From: Greg Kroah-Hartman Date: Tue, 16 Dec 2008 23:26:30 +0000 (-0800) Subject: more .27 patches X-Git-Tag: v2.6.27.10~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5b1291804b32be3206e90ae1698032391a32a341;p=thirdparty%2Fkernel%2Fstable-queue.git more .27 patches --- diff --git a/queue-2.6.27/b1isa-fix-b1isa_exit-to-really-remove-registered-capi-controllers.patch b/queue-2.6.27/b1isa-fix-b1isa_exit-to-really-remove-registered-capi-controllers.patch new file mode 100644 index 00000000000..2fc3074feb4 --- /dev/null +++ b/queue-2.6.27/b1isa-fix-b1isa_exit-to-really-remove-registered-capi-controllers.patch @@ -0,0 +1,97 @@ +From 1c594c05a75770ab53a329fc4eb99c797a4bc7d7 Mon Sep 17 00:00:00 2001 +From: Wilfried Klaebe +Date: Wed, 3 Dec 2008 20:57:19 -0800 +Subject: b1isa: fix b1isa_exit() to really remove registered capi controllers + +From: Wilfried Klaebe + +commit 1c594c05a75770ab53a329fc4eb99c797a4bc7d7 upstream. + +On "/etc/init.d/capiutils stop", this oops happened. + +The oops happens on reading /proc/capi/controllers because +capi_ctrl->procinfo is called for the wrongly not unregistered +controller, which points to b1isa_procinfo(), which was removed on +module unload. + +b1isa_exit() did not call b1isa_remove() for its controllers because +io[0] == 0 on module unload despite having been 0x340 on module load. + +Besides, just removing the controllers that where added on module +load time and not those that were added later via b1isa_add_card() is +wrong too - the place where all added cards are found is isa_dev[]. + +relevant dmesg lines: + +[ 0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008 + +[ 67.403555] CAPI Subsystem Rev 1.1.2.8 +[ 68.529154] capifs: Rev 1.1.2.3 +[ 68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs) +[ 77.026936] b1: revision 1.1.2.2 +[ 77.049992] b1isa: revision 1.1.2.3 +[ 77.722655] kcapi: Controller [001]: b1isa-340 attached +[ 77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255 +[ 81.272669] b1isa-340: card 1 "B1" ready. +[ 81.272683] b1isa-340: card 1 Protocol: DSS1 +[ 81.272689] b1isa-340: card 1 Linetype: point to multipoint +[ 81.272695] b1isa-340: B1-card (3.11-03) now active +[ 81.272702] kcapi: card [001] "b1isa-340" ready. + +[ 153.721281] kcapi: card [001] down. +[ 154.151889] BUG: unable to handle kernel paging request at e87af000 +[ 154.152081] IP: [] +[ 154.153292] *pde = 2655b067 *pte = 00000000 +[ 154.153307] Oops: 0000 [#1] +[ 154.153360] Modules linked in: rfcomm l2cap ppdev lp ipt_MASQUERADE tun capi capifs kernelcapi ac battery nfsd exportfs nfs lockd nfs_acl sunrpc sit tunnel4 bridge stp llc ipt_REJECT ipt_LOG xt_tcpudp xt_state iptable_filter iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables nls_utf8 isofs nls_base zlib_inflate loop ipv6 netconsole snd_via82xx dvb_usb_dib0700 gameport dib7000p dib7000m dvb_usb snd_ac97_codec ac97_bus dvb_core mt2266 snd_pcm tuner_xc2028 dib3000mc dibx000_common mt2060 dib0070 snd_page_alloc snd_mpu401_uart snd_seq_midi snd_seq_midi_event btusb snd_rawmidi bluetooth snd_seq snd_timer snd_seq_device snd via686a i2c_viapro soundcore i2c_core parport_pc parport button dm_mirror dm_log dm_snapshot floppy sg ohci1394 uhci_hcd ehci_hcd 8139too mii ieee1394 usbcore sr_mod cdrom sd_mod thermal processor fan [last unloaded: b1] +[ 154.153360] +[ 154.153360] Pid: 4132, comm: capiinit Not tainted (2.6.27.4 #3) +[ 154.153360] EIP: 0060:[] EFLAGS: 00010286 CPU: 0 +[ 154.153360] EIP is at 0xe87af000 +[ 154.153360] EAX: e6b9ccc8 EBX: e6b9ccc8 ECX: e87a0c67 EDX: e87af000 +[ 154.153360] ESI: e142bbc0 EDI: e87a56e0 EBP: e0505f0c ESP: e0505ee4 +[ 154.153360] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 +[ 154.153360] Process capiinit (pid: 4132, ti=e0504000 task=d1196cf0 task.ti=e0504000) +[ 154.153360] Stack: e879f650 00000246 e0505ef4 c01472eb e0505f0c 00000246 e7001780 fffffff4 +[ 154.153360] fffffff4 e142bbc0 e0505f48 c01a56c6 00000400 b805e000 d102dc80 e142bbe0 +[ 154.153360] 00000000 e87a56e0 00000246 e12617ac 00000000 00000000 e1261760 fffffffb +[ 154.153360] Call Trace: +[ 154.153360] [] ? controller_show+0x20/0x90 [kernelcapi] +[ 154.153360] [] ? trace_hardirqs_on+0xb/0x10 +[ 154.153360] [] ? seq_read+0x126/0x2f0 +[ 154.153360] [] ? seq_read+0x0/0x2f0 +[ 154.153360] [] ? proc_reg_read+0x5c/0x90 +[ 154.153360] [] ? vfs_read+0x99/0x140 +[ 154.153360] [] ? proc_reg_read+0x0/0x90 +[ 154.153360] [] ? sys_read+0x3d/0x70 +[ 154.153360] [] ? sysenter_do_call+0x12/0x35 +[ 154.153360] ======================= +[ 154.153360] Code: Bad EIP value. +[ 154.153360] EIP: [] 0xe87af000 SS:ESP 0068:e0505ee4 +[ 154.153360] ---[ end trace 23750b6c2862de94 ]--- + +Signed-off-by: Wilfried Klaebe +Signed-off-by: Andrew Morton +Acked-by: Karsten Keil +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/isdn/hardware/avm/b1isa.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/isdn/hardware/avm/b1isa.c ++++ b/drivers/isdn/hardware/avm/b1isa.c +@@ -233,10 +233,8 @@ static void __exit b1isa_exit(void) + int i; + + for (i = 0; i < MAX_CARDS; i++) { +- if (!io[i]) +- break; +- +- b1isa_remove(&isa_dev[i]); ++ if (isa_dev[i].resource[0].start) ++ b1isa_remove(&isa_dev[i]); + } + unregister_capi_driver(&capi_driver_b1isa); + } diff --git a/queue-2.6.27/console-ascii-glyph-1-1-mapping.patch b/queue-2.6.27/console-ascii-glyph-1-1-mapping.patch new file mode 100644 index 00000000000..7d38d3c5888 --- /dev/null +++ b/queue-2.6.27/console-ascii-glyph-1-1-mapping.patch @@ -0,0 +1,46 @@ +From 1c55f18717304100a5f624c923f7cb6511b4116d Mon Sep 17 00:00:00 2001 +From: Ingo Brueckl +Date: Wed, 10 Dec 2008 23:35:00 +0100 +Subject: console ASCII glyph 1:1 mapping + +From: Ingo Brueckl + +commit 1c55f18717304100a5f624c923f7cb6511b4116d upstream. + +For the console, there is a 1:1 mapping of glyphs which cannot be found +in the current font. This seems to be meant as a kind of 'emergency +fallback' for fonts without unicode mapping which otherwise would +display nothing readable on the screen. + +At the moment it affects all chars for which no substitution character +is defined. In particular this means that for all chars (>= 128) where +there is no iso88591-1/unicode character (e.g. control character area) +you'll get the very strange 1:1 mapping of the (cp437) graphics card +glyphs. + +I'm pretty sure that the 1:1 mapping should only affect strict ASCII +code characters, i.e. chars < 128. + +The patch limits the mapping as it probably was meant anyway. + +Signed-off-by: Ingo Brueckl +Acked-by: H. Peter Anvin +Cc: Egmont Koblinger +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/vt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/char/vt.c ++++ b/drivers/char/vt.c +@@ -2287,7 +2287,7 @@ rescan_last_byte: + continue; /* nothing to display */ + } + /* Glyph not found */ +- if ((!(vc->vc_utf && !vc->vc_disp_ctrl) || c < 128) && !(c & ~charmask)) { ++ if ((!(vc->vc_utf && !vc->vc_disp_ctrl) && c < 128) && !(c & ~charmask)) { + /* In legacy mode use the glyph we get by a 1:1 mapping. + This would make absolutely no sense with Unicode in mind, + but do this for ASCII characters since a font may lack diff --git a/queue-2.6.27/firewire-fw-ohci-fix-iommu-resource-exhaustion.patch b/queue-2.6.27/firewire-fw-ohci-fix-iommu-resource-exhaustion.patch new file mode 100644 index 00000000000..8e0724197ee --- /dev/null +++ b/queue-2.6.27/firewire-fw-ohci-fix-iommu-resource-exhaustion.patch @@ -0,0 +1,109 @@ +From stefanr@s5r6.in-berlin.de Tue Dec 16 15:19:19 2008 +From: Stefan Richter +Date: Tue, 16 Dec 2008 20:34:23 +0100 (CET) +Subject: firewire: fw-ohci: fix IOMMU resource exhaustion +To: stable@kernel.org +Message-ID: +Content-Disposition: INLINE + +From: Stefan Richter + +commit 1d1dc5e83f3299c108a4e44d58cc4bfef48c876a upstream. + +There is a DMA map/ unmap imbalance whenever a block write request +packet is sent and then dequeued with ohci_cancel_packet. The latter +may happen frequently if the AR resp tasklet is executed before the AT +req tasklet for the same transaction. + +Add the missing dma_unmap_single. This fixes +https://bugzilla.redhat.com/show_bug.cgi?id=475156 + +Reported-by: Emmanuel Kowalski +Tested-by: Emmanuel Kowalski +Signed-off-by: Stefan Richter +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/firewire/fw-ohci.c | 11 +++++++---- + drivers/firewire/fw-transaction.c | 3 +++ + drivers/firewire/fw-transaction.h | 2 ++ + 3 files changed, 12 insertions(+), 4 deletions(-) + +--- a/drivers/firewire/fw-ohci.c ++++ b/drivers/firewire/fw-ohci.c +@@ -958,6 +958,7 @@ at_context_queue_packet(struct context * + packet->ack = RCODE_SEND_ERROR; + return -1; + } ++ packet->payload_bus = payload_bus; + + d[2].req_count = cpu_to_le16(packet->payload_length); + d[2].data_address = cpu_to_le32(payload_bus); +@@ -1009,7 +1010,6 @@ static int handle_at_packet(struct conte + struct driver_data *driver_data; + struct fw_packet *packet; + struct fw_ohci *ohci = context->ohci; +- dma_addr_t payload_bus; + int evt; + + if (last->transfer_status == 0) +@@ -1022,9 +1022,8 @@ static int handle_at_packet(struct conte + /* This packet was cancelled, just continue. */ + return 1; + +- payload_bus = le32_to_cpu(last->data_address); +- if (payload_bus != 0) +- dma_unmap_single(ohci->card.device, payload_bus, ++ if (packet->payload_bus) ++ dma_unmap_single(ohci->card.device, packet->payload_bus, + packet->payload_length, DMA_TO_DEVICE); + + evt = le16_to_cpu(last->transfer_status) & 0x1f; +@@ -1681,6 +1680,10 @@ static int ohci_cancel_packet(struct fw_ + if (packet->ack != 0) + goto out; + ++ if (packet->payload_bus) ++ dma_unmap_single(ohci->card.device, packet->payload_bus, ++ packet->payload_length, DMA_TO_DEVICE); ++ + log_ar_at_event('T', packet->speed, packet->header, 0x20); + driver_data->packet = NULL; + packet->ack = RCODE_CANCELLED; +--- a/drivers/firewire/fw-transaction.c ++++ b/drivers/firewire/fw-transaction.c +@@ -207,6 +207,7 @@ fw_fill_request(struct fw_packet *packet + packet->speed = speed; + packet->generation = generation; + packet->ack = 0; ++ packet->payload_bus = 0; + } + + /** +@@ -541,6 +542,8 @@ fw_fill_response(struct fw_packet *respo + BUG(); + return; + } ++ ++ response->payload_bus = 0; + } + EXPORT_SYMBOL(fw_fill_response); + +--- a/drivers/firewire/fw-transaction.h ++++ b/drivers/firewire/fw-transaction.h +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + + #define TCODE_IS_READ_REQUEST(tcode) (((tcode) & ~1) == 4) +@@ -153,6 +154,7 @@ struct fw_packet { + size_t header_length; + void *payload; + size_t payload_length; ++ dma_addr_t payload_bus; + u32 timestamp; + + /* diff --git a/queue-2.6.27/ieee1394-add-quirk-fix-for-freecom-hdd.patch b/queue-2.6.27/ieee1394-add-quirk-fix-for-freecom-hdd.patch new file mode 100644 index 00000000000..72a9c31262e --- /dev/null +++ b/queue-2.6.27/ieee1394-add-quirk-fix-for-freecom-hdd.patch @@ -0,0 +1,42 @@ +From stefanr@s5r6.in-berlin.de Tue Dec 16 15:19:47 2008 +From: Stefan Richter +Date: Tue, 16 Dec 2008 20:35:13 +0100 (CET) +Subject: ieee1394: add quirk fix for Freecom HDD +To: stable@kernel.org +Message-ID: +Content-Disposition: INLINE + +From: Stefan Richter + +commit 25a41b280083259d05d68f61633194344a1f8a9f upstream. + +According to http://bugzilla.kernel.org/show_bug.cgi?id=12206, Freecom +FireWire Hard Drive 1TB reports max_rom=2 but returns garbage if block +read requests are used to read the config ROM. Force max_rom=0 to limit +them to quadlet read requests. + +Reported-by: Christian Mueller +Signed-off-by: Stefan Richter +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ieee1394/nodemgr.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/ieee1394/nodemgr.c ++++ b/drivers/ieee1394/nodemgr.c +@@ -115,8 +115,14 @@ static int nodemgr_bus_read(struct csr12 + return error; + } + ++#define OUI_FREECOM_TECHNOLOGIES_GMBH 0x0001db ++ + static int nodemgr_get_max_rom(quadlet_t *bus_info_data, void *__ci) + { ++ /* Freecom FireWire Hard Drive firmware bug */ ++ if (be32_to_cpu(bus_info_data[3]) >> 8 == OUI_FREECOM_TECHNOLOGIES_GMBH) ++ return 0; ++ + return (be32_to_cpu(bus_info_data[2]) >> 8) & 0x3; + } + diff --git a/queue-2.6.27/iwlagn-fix-rx-skb-alignment.patch b/queue-2.6.27/iwlagn-fix-rx-skb-alignment.patch new file mode 100644 index 00000000000..81681263cac --- /dev/null +++ b/queue-2.6.27/iwlagn-fix-rx-skb-alignment.patch @@ -0,0 +1,155 @@ +From 4018517a1a69a85c3d61b20fa02f187b80773137 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 18 Nov 2008 01:47:21 +0100 +Subject: iwlagn: fix RX skb alignment + +From: Johannes Berg + +commit 4018517a1a69a85c3d61b20fa02f187b80773137 upstream. + +So I dug deeper into the DMA problems I had with iwlagn and a kind soul +helped me in that he said something about pci-e alignment and mentioned +the iwl_rx_allocate function to check for crossing 4KB boundaries. Since +there's 8KB A-MPDU support, crossing 4k boundaries didn't seem like +something the device would fail with, but when I looked into the +function for a minute anyway I stumbled over this little gem: + + BUG_ON(rxb->dma_addr & (~DMA_BIT_MASK(36) & 0xff)); + +Clearly, that is a totally bogus check, one would hope the compiler +removes it entirely. (Think about it) + +After fixing it, I obviously ran into it, nothing guarantees the +alignment the way you want it, because of the way skbs and their +headroom are allocated. I won't explain that here nor double-check that +I'm right, that goes beyond what most of the CC'ed people care about. + +So then I came up with the patch below, and so far my system has +survived minutes with 64K pages, when it would previously fail in +seconds. And I haven't seen a single instance of the TX bug either. But +when you see the patch it'll be pretty obvious to you why. + +This should fix the following reported kernel bugs: + +http://bugzilla.kernel.org/show_bug.cgi?id=11596 +http://bugzilla.kernel.org/show_bug.cgi?id=11393 +http://bugzilla.kernel.org/show_bug.cgi?id=11983 + +I haven't checked if there are any elsewhere, but I suppose RHBZ will +have a few instances too... + +I'd like to ask anyone who is CC'ed (those are people I know ran into +the bug) to try this patch. + +I am convinced that this patch is correct in spirit, but I haven't +understood why, for example, there are so many unmap calls. I'm not +entirely convinced that this is the only bug leading to the TX reply +errors. + +Signed-off-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/iwl-agn.c | 6 +++--- + drivers/net/wireless/iwlwifi/iwl-dev.h | 3 ++- + drivers/net/wireless/iwlwifi/iwl-rx.c | 26 +++++++++++++++++--------- + 3 files changed, 22 insertions(+), 13 deletions(-) + +--- a/drivers/net/wireless/iwlwifi/iwl-agn.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn.c +@@ -1384,7 +1384,7 @@ void iwl_rx_handle(struct iwl_priv *priv + + rxq->queue[i] = NULL; + +- pci_dma_sync_single_for_cpu(priv->pci_dev, rxb->dma_addr, ++ pci_dma_sync_single_for_cpu(priv->pci_dev, rxb->aligned_dma_addr, + priv->hw_params.rx_buf_size, + PCI_DMA_FROMDEVICE); + pkt = (struct iwl_rx_packet *)rxb->skb->data; +@@ -1436,8 +1436,8 @@ void iwl_rx_handle(struct iwl_priv *priv + rxb->skb = NULL; + } + +- pci_unmap_single(priv->pci_dev, rxb->dma_addr, +- priv->hw_params.rx_buf_size, ++ pci_unmap_single(priv->pci_dev, rxb->real_dma_addr, ++ priv->hw_params.rx_buf_size + 256, + PCI_DMA_FROMDEVICE); + spin_lock_irqsave(&rxq->lock, flags); + list_add_tail(&rxb->list, &priv->rxq.rx_used); +--- a/drivers/net/wireless/iwlwifi/iwl-dev.h ++++ b/drivers/net/wireless/iwlwifi/iwl-dev.h +@@ -89,7 +89,8 @@ extern struct iwl_cfg iwl5100_abg_cfg; + #define DEFAULT_LONG_RETRY_LIMIT 4U + + struct iwl_rx_mem_buffer { +- dma_addr_t dma_addr; ++ dma_addr_t real_dma_addr; ++ dma_addr_t aligned_dma_addr; + struct sk_buff *skb; + struct list_head list; + }; +--- a/drivers/net/wireless/iwlwifi/iwl-rx.c ++++ b/drivers/net/wireless/iwlwifi/iwl-rx.c +@@ -204,7 +204,7 @@ int iwl_rx_queue_restock(struct iwl_priv + list_del(element); + + /* Point to Rx buffer via next RBD in circular buffer */ +- rxq->bd[rxq->write] = iwl_dma_addr2rbd_ptr(priv, rxb->dma_addr); ++ rxq->bd[rxq->write] = iwl_dma_addr2rbd_ptr(priv, rxb->aligned_dma_addr); + rxq->queue[rxq->write] = rxb; + rxq->write = (rxq->write + 1) & RX_QUEUE_MASK; + rxq->free_count--; +@@ -251,7 +251,7 @@ void iwl_rx_allocate(struct iwl_priv *pr + rxb = list_entry(element, struct iwl_rx_mem_buffer, list); + + /* Alloc a new receive buffer */ +- rxb->skb = alloc_skb(priv->hw_params.rx_buf_size, ++ rxb->skb = alloc_skb(priv->hw_params.rx_buf_size + 256, + __GFP_NOWARN | GFP_ATOMIC); + if (!rxb->skb) { + if (net_ratelimit()) +@@ -266,9 +266,17 @@ void iwl_rx_allocate(struct iwl_priv *pr + list_del(element); + + /* Get physical address of RB/SKB */ +- rxb->dma_addr = +- pci_map_single(priv->pci_dev, rxb->skb->data, +- priv->hw_params.rx_buf_size, PCI_DMA_FROMDEVICE); ++ rxb->real_dma_addr = pci_map_single( ++ priv->pci_dev, ++ rxb->skb->data, ++ priv->hw_params.rx_buf_size + 256, ++ PCI_DMA_FROMDEVICE); ++ /* dma address must be no more than 36 bits */ ++ BUG_ON(rxb->real_dma_addr & ~DMA_BIT_MASK(36)); ++ /* and also 256 byte aligned! */ ++ rxb->aligned_dma_addr = ALIGN(rxb->real_dma_addr, 256); ++ skb_reserve(rxb->skb, rxb->aligned_dma_addr - rxb->real_dma_addr); ++ + list_add_tail(&rxb->list, &rxq->rx_free); + rxq->free_count++; + } +@@ -300,8 +308,8 @@ void iwl_rx_queue_free(struct iwl_priv * + for (i = 0; i < RX_QUEUE_SIZE + RX_FREE_BUFFERS; i++) { + if (rxq->pool[i].skb != NULL) { + pci_unmap_single(priv->pci_dev, +- rxq->pool[i].dma_addr, +- priv->hw_params.rx_buf_size, ++ rxq->pool[i].real_dma_addr, ++ priv->hw_params.rx_buf_size + 256, + PCI_DMA_FROMDEVICE); + dev_kfree_skb(rxq->pool[i].skb); + } +@@ -354,8 +362,8 @@ void iwl_rx_queue_reset(struct iwl_priv + * to an SKB, so we need to unmap and free potential storage */ + if (rxq->pool[i].skb != NULL) { + pci_unmap_single(priv->pci_dev, +- rxq->pool[i].dma_addr, +- priv->hw_params.rx_buf_size, ++ rxq->pool[i].real_dma_addr, ++ priv->hw_params.rx_buf_size + 256, + PCI_DMA_FROMDEVICE); + priv->alloc_rxb_skb--; + dev_kfree_skb(rxq->pool[i].skb); diff --git a/queue-2.6.27/iwlwifi-clean-key-table-in-iwl_clear_stations_table-function.patch b/queue-2.6.27/iwlwifi-clean-key-table-in-iwl_clear_stations_table-function.patch new file mode 100644 index 00000000000..e67286af5b5 --- /dev/null +++ b/queue-2.6.27/iwlwifi-clean-key-table-in-iwl_clear_stations_table-function.patch @@ -0,0 +1,122 @@ +From 40a9a8299116297429298e8fcee08235134883f7 Mon Sep 17 00:00:00 2001 +From: Tomas Winkler +Date: Tue, 25 Nov 2008 23:29:03 +0200 +Subject: iwlwifi: clean key table in iwl_clear_stations_table function + +From: Tomas Winkler + +commit 40a9a8299116297429298e8fcee08235134883f7 upstream. + +This patch cleans uCode key table bit map iwl_clear_stations_table +since all stations are cleared also the key table must be. + +Since the keys are not removed properly on suspend by mac80211 +this may result in exhausting key table on resume leading +to memory corruption during removal + +This patch also fixes a memory corruption problem reported in +http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in +http://bugzilla.kernel.org/show_bug.cgi?id=12040. + +When the key is removed a second time the offset is set to 255 - this +index is not valid for the ucode_key_table and corrupts the eeprom pointer +(which is 255 bits from ucode_key_table). + +Signed-off-by: Tomas Winkler +Signed-off-by: Zhu Yi +Reported-by: Carlos R. Mafra +Reported-by: Lukas Hejtmanek +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/iwl-core.c | 3 +++ + drivers/net/wireless/iwlwifi/iwl-sta.c | 24 +++++++++++++++++++++--- + 2 files changed, 24 insertions(+), 3 deletions(-) + +--- a/drivers/net/wireless/iwlwifi/iwl-core.c ++++ b/drivers/net/wireless/iwlwifi/iwl-core.c +@@ -290,6 +290,9 @@ void iwl_clear_stations_table(struct iwl + priv->num_stations = 0; + memset(priv->stations, 0, sizeof(priv->stations)); + ++ /* clean ucode key table bit map */ ++ priv->ucode_key_table = 0; ++ + spin_unlock_irqrestore(&priv->sta_lock, flags); + } + EXPORT_SYMBOL(iwl_clear_stations_table); +--- a/drivers/net/wireless/iwlwifi/iwl-sta.c ++++ b/drivers/net/wireless/iwlwifi/iwl-sta.c +@@ -475,7 +475,7 @@ static int iwl_get_free_ucode_key_index( + if (!test_and_set_bit(i, &priv->ucode_key_table)) + return i; + +- return -1; ++ return WEP_INVALID_OFFSET; + } + + int iwl_send_static_wepkey_cmd(struct iwl_priv *priv, u8 send_if_empty) +@@ -620,6 +620,9 @@ static int iwl_set_wep_dynamic_key_info( + /* else, we are overriding an existing key => no need to allocated room + * in uCode. */ + ++ WARN(priv->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET, ++ "no space for new kew"); ++ + priv->stations[sta_id].sta.key.key_flags = key_flags; + priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; + priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; +@@ -637,6 +640,7 @@ static int iwl_set_ccmp_dynamic_key_info + { + unsigned long flags; + __le16 key_flags = 0; ++ int ret; + + key_flags |= (STA_KEY_FLG_CCMP | STA_KEY_FLG_MAP_KEY_MSK); + key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS); +@@ -664,14 +668,18 @@ static int iwl_set_ccmp_dynamic_key_info + /* else, we are overriding an existing key => no need to allocated room + * in uCode. */ + ++ WARN(priv->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET, ++ "no space for new kew"); ++ + priv->stations[sta_id].sta.key.key_flags = key_flags; + priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; + priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; + ++ ret = iwl_send_add_sta(priv, &priv->stations[sta_id].sta, CMD_ASYNC); ++ + spin_unlock_irqrestore(&priv->sta_lock, flags); + +- IWL_DEBUG_INFO("hwcrypto: modify ucode station key info\n"); +- return iwl_send_add_sta(priv, &priv->stations[sta_id].sta, CMD_ASYNC); ++ return ret; + } + + static int iwl_set_tkip_dynamic_key_info(struct iwl_priv *priv, +@@ -696,6 +704,9 @@ static int iwl_set_tkip_dynamic_key_info + /* else, we are overriding an existing key => no need to allocated room + * in uCode. */ + ++ WARN(priv->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET, ++ "no space for new kew"); ++ + /* This copy is acutally not needed: we get the key with each TX */ + memcpy(priv->stations[sta_id].keyinfo.key, keyconf->key, 16); + +@@ -734,6 +745,13 @@ int iwl_remove_dynamic_key(struct iwl_pr + return 0; + } + ++ if (priv->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) { ++ IWL_WARNING("Removing wrong key %d 0x%x\n", ++ keyconf->keyidx, key_flags); ++ spin_unlock_irqrestore(&priv->sta_lock, flags); ++ return 0; ++ } ++ + if (!test_and_clear_bit(priv->stations[sta_id].sta.key.key_offset, + &priv->ucode_key_table)) + IWL_ERROR("index %d not used in uCode key table.\n", diff --git a/queue-2.6.27/key-fix-setkey-policy-set-breakage.patch b/queue-2.6.27/key-fix-setkey-policy-set-breakage.patch new file mode 100644 index 00000000000..3531a0b2bc5 --- /dev/null +++ b/queue-2.6.27/key-fix-setkey-policy-set-breakage.patch @@ -0,0 +1,48 @@ +From 920da6923cf03c8a78fbaffa408f8ab37f6abfc1 Mon Sep 17 00:00:00 2001 +From: Alexey Dobriyan +Date: Fri, 31 Oct 2008 16:41:26 -0700 +Subject: key: fix setkey(8) policy set breakage + +From: Alexey Dobriyan + +commit 920da6923cf03c8a78fbaffa408f8ab37f6abfc1 upstream. + +Steps to reproduce: + + #/usr/sbin/setkey -f + flush; + spdflush; + + add 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 "1234567890123456"; + add 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc "123456789012123456789012"; + + spdadd 192.168.0.42 192.168.0.1 any -P out ipsec + esp/transport//require + ah/transport//require; + +setkey: invalid keymsg length + +Policy dump will bail out with the same message after that. + +-recv(4, "\2\16\0\0\32\0\3\0\0\0\0\0\37\r\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208 ++recv(4, "\2\16\0\0\36\0\3\0\0\0\0\0H\t\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208 + +Signed-off-by: Alexey Dobriyan +Signed-off-by: David S. Miller +Cc: Kadianakis George +Signed-off-by: Greg Kroah-Hartman + +--- + net/key/af_key.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/net/key/af_key.c ++++ b/net/key/af_key.c +@@ -2051,7 +2051,6 @@ static int pfkey_xfrm_policy2msg(struct + req_size += socklen * 2; + } else { + size -= 2*socklen; +- socklen = 0; + } + rq = (void*)skb_put(skb, req_size); + pol->sadb_x_policy_len += req_size/8; diff --git a/queue-2.6.27/macfb-do-not-overflow-fb_fix_screeninfo.id.patch b/queue-2.6.27/macfb-do-not-overflow-fb_fix_screeninfo.id.patch new file mode 100644 index 00000000000..499ce4ee1a6 --- /dev/null +++ b/queue-2.6.27/macfb-do-not-overflow-fb_fix_screeninfo.id.patch @@ -0,0 +1,239 @@ +From 89c223a616cddd9eab792b860f61f99cec53c4e8 Mon Sep 17 00:00:00 2001 +From: Finn Thain +Date: Tue, 18 Nov 2008 20:40:40 +0100 +Subject: macfb: Do not overflow fb_fix_screeninfo.id + +From: Finn Thain + +commit 89c223a616cddd9eab792b860f61f99cec53c4e8 upstream. + +Don't overflow the 16-character fb_fix_screeninfo id string (fixes some +console erasing and blanking artifacts). Have the ID default to "Unknown" +on machines with no built-in video and no nubus devices. Check for +fb_alloc_cmap failure. + +Signed-off-by: Finn Thain +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/macfb.c | 74 +++++++++++++++++++++++--------------------------- + 1 file changed, 35 insertions(+), 39 deletions(-) + +--- a/drivers/video/macfb.c ++++ b/drivers/video/macfb.c +@@ -164,7 +164,6 @@ static struct fb_var_screeninfo macfb_de + }; + + static struct fb_fix_screeninfo macfb_fix = { +- .id = "Macintosh ", + .type = FB_TYPE_PACKED_PIXELS, + .accel = FB_ACCEL_NONE, + }; +@@ -760,22 +759,22 @@ static int __init macfb_init(void) + + switch(ndev->dr_hw) { + case NUBUS_DRHW_APPLE_MDC: +- strcat( macfb_fix.id, "Display Card" ); ++ strcpy(macfb_fix.id, "Mac Disp. Card"); + macfb_setpalette = mdc_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + break; + case NUBUS_DRHW_APPLE_TFB: +- strcat( macfb_fix.id, "Toby" ); ++ strcpy(macfb_fix.id, "Toby"); + macfb_setpalette = toby_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + break; + case NUBUS_DRHW_APPLE_JET: +- strcat( macfb_fix.id, "Jet"); ++ strcpy(macfb_fix.id, "Jet"); + macfb_setpalette = jet_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + break; + default: +- strcat( macfb_fix.id, "Generic NuBus" ); ++ strcpy(macfb_fix.id, "Generic NuBus"); + break; + } + } +@@ -786,21 +785,11 @@ static int __init macfb_init(void) + if (!video_is_nubus) + switch( mac_bi_data.id ) + { +- /* These don't have onboard video. Eventually, we may +- be able to write separate framebuffer drivers for +- them (tobyfb.c, hiresfb.c, etc, etc) */ +- case MAC_MODEL_II: +- case MAC_MODEL_IIX: +- case MAC_MODEL_IICX: +- case MAC_MODEL_IIFX: +- strcat( macfb_fix.id, "Generic NuBus" ); +- break; +- + /* Valkyrie Quadras */ + case MAC_MODEL_Q630: + /* I'm not sure about this one */ + case MAC_MODEL_P588: +- strcat( macfb_fix.id, "Valkyrie built-in" ); ++ strcpy(macfb_fix.id, "Valkyrie"); + macfb_setpalette = valkyrie_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + valkyrie_cmap_regs = ioremap(DAC_BASE, 0x1000); +@@ -823,7 +812,7 @@ static int __init macfb_init(void) + case MAC_MODEL_Q700: + case MAC_MODEL_Q900: + case MAC_MODEL_Q950: +- strcat( macfb_fix.id, "DAFB built-in" ); ++ strcpy(macfb_fix.id, "DAFB"); + macfb_setpalette = dafb_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + dafb_cmap_regs = ioremap(DAFB_BASE, 0x1000); +@@ -831,7 +820,7 @@ static int __init macfb_init(void) + + /* LC II uses the V8 framebuffer */ + case MAC_MODEL_LCII: +- strcat( macfb_fix.id, "V8 built-in" ); ++ strcpy(macfb_fix.id, "V8"); + macfb_setpalette = v8_brazil_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + v8_brazil_cmap_regs = ioremap(DAC_BASE, 0x1000); +@@ -843,7 +832,7 @@ static int __init macfb_init(void) + case MAC_MODEL_IIVI: + case MAC_MODEL_IIVX: + case MAC_MODEL_P600: +- strcat( macfb_fix.id, "Brazil built-in" ); ++ strcpy(macfb_fix.id, "Brazil"); + macfb_setpalette = v8_brazil_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; + v8_brazil_cmap_regs = ioremap(DAC_BASE, 0x1000); +@@ -860,7 +849,7 @@ static int __init macfb_init(void) + case MAC_MODEL_P460: + macfb_setpalette = v8_brazil_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; +- strcat( macfb_fix.id, "Sonora built-in" ); ++ strcpy(macfb_fix.id, "Sonora"); + v8_brazil_cmap_regs = ioremap(DAC_BASE, 0x1000); + break; + +@@ -871,7 +860,7 @@ static int __init macfb_init(void) + case MAC_MODEL_IISI: + macfb_setpalette = rbv_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; +- strcat( macfb_fix.id, "RBV built-in" ); ++ strcpy(macfb_fix.id, "RBV"); + rbv_cmap_regs = ioremap(DAC_BASE, 0x1000); + break; + +@@ -880,7 +869,7 @@ static int __init macfb_init(void) + case MAC_MODEL_C660: + macfb_setpalette = civic_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; +- strcat( macfb_fix.id, "Civic built-in" ); ++ strcpy(macfb_fix.id, "Civic"); + civic_cmap_regs = ioremap(CIVIC_BASE, 0x1000); + break; + +@@ -901,7 +890,7 @@ static int __init macfb_init(void) + v8_brazil_cmap_regs = + ioremap(DAC_BASE, 0x1000); + } +- strcat( macfb_fix.id, "LC built-in" ); ++ strcpy(macfb_fix.id, "LC"); + break; + /* We think this may be like the LC II */ + case MAC_MODEL_CCL: +@@ -911,18 +900,18 @@ static int __init macfb_init(void) + v8_brazil_cmap_regs = + ioremap(DAC_BASE, 0x1000); + } +- strcat( macfb_fix.id, "Color Classic built-in" ); ++ strcpy(macfb_fix.id, "Color Classic"); + break; + + /* And we *do* mean "weirdos" */ + case MAC_MODEL_TV: +- strcat( macfb_fix.id, "Mac TV built-in" ); ++ strcpy(macfb_fix.id, "Mac TV"); + break; + + /* These don't have colour, so no need to worry */ + case MAC_MODEL_SE30: + case MAC_MODEL_CLII: +- strcat( macfb_fix.id, "Monochrome built-in" ); ++ strcpy(macfb_fix.id, "Monochrome"); + break; + + /* Powerbooks are particularly difficult. Many of +@@ -935,7 +924,7 @@ static int __init macfb_init(void) + case MAC_MODEL_PB140: + case MAC_MODEL_PB145: + case MAC_MODEL_PB170: +- strcat( macfb_fix.id, "DDC built-in" ); ++ strcpy(macfb_fix.id, "DDC"); + break; + + /* Internal is GSC, External (if present) is ViSC */ +@@ -945,13 +934,13 @@ static int __init macfb_init(void) + case MAC_MODEL_PB180: + case MAC_MODEL_PB210: + case MAC_MODEL_PB230: +- strcat( macfb_fix.id, "GSC built-in" ); ++ strcpy(macfb_fix.id, "GSC"); + break; + + /* Internal is TIM, External is ViSC */ + case MAC_MODEL_PB165C: + case MAC_MODEL_PB180C: +- strcat( macfb_fix.id, "TIM built-in" ); ++ strcpy(macfb_fix.id, "TIM"); + break; + + /* Internal is CSC, External is Keystone+Ariel. */ +@@ -963,12 +952,12 @@ static int __init macfb_init(void) + case MAC_MODEL_PB280C: + macfb_setpalette = csc_setpalette; + macfb_defined.activate = FB_ACTIVATE_NOW; +- strcat( macfb_fix.id, "CSC built-in" ); ++ strcpy(macfb_fix.id, "CSC"); + csc_cmap_regs = ioremap(CSC_BASE, 0x1000); + break; + + default: +- strcat( macfb_fix.id, "Unknown/Unsupported built-in" ); ++ strcpy(macfb_fix.id, "Unknown"); + break; + } + +@@ -978,16 +967,23 @@ static int __init macfb_init(void) + fb_info.pseudo_palette = pseudo_palette; + fb_info.flags = FBINFO_DEFAULT; + +- fb_alloc_cmap(&fb_info.cmap, video_cmap_len, 0); ++ err = fb_alloc_cmap(&fb_info.cmap, video_cmap_len, 0); ++ if (err) ++ goto fail_unmap; + + err = register_framebuffer(&fb_info); +- if (!err) +- printk("fb%d: %s frame buffer device\n", +- fb_info.node, fb_info.fix.id); +- else { +- iounmap(fb_info.screen_base); +- iounmap_macfb(); +- } ++ if (err) ++ goto fail_dealloc; ++ ++ printk("fb%d: %s frame buffer device\n", ++ fb_info.node, fb_info.fix.id); ++ return 0; ++ ++fail_dealloc: ++ fb_dealloc_cmap(&fb_info.cmap); ++fail_unmap: ++ iounmap(fb_info.screen_base); ++ iounmap_macfb(); + return err; + } + diff --git a/queue-2.6.27/net-eliminate-warning-from-netif_f_ufo-on-bridge.patch b/queue-2.6.27/net-eliminate-warning-from-netif_f_ufo-on-bridge.patch new file mode 100644 index 00000000000..7d1ab5fb3d8 --- /dev/null +++ b/queue-2.6.27/net-eliminate-warning-from-netif_f_ufo-on-bridge.patch @@ -0,0 +1,42 @@ +From shemminger@vyatta.com Tue Dec 16 15:10:56 2008 +From: Stephen Hemminger +Date: Fri, 12 Dec 2008 10:27:08 -0800 +Subject: net: eliminate warning from NETIF_F_UFO on bridge +To: David Miller +Cc: netdev@vger.kernel.org, stable@kernel.org +Message-ID: <20081212102708.3f8dfbff@extreme> + +From: Stephen Hemminger + +Based on commit b63365a2d60268a3988285d6c3c6003d7066f93a upstream, but +drastically cut down for 2.6.27.y + +The bridge device always causes a warning because when it is first created +it has the no checksum flag set along with all the segmentation/fragmentation +offload bits. The code in register_netdevice incorrectly checks for only +hardware checksum bit and ignores no checksum bit. + +Similar code is already in 2.6.28: + commit b63365a2d60268a3988285d6c3c6003d7066f93a + net: Fix disjunct computation of netdev features + +Signed-off-by: Stephen Hemminger +Cc: David Miller +Cc: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3990,7 +3990,7 @@ int register_netdevice(struct net_device + dev->features &= ~NETIF_F_TSO; + } + if (dev->features & NETIF_F_UFO) { +- if (!(dev->features & NETIF_F_HW_CSUM)) { ++ if (!(dev->features & NETIF_F_GEN_CSUM)) { + printk(KERN_ERR "%s: Dropping NETIF_F_UFO since no " + "NETIF_F_HW_CSUM feature.\n", + dev->name); diff --git a/queue-2.6.27/series b/queue-2.6.27/series index e7b59ed11ab..5fa45140675 100644 --- a/queue-2.6.27/series +++ b/queue-2.6.27/series @@ -7,3 +7,14 @@ libata-fix-seagate-ncq-flush-blacklist.patch e1000e-fix-double-release-of-mutex.patch can-fix-can__flag-handling-in-can_filter.patch can-omit-received-rtr-frames-for-single-id-filter-lists.patch +iwlwifi-clean-key-table-in-iwl_clear_stations_table-function.patch +net-eliminate-warning-from-netif_f_ufo-on-bridge.patch +unicode-table-for-cp437.patch +console-ascii-glyph-1-1-mapping.patch +iwlagn-fix-rx-skb-alignment.patch +key-fix-setkey-policy-set-breakage.patch +firewire-fw-ohci-fix-iommu-resource-exhaustion.patch +ieee1394-add-quirk-fix-for-freecom-hdd.patch +sunrpc-fix-a-performance-regression-in-the-rpc-authentication-code.patch +b1isa-fix-b1isa_exit-to-really-remove-registered-capi-controllers.patch +macfb-do-not-overflow-fb_fix_screeninfo.id.patch diff --git a/queue-2.6.27/sunrpc-fix-a-performance-regression-in-the-rpc-authentication-code.patch b/queue-2.6.27/sunrpc-fix-a-performance-regression-in-the-rpc-authentication-code.patch new file mode 100644 index 00000000000..88ccc7c7945 --- /dev/null +++ b/queue-2.6.27/sunrpc-fix-a-performance-regression-in-the-rpc-authentication-code.patch @@ -0,0 +1,63 @@ +From 23918b03060f6e572168fdde1798a905679d2e06 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Thu, 20 Nov 2008 16:06:21 -0500 +Subject: SUNRPC: Fix a performance regression in the RPC authentication code + +From: Trond Myklebust + +commit 23918b03060f6e572168fdde1798a905679d2e06 upstream. + +Fix a regression reported by Max Kellermann whereby kernel profiling +showed that his clients were spending 45% of their time in +rpcauth_lookup_credcache. + +It turns out that although his processes had identical uid/gid/groups, +generic_match() was failing to detect this, because the task->group_info +pointers were not shared. This again lead to the creation of a huge number +of identical credentials at the RPC layer. + +The regression is fixed by comparing the contents of task->group_info +if the actual pointers are not identical. + +Signed-off-by: Trond Myklebust +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/auth_generic.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/auth_generic.c ++++ b/net/sunrpc/auth_generic.c +@@ -133,13 +133,29 @@ static int + generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags) + { + struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base); ++ int i; + + if (gcred->acred.uid != acred->uid || + gcred->acred.gid != acred->gid || +- gcred->acred.group_info != acred->group_info || + gcred->acred.machine_cred != acred->machine_cred) +- return 0; ++ goto out_nomatch; ++ ++ /* Optimisation in the case where pointers are identical... */ ++ if (gcred->acred.group_info == acred->group_info) ++ goto out_match; ++ ++ /* Slow path... */ ++ if (gcred->acred.group_info->ngroups != acred->group_info->ngroups) ++ goto out_nomatch; ++ for (i = 0; i < gcred->acred.group_info->ngroups; i++) { ++ if (GROUP_AT(gcred->acred.group_info, i) != ++ GROUP_AT(acred->group_info, i)) ++ goto out_nomatch; ++ } ++out_match: + return 1; ++out_nomatch: ++ return 0; + } + + void __init rpc_init_generic_auth(void) diff --git a/queue-2.6.27/unicode-table-for-cp437.patch b/queue-2.6.27/unicode-table-for-cp437.patch new file mode 100644 index 00000000000..ddf38159767 --- /dev/null +++ b/queue-2.6.27/unicode-table-for-cp437.patch @@ -0,0 +1,88 @@ +From f75bc06e5d00a827d3ec5d57bbb5b73a4adec855 Mon Sep 17 00:00:00 2001 +From: Ingo Brueckl +Date: Wed, 10 Dec 2008 23:34:00 +0100 +Subject: unicode table for cp437 + +From: Ingo Brueckl + +commit f75bc06e5d00a827d3ec5d57bbb5b73a4adec855 upstream. + +There is a major bug in the cp437 to unicode translation table. Char +0x7c is mapped to U+00a5 which is the Yen sign and wrong. The right +mapping is U+00a6 (broken bar). + +Furthermore, a mapping for U+00b4 (a widely used character) is missing +even though easily possible. + +The patch fixes these, as well as it provides a few other useful +mappings. + +The changes are as follows: + + 0x0f (enhancement) enables a sort of currency symbol + 0x27 (bug) enables a sort of acute accent which is a widely used character + 0x44 (enhancement) enables a sort of icelandic capital letter eth + 0x7c (major bug) corrects mapping + 0xeb (enhancement) enables a sort of icelandic small letter eth + 0xee (enhancement) enables a sort of math 'element of' + +Signed-off-by: Ingo Brueckl +Acked-by: H. Peter Anvin +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/cp437.uni | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/char/cp437.uni ++++ b/drivers/char/cp437.uni +@@ -27,7 +27,7 @@ + 0x0c U+2640 + 0x0d U+266a + 0x0e U+266b +-0x0f U+263c ++0x0f U+263c U+00a4 + 0x10 U+25b6 U+25ba + 0x11 U+25c0 U+25c4 + 0x12 U+2195 +@@ -55,7 +55,7 @@ + 0x24 U+0024 + 0x25 U+0025 + 0x26 U+0026 +-0x27 U+0027 ++0x27 U+0027 U+00b4 + 0x28 U+0028 + 0x29 U+0029 + 0x2a U+002a +@@ -84,7 +84,7 @@ + 0x41 U+0041 U+00c0 U+00c1 U+00c2 U+00c3 + 0x42 U+0042 + 0x43 U+0043 U+00a9 +-0x44 U+0044 ++0x44 U+0044 U+00d0 + 0x45 U+0045 U+00c8 U+00ca U+00cb + 0x46 U+0046 + 0x47 U+0047 +@@ -140,7 +140,7 @@ + 0x79 U+0079 U+00fd + 0x7a U+007a + 0x7b U+007b +-0x7c U+007c U+00a5 ++0x7c U+007c U+00a6 + 0x7d U+007d + 0x7e U+007e + # +@@ -263,10 +263,10 @@ + 0xe8 U+03a6 U+00d8 + 0xe9 U+0398 + 0xea U+03a9 U+2126 +-0xeb U+03b4 ++0xeb U+03b4 U+00f0 + 0xec U+221e + 0xed U+03c6 U+00f8 +-0xee U+03b5 ++0xee U+03b5 U+2208 + 0xef U+2229 + 0xf0 U+2261 + 0xf1 U+00b1