e1000e NVRAM corruption
  problem, since we initially thought an X driver might be walking past the
  end of one of its mappings and clobbering the NVRAM.  It now looks like
  that's not the case, but doing the check is still important for obvious
  reasons.

and this version of the patch differs in that it uses a helper function
to clarify the code, and does all the checks in pages (instead of bytes)
in order to avoid overflows when doing "&lt;&lt; PAGE_SHIFT" etc.

[cebbert@redhat.com: backport, changing WARN() to printk()]

Acked-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: disable ASPM on pre-1.1 PCIe devices</title>
<updated>2008-10-22T21:13:25+00:00</updated>
<author>
<name>Shaohua Li</name>
<email>shaohua.li@intel.com</email>
</author>
<published>2008-10-13T23:39:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7a69c701bd95e1dc0eaf7e4008e5fd409ac7e042'/>
<id>7a69c701bd95e1dc0eaf7e4008e5fd409ac7e042</id>
<content type='text'>
commit 149e16372a2066c5474d8a8db9b252afd57eb427 upstream

Disable ASPM on pre-1.1 PCIe devices, as many of them don't implement it
correctly.

Tested-by: Jack Howarth &lt;howarth@bromo.msbb.uc.edu&gt;
Signed-off-by: Shaohua Li &lt;shaohua.li@intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 149e16372a2066c5474d8a8db9b252afd57eb427 upstream

Disable ASPM on pre-1.1 PCIe devices, as many of them don't implement it
correctly.

Tested-by: Jack Howarth &lt;howarth@bromo.msbb.uc.edu&gt;
Signed-off-by: Shaohua Li &lt;shaohua.li@intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: disable ASPM per ACPI FADT setting</title>
<updated>2008-10-22T21:13:24+00:00</updated>
<author>
<name>Shaohua Li</name>
<email>shaohua.li@intel.com</email>
</author>
<published>2008-10-13T23:38:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7a17866e8cc637a5ffb91266e3b551ae3c95b40a'/>
<id>7a17866e8cc637a5ffb91266e3b551ae3c95b40a</id>
<content type='text'>
commit 5fde244d39b88625ac578d83e6625138714de031 upstream

The ACPI FADT table includes an ASPM control bit. If the bit is set, do
not enable ASPM since it may indicate that the platform doesn't actually
support the feature.

Tested-by: Jack Howarth &lt;howarth@bromo.msbb.uc.edu&gt;
Signed-off-by: Shaohua Li &lt;shaohua.li@intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5fde244d39b88625ac578d83e6625138714de031 upstream

The ACPI FADT table includes an ASPM control bit. If the bit is set, do
not enable ASPM since it may indicate that the platform doesn't actually
support the feature.

Tested-by: Jack Howarth &lt;howarth@bromo.msbb.uc.edu&gt;
Signed-off-by: Shaohua Li &lt;shaohua.li@intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Cc: Chuck Ebbert &lt;cebbert@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: fix reference leak in pci_get_dev_by_id()</title>
<updated>2008-09-08T11:44:15+00:00</updated>
<author>
<name>Greg Kroah-Hartman</name>
<email>gregkh@suse.de</email>
</author>
<published>2008-08-25T20:05:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=045eff1504ce63a080b79f931ec3d8e136fb65cd'/>
<id>045eff1504ce63a080b79f931ec3d8e136fb65cd</id>
<content type='text'>
commit ebca4f1bce1eb7b91a63c515db66316db9391221 upstream

Alex Chiang and Matthew Wilcox pointed out that pci_get_dev_by_id() does
not properly decrement the reference on the from pointer if it is
present, like the documentation for the function states it will.

It fixes a pretty bad leak in the hotplug core (we were leaking an
entire struct pci_dev for each function of each offlined card, the first
time around; subsequent onlines/offlines were ok).

Cc: Matthew Wilcox &lt;matthew@wil.cx&gt;
Tested-by: Alex Chiang &lt;achiang@hp.com&gt;
Acked-by: Alex Chiang &lt;achiang@hp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ebca4f1bce1eb7b91a63c515db66316db9391221 upstream

Alex Chiang and Matthew Wilcox pointed out that pci_get_dev_by_id() does
not properly decrement the reference on the from pointer if it is
present, like the documentation for the function states it will.

It fixes a pretty bad leak in the hotplug core (we were leaking an
entire struct pci_dev for each function of each offlined card, the first
time around; subsequent onlines/offlines were ok).

Cc: Matthew Wilcox &lt;matthew@wil.cx&gt;
Tested-by: Alex Chiang &lt;achiang@hp.com&gt;
Acked-by: Alex Chiang &lt;achiang@hp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: Limit VPD length for Broadcom 5708S</title>
<updated>2008-08-20T18:05:14+00:00</updated>
<author>
<name>Dean Hildebrand</name>
<email>seattleplus@gmail.com</email>
</author>
<published>2008-08-08T00:31:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f8e6fcea9210eb5e2221643336f74ef007aab498'/>
<id>f8e6fcea9210eb5e2221643336f74ef007aab498</id>
<content type='text'>
commit 35405f256de924be56ea5edaca4cdc627f1bb0f8 upstream

BCM5706S wont work correctly unless VPD length truncated to 128

Signed-off-by: Dean Hildebrand &lt;dhildeb@us.ibm.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 35405f256de924be56ea5edaca4cdc627f1bb0f8 upstream

BCM5706S wont work correctly unless VPD length truncated to 128

Signed-off-by: Dean Hildebrand &lt;dhildeb@us.ibm.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>pci: VT3336 can't do MSI either</title>
<updated>2008-07-04T17:40:05+00:00</updated>
<author>
<name>Tejun Heo</name>
<email>tj@kernel.org</email>
</author>
<published>2008-07-04T16:59:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=66d715c95a39e84cd25204a665915621457d9691'/>
<id>66d715c95a39e84cd25204a665915621457d9691</id>
<content type='text'>
It seems VT3336 can't do msi either as with its bro 3351.  Disable it.
Reported in the following SUSE bug.

  https://bugzilla.novell.com/show_bug.cgi?id=300001

Signed-off-by: Tejun Heo &lt;tj@kernel.org&gt;
Acked-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It seems VT3336 can't do msi either as with its bro 3351.  Disable it.
Reported in the following SUSE bug.

  https://bugzilla.novell.com/show_bug.cgi?id=300001

Signed-off-by: Tejun Heo &lt;tj@kernel.org&gt;
Acked-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: acpiphp: cleanup notify handler on all root bridges</title>
<updated>2008-07-02T18:27:30+00:00</updated>
<author>
<name>Alex Chiang</name>
<email>achiang@hp.com</email>
</author>
<published>2008-07-02T02:02:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a13307cef8bf51990ef1d525b1cbdcc2cfe07e2a'/>
<id>a13307cef8bf51990ef1d525b1cbdcc2cfe07e2a</id>
<content type='text'>
During the development of the physical PCI slot patch series, Gary Hade
kept on reporting strange oopses due to interactions between pci_slot
and acpiphp.

	http://lkml.org/lkml/2007/11/28/319

find_root_bridges() unconditionally installs
handle_hotplug_event_bridge() as an ACPI_SYSTEM_NOTIFY handler for all
root bridges.

However, during module cleanup, remove_bridge() will only remove the
notify handler iff the root bridge had a hot-pluggable slot directly
underneath. That is:

	root bridge -&gt; hotplug slot

But, if the topology looks like either of the following:

	root bridge -&gt; non-hotplug slot
	root bridge -&gt; p2p bridge -&gt; hotplug slot

Then we currently do not remove the notify handler from that root
bridge.

This can cause a kernel oops if we modprobe acpiphp later and it gets
loaded somewhere else in memory. If the root bridge then receives a
hotplug event, it will then attempt to call a stale, non-existent notify
handler and we blow up.

Much thanks goes to Gary Hade for his persistent debugging efforts.

Signed-off-by: Alex Chiang &lt;achiang@hp.com&gt;
Signed-off-by: Gary Hade &lt;garyhade@us.ibm.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
During the development of the physical PCI slot patch series, Gary Hade
kept on reporting strange oopses due to interactions between pci_slot
and acpiphp.

	http://lkml.org/lkml/2007/11/28/319

find_root_bridges() unconditionally installs
handle_hotplug_event_bridge() as an ACPI_SYSTEM_NOTIFY handler for all
root bridges.

However, during module cleanup, remove_bridge() will only remove the
notify handler iff the root bridge had a hot-pluggable slot directly
underneath. That is:

	root bridge -&gt; hotplug slot

But, if the topology looks like either of the following:

	root bridge -&gt; non-hotplug slot
	root bridge -&gt; p2p bridge -&gt; hotplug slot

Then we currently do not remove the notify handler from that root
bridge.

This can cause a kernel oops if we modprobe acpiphp later and it gets
loaded somewhere else in memory. If the root bridge then receives a
hotplug event, it will then attempt to call a stale, non-existent notify
handler and we blow up.

Much thanks goes to Gary Hade for his persistent debugging efforts.

Signed-off-by: Alex Chiang &lt;achiang@hp.com&gt;
Signed-off-by: Gary Hade &lt;garyhade@us.ibm.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: Limit VPD read/write lengths for Broadcom 5706, 5708, 5709 rev.</title>
<updated>2008-07-02T18:25:54+00:00</updated>
<author>
<name>Benjamin Li</name>
<email>benli@broadcom.com</email>
</author>
<published>2008-07-02T17:59:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=99cb233d60cbe644203f19938c729ea2bb004d70'/>
<id>99cb233d60cbe644203f19938c729ea2bb004d70</id>
<content type='text'>
For Broadcom 5706, 5708, 5709 rev. A nics, any read beyond the
VPD end tag will hang the device.  This problem was initially
observed when a vpd entry was created in sysfs
('/sys/bus/pci/devices/&lt;id&gt;/vpd').   A read to this sysfs entry
will dump 32k of data.  Reading a full 32k will cause an access
beyond the VPD end tag causing the device to hang.  Once the device
is hung, the bnx2 driver will not be able to reset the device.
We believe that it is legal to read beyond the end tag and
therefore the solution is to limit the read/write length.

A majority of this patch is from Matthew Wilcox who gave code for
reworking the PCI vpd size information.  A PCI quirk added for the
Broadcom NIC's to limit the read/write's.

Signed-off-by: Benjamin Li &lt;benli@broadcom.com&gt;
Signed-off-by: Matthew Wilcox &lt;willy@linux.intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For Broadcom 5706, 5708, 5709 rev. A nics, any read beyond the
VPD end tag will hang the device.  This problem was initially
observed when a vpd entry was created in sysfs
('/sys/bus/pci/devices/&lt;id&gt;/vpd').   A read to this sysfs entry
will dump 32k of data.  Reading a full 32k will cause an access
beyond the VPD end tag causing the device to hang.  Once the device
is hung, the bnx2 driver will not be able to reset the device.
We believe that it is legal to read beyond the end tag and
therefore the solution is to limit the read/write length.

A majority of this patch is from Matthew Wilcox who gave code for
reworking the PCI vpd size information.  A PCI quirk added for the
Broadcom NIC's to limit the read/write's.

Signed-off-by: Benjamin Li &lt;benli@broadcom.com&gt;
Signed-off-by: Matthew Wilcox &lt;willy@linux.intel.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: Restrict VPD read permission to root</title>
<updated>2008-07-01T16:51:53+00:00</updated>
<author>
<name>Ben Hutchings</name>
<email>bhutchings@solarflare.com</email>
</author>
<published>2008-07-01T16:18:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a94c248113b86bbbc47d027a4004b70f2be298b1'/>
<id>a94c248113b86bbbc47d027a4004b70f2be298b1</id>
<content type='text'>
Some PCI devices will lock up if we attempt to read from VPD addresses
beyond some device-dependent limit.  Until we can identify these
devices and adjust the file size accordingly, only let root read VPD
through sysfs to prevent a DoS by normal users.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Some PCI devices will lock up if we attempt to read from VPD addresses
beyond some device-dependent limit.  Until we can identify these
devices and adjust the file size accordingly, only let root read VPD
through sysfs to prevent a DoS by normal users.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>PCI: fixup write combine comment in pci_mmap_resource</title>
<updated>2008-06-12T20:51:46+00:00</updated>
<author>
<name>Jesse Barnes</name>
<email>jbarnes@hobbes.lan</email>
</author>
<published>2008-06-12T20:51:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=81d5575a48f49f494289a1299a32e4e5e41fbf40'/>
<id>81d5575a48f49f494289a1299a32e4e5e41fbf40</id>
<content type='text'>
Now that we can actually do write combining properly, there's no need to have
the FIXME.

Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Now that we can actually do write combining properly, there's no need to have
the FIXME.

Signed-off-by: Jesse Barnes &lt;jbarnes@virtuousgeek.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
