Balbir Singh [Tue, 9 Dec 2008 21:14:07 +0000 (13:14 -0800)]
uml: boot broken due to buffer overrun
mconsole_init() passed 256 bytes as length in os_create_unix_socket, while
the sizeof UNIX_PATH_MAX is 108. This patch fixes that problem and avoids
a big overrun bug reported on UML bootup.
sockaddr_un.sun_path is UNIX_PATH_MAX long which causes the problem. Reported-by: Vikas K Managutte <vikki.km@gmail.com> Reported-by: Sarvesh Kumar Lal Das <skldas@gmail.com> Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com> Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi> Reviewed-by: WANG Cong <wangcong@zeuux.org> Cc: Jeff Dike <jdike@addtoit.com> Cc: <stable@kernel.org> [please check with Jeff] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Tue, 9 Dec 2008 21:14:06 +0000 (13:14 -0800)]
mm/backing-dev.c: remove recently-added WARN_ON()
On second thoughts, this is just going to disturb people while telling us
things which we already knew.
Cc: Peter Korsgaard <jacmet@sunsite.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Herbert Xu [Wed, 10 Dec 2008 12:29:44 +0000 (23:29 +1100)]
crypto: api - Disallow cryptomgr as a module if algorithms are built-in
If we have at least one algorithm built-in then it no longer makes
sense to have the testing framework, and hence cryptomgr to be a
module. It should be either on or off, i.e., built-in or disabled.
This just happens to stop a potential runaway modprobe loop that
seems to trigger on at least one distro.
With fixes from Evgeniy Polyakov.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stefan Richter [Tue, 9 Dec 2008 23:20:38 +0000 (00:20 +0100)]
firewire: fw-ohci: fix IOMMU resource exhaustion
There is a DMA map/ unmap imbalance whenever a block write request
packet is sent and then dequeued with ohci_cancel_packet. The latter
may happen frequently if the AR resp tasklet is executed before the AT
req tasklet for the same transaction.
Add the missing dma_unmap_single. This fixes
https://bugzilla.redhat.com/show_bug.cgi?id=475156
Reported-by: Emmanuel Kowalski Tested-by: Emmanuel Kowalski Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Neil Horman [Wed, 10 Dec 2008 07:22:26 +0000 (23:22 -0800)]
netpoll: fix race on poll_list resulting in garbage entry
A few months back a race was discused between the netpoll napi service
path, and the fast path through net_rx_action:
http://kerneltrap.org/mailarchive/linux-netdev/2007/10/16/345470
A patch was submitted for that bug, but I think we missed a case.
Consider the following scenario:
INITIAL STATE
CPU0 has one napi_struct A on its poll_list
CPU1 is calling netpoll_send_skb and needs to call poll_napi on the same
napi_struct A that CPU0 has on its list
CPU0 CPU1
net_rx_action poll_napi
!list_empty (returns true) locks poll_lock for A
poll_one_napi
napi->poll
netif_rx_complete
__napi_complete
(removes A from poll_list)
list_entry(list->next)
In the above scenario, net_rx_action assumes that the per-cpu poll_list is
exclusive to that cpu. netpoll of course violates that, and because the netpoll
path can dequeue from the poll list, its possible for CPU0 to detect a non-empty
list at the top of the while loop in net_rx_action, but have it become empty by
the time it calls list_entry. Since the poll_list isn't surrounded by any other
structure, the returned data from that list_entry call in this situation is
garbage, and any number of crashes can result based on what exactly that garbage
is.
Given that its not fasible for performance reasons to place exclusive locks
arround each cpus poll list to provide that mutal exclusion, I think the best
solution is modify the netpoll path in such a way that we continue to guarantee
that the poll_list for a cpu is in fact exclusive to that cpu. To do this I've
implemented the patch below. It adds an additional bit to the state field in
the napi_struct. When executing napi->poll from the netpoll_path, this bit will
be set. When a driver calls netif_rx_complete, if that bit is set, it will not
remove the napi_struct from the poll_list. That work will be saved for the next
iteration of net_rx_action.
I've tested this and it seems to work well. About the biggest drawback I can
see to it is the fact that it might result in an extra loop through
net_rx_action in the event that the device is actually contended for (i.e. the
netpoll path actually preforms all the needed work no the device, and the call
to net_rx_action winds up doing nothing, except removing the napi_struct from
the poll_list. However I think this is probably a small price to pay, given
that the alternative is a crash.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Roland McGrath [Wed, 10 Dec 2008 03:36:38 +0000 (19:36 -0800)]
tracehook: exec double-reporting fix
The patch 6341c39 "tracehook: exec" introduced a small regression in
2.6.27 regarding binfmt_misc exec event reporting. Since the reporting
is now done in the common search_binary_handler() function, an exec
of a misc binary will result in two (or possibly multiple) exec events
being reported, instead of just a single one, because the misc handler
contains a recursive call to search_binary_handler.
To add to the confusion, if PTRACE_O_TRACEEXEC is not active, the multiple
SIGTRAP signals will in fact cause only a single ptrace intercept, as the
signals are not queued. However, if PTRACE_O_TRACEEXEC is on, the debugger
will actually see multiple ptrace intercepts (PTRACE_EVENT_EXEC).
The test program included below demonstrates the problem.
This change fixes the bug by calling tracehook_report_exec() only in the
outermost search_binary_handler() call (bprm->recursion_depth == 0).
The additional change to restore bprm->recursion_depth after each binfmt
load_binary call is actually superfluous for this bug, since we test the
value saved on entry to search_binary_handler(). But it keeps the use of
of the depth count to its most obvious expected meaning. Depending on what
binfmt handlers do in certain cases, there could have been false-positive
tests for recursion limits before this change.
/* Test program using PTRACE_O_TRACEEXEC.
This forks and exec's the first argument with the rest of the arguments,
while ptrace'ing. It expects to see one PTRACE_EVENT_EXEC stop and
then a successful exit, with no other signals or events in between.
Test for kernel doing two PTRACE_EVENT_EXEC stops for a binfmt_misc exec:
$ gcc -g traceexec.c -o traceexec
$ sudo sh -c 'echo :test:M::foobar::/bin/cat: > /proc/sys/fs/binfmt_misc/register'
$ echo 'foobar test' > ./foobar
$ chmod +x ./foobar
$ ./traceexec ./foobar; echo $?
==> good <==
foobar test
0
$
==> bad <==
foobar test
unexpected status 0x4057f != 0
3
$
Jan Sembera [Tue, 9 Dec 2008 23:48:32 +0000 (15:48 -0800)]
ipv6: silence log messages for locally generated multicast
This patch fixes minor annoyance during transmission of unsolicited
neighbor advertisements from userspace to multicast addresses (as
far as I can see in RFC, this is allowed and the similar functionality
for IPv4 has been in arping for a long time).
Outgoing multicast packets get reinserted into local processing as if they
are received from the network. The machine thus sees its own NA and fills
the logs with error messages. This patch removes the message if NA has been
generated locally.
Signed-off-by: Jan Sembera <jsembera@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
Hermann Lauer [Tue, 9 Dec 2008 23:39:14 +0000 (15:39 -0800)]
sungem: improve ethtool output with internal pcs and serdes
From: Hermann Lauer <Hermann.Lauer@iwr.uni-heidelberg.de>
Attached is a patch which improves the output of ethtool (see below)
to some sensefull values with a sungem fibre card which uses the
sungem interal pcs connected to a serdes chip. The seriallink case in
the driver is untouched.
Most values are hardcoded, because gigabit fibre autoneg is anyways
limited and the driver don't really support much at the moment with
that hardware.
Signed-off-by: David S. Miller <davem@davemloft.net>
PCIe: ASPM: Break out of endless loop waiting for PCI config bits to switch
Makes a Compaq 6735s boot reliably again. It used to hang in the loop
on some boots. Give the link one second to train, otherwise break out
of the loop and reset the previously set clock bits.
Cc: stable@vger.kernel.org Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: Shaohua Li <shaohua.li@intel.com> Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Alex Chiang [Tue, 2 Dec 2008 01:17:21 +0000 (18:17 -0700)]
PCI: stop leaking 'slot_name' in pci_create_slot
In pci_create_slot(), the local variable 'slot_name' is allocated by
make_slot_name(), but never freed. We never use it after passing it to
the kobject core, so we should free it upon function exit.
Cc: stable@kernel.org Signed-off-by: Alex Chiang <achiang@hp.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Ralf Baechle [Tue, 9 Dec 2008 17:58:46 +0000 (17:58 +0000)]
MIPS: Better than nothing implementation of PCI mmap to fix X.
Certain X11 servers such as the SIS server will only work if PCI mmap is
implemented. This patch implements PCI mmap but to be on the same side
so close to a release it only supports uncached mappings so performance
will not be optimal for some uses such as framebuffers.
Thanks to Zhang Le <r0bertz@gentoo.org> for the original report and
testing.
John Keller [Mon, 8 Dec 2008 17:44:11 +0000 (11:44 -0600)]
[IA64] SN: prevent IRQ retargetting in request_irq()
With the introduction of the generic affinity autoselector,
irq_select_affinity(), IRQs are now being retargetted,
using a default mask, via the request_irq() path.
This results in all IRQs targetted at CPU 0.
SN Altix assigns affinity in the SN PROM, and does not
expect that to be changed as part of request_irq().
Set the IRQ_AFFINITY_SET flag to prevent
request_irq() from resetting affinity.
Signed-off-by: John Keller <jpk@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
ieee1394: node manager causes up to ~3.25s delay in freezing tasks
The firewire nodemanager function "nodemgr_host_thread" contains a loop
that calls try_to_freeze near the top of the loop, but then delays for
up to 3.25 seconds (plus time to do work) before getting back to the top
of the loop. When starting a cycle post-boot, this doesn't seem to bite,
but it is causing a noticeable delay at boot time, when freezing
processes prior to starting to read the image.
The following patch adds invocation of try_to_freeze to the subloops
that are used in the body of this function. With these additions, the
time to freeze when starting to resume at boot time is virtually zero.
I'm no expert on firewire, and so don't know that we shouldn't check
the return value and jump back to the top of the loop or such like after
being frozen, but I submit it for your consideration.
Signed-off-by: Nigel Cunningham <nigel@tuxonice.net>
The delay until nodemgr freezes was up to 0.25s (plus time for node
probes) in Linux 2.6.27 and older and up to 3.25s (plus ~) since Linux
2.6.28-rc1, hence much more noticeable.
try_to_freeze() without any jump is correct. The surrounding code in
the respective loops will catch whether another bus reset happens during
the freeze and handle it.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Brian King [Tue, 9 Dec 2008 14:47:00 +0000 (08:47 -0600)]
sched: CPU remove deadlock fix
Impact: fix possible deadlock in CPU hot-remove path
This patch fixes a possible deadlock scenario in the CPU remove path.
migration_call grabs rq->lock, then wakes up everything on rq->migration_queue
with the lock held. Then one of the tasks on the migration queue ends up
calling tg_shares_up which then also tries to acquire the same rq->lock.
Robin Holt [Mon, 8 Dec 2008 14:43:46 +0000 (08:43 -0600)]
[IA64] Updated the generic_defconfig to work with the 2.6.28-rc7 kernel.
The AUTOFS=y and AUTOFS4=y causes problems with some distros versions of
automount. I turned both of those to =m and then followed the default
prompts for everything else. I did notice that CONFIG_PNP_DEBUG got
changed to CONFIG_PNP_DEBUG_MESSAGES and the default was a =y so I turned
that back to a =n.
Signed-off-by: Robin Holt <holt@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Julia Lawall [Mon, 1 Dec 2008 22:18:37 +0000 (14:18 -0800)]
[IA64] eliminate NULL test and memset after alloc_bootmem
As noted by Akinobu Mita in patch b1fceac2b9e04d278316b2faddf276015fc06e3b,
alloc_bootmem and related functions never return NULL and always return a
zeroed region of memory. Thus a NULL test or memset after calls to these
functions is unnecessary.
Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Tony Luck <tony.luck@intel.com>
Alexey Dobriyan [Tue, 9 Dec 2008 18:01:26 +0000 (10:01 -0800)]
[IA64] remove BUILD_BUG_ON from paravirt_getreg()
CC arch/ia64/kernel/asm-offsets.s
In file included from include/linux/bitops.h:17,
from include/linux/kernel.h:15,
from include/linux/sched.h:52,
from arch/ia64/kernel/asm-offsets.c:9:
arch/ia64/include/asm/bitops.h: In function 'set_bit':
arch/ia64/include/asm/bitops.h:47: error: implicit declaration of function 'BUILD_BUG_ON'
Obvious inclusion of kernel.h doesn't fix it, because of circular dependencies
involving fls.h and log2(). Fixing the latter requires some serious header surgery,
it seems, so just remove BUILD_BUG_ON for now.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Linus Torvalds [Tue, 9 Dec 2008 16:29:31 +0000 (08:29 -0800)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] Fix alignment fault handling for ARMv6 and later CPUs
[ARM] 5340/1: fix stack placement after noexecstack changes
[ARM] 5339/1: fix __fls() on ARM
[ARM] Orion: fix bug in pcie configuration cycle function field mask
[ARM] omap: fix a pile of issues
Linus Torvalds [Tue, 9 Dec 2008 16:28:13 +0000 (08:28 -0800)]
Merge branch 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] fix broken timestamps in AVC generated by kernel threads
[patch 1/1] audit: remove excess kernel-doc
[PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin
[PATCH] return records for fork() both to child and parent
[PATCH] Audit: make audit=0 actually turn off audit
Linus Torvalds [Tue, 9 Dec 2008 16:27:39 +0000 (08:27 -0800)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Disable the GM965 MSI errata workaround.
drm/i915: Don't return error in evict_everything when we get to the end.
drm/radeon: don't actually enable the IRQ regs until irq is enabled
radeonfb: Disable new color expand acceleration unless explicitely enabled
This new color expansion acceleration for radeonfb appears to trigger
problems with X on VT switch and suspend/resume on some machines. It
might be a problem in the VT layer or in X, but I haven't quite found
it yet, so in the meantime, this disables the acceleration by default,
reverting to 2.6.27 state. It can be enabled using the "accel_cexp"
module parameter or fbdev argument.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Brian King [Tue, 9 Dec 2008 11:03:50 +0000 (20:03 +0900)]
[SCSI] ibmvstgt: move crq_queue_create to the end of initialization
Calling crq_queue_create could lead to the creation of a rport. We
need to set up everything before creating a rport. This moves
crq_queue_create to the end of initialization to avoid a race which
causes an oops if lost.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Reported-by: Olaf Hering <olh@suse.de> Cc: stable@kernel.org Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Doug Leith [Tue, 9 Dec 2008 08:13:04 +0000 (00:13 -0800)]
tcp: tcp_vegas cong avoid fix
This patch addresses a book-keeping issue in tcp_vegas.c. At present
tcp_vegas does separate book-keeping of cwnd based on packet sequence
numbers. A mismatch can develop between this book-keeping and
tp->snd_cwnd due, for example, to delayed acks acking multiple
packets. When vegas transitions to reno operation (e.g. following
loss), then this mismatch leads to incorrect behaviour (akin to a cwnd
backoff). This seems mostly to affect operation at low cwnds where
delayed acking can lead to a significant fraction of cwnd being
covered by a single ack, leading to the book-keeping mismatch. This
patch modifies the congestion avoidance update to avoid the need for
separate book-keeping while leaving vegas congestion avoidance
functionally unchanged. A secondary advantage of this modification is
that the use of fixed-point (via V_PARAM_SHIFT) and 64 bit arithmetic
is no longer necessary, simplifying the code.
Some example test measurements with the patched code (confirming no functional
change in the congestion avoidance algorithm) can be seen at:
http://www.hamilton.ie/doug/vegaspatch/
Signed-off-by: Doug Leith <doug.leith@nuim.ie> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 9 Dec 2008 08:10:11 +0000 (00:10 -0800)]
sungem: Make PCS PHY support partially work again.
As reported by Hermann Lauer, PCS PHY support in the sungem
driver simply doesn't work.
When the chip is reset due to open, or some other similar operation,
the PCS is reset too but we don't program it back into a running
state. The result is no link when the device is brought up.
This partially rectifies the situation for the moment, by kicking
the PCS after a sungem chip reset so that it will renegotiate and
be re-enabled again.
The behavior is still a little bit dodgy as the added renegotiate
make the link take some time after bringing the interface up,
but this is a significant improvement in that things actually work
now :-)
Based almost entirely upon an initial patch by Hermann.
Signed-off-by: David S. Miller <davem@davemloft.net>
Randy Dunlap [Mon, 1 Dec 2008 22:16:06 +0000 (14:16 -0800)]
[patch 1/1] audit: remove excess kernel-doc
Delete excess kernel-doc notation in kernel/auditsc.c:
Warning(linux-2.6.27-git10//kernel/auditsc.c:1481): Excess function parameter or struct member 'tsk' description in 'audit_syscall_entry'
Warning(linux-2.6.27-git10//kernel/auditsc.c:1564): Excess function parameter or struct member 'tsk' description in 'audit_syscall_exit'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Mike Frysinger [Tue, 18 Nov 2008 07:03:49 +0000 (15:03 +0800)]
[PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin
If you enable some common audit code, the kernel fails to build.
In file included from lib/audit.c:17:
include/asm-generic/audit_write.h:3: error: '__NR_swapon' undeclared here (not in a function)
make[1]: *** [lib/audit.o] Error 1
make: *** [lib] Error 2
So do not use __NR_swapon if it isnt defined for a port.
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com> Signed-off-by: Bryan Wu <cooloney@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Eric Paris [Wed, 5 Nov 2008 17:47:09 +0000 (12:47 -0500)]
[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing.
Audit always loads and always uses its resources such as creating the
kernel netlink socket. This patch causes audit=0 to actually disable
audit. Audit will use no resources and starting the userspace auditd
daemon will not cause the kernel audit system to activate.
Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Alan Cox [Fri, 5 Dec 2008 19:41:52 +0000 (19:41 +0000)]
pata_sis: Remove bogus cable match
Some systems report SIS 5513 as both vendor/id and subvendor/id
string. In that case we can't distinguish the system by the id
svid/sdid and in fact the entry here breaks some boxes. At some
point we need to find another way to detect the Targa Visionary 1000,
until then this trades a hang for some users with lower performance
for others.
Closes: #12092 Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Jiri Slaby [Wed, 3 Dec 2008 08:13:46 +0000 (09:13 +0100)]
ATA: piix, fix pointer deref on suspend
Hi,
I've found this issue in the mmotm 2008-12-02-17-08.
--
Commit
ata_piix: add borked Tecra M4 to broken suspend list
introduced DMI variables checking, but they can be null, so that
we possibly dereference null.
Check if they are null and avoid checks in that case.
Solves:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffff8043da97>] piix_pci_device_suspend+0x117/0x230
Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Jeff Garzik <jgarzik@redhat.com> Cc: Alexandru Romanescu <a_romanescu@yahoo.co.uk> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Keith Packard [Mon, 8 Dec 2008 19:12:28 +0000 (11:12 -0800)]
drm/i915: Disable the GM965 MSI errata workaround.
Since applying the fix suggested by the errata (disabling MSI), we've had
issues with interrupts being stuck on despite IIR being 0 on GM965 hardware.
Most reporters of the issue have confirmed that turning MSI back on fixes
things, and given the difficulties experienced in getting reliable MSI working
on Linux, it's believable that the errata was about software issues and not
actual hardware issues.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
tproxy: fixe a possible read from an invalid location in the socket match
zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr()
mac80211: use unaligned safe memcmp() in-place of compare_ether_addr()
ipw2200: fix netif_*_queue() removal regression
iwlwifi: clean key table in iwl_clear_stations_table function
tcp: tcp_vegas ssthresh bug fix
can: omit received RTR frames for single ID filter lists
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
netx-eth: initialize per device spinlock
tcp: make urg+gso work for real this time
enc28j60: Fix sporadic packet loss (corrected again)
hysdn: fix writing outside the field on 64 bits
b1isa: fix b1isa_exit() to really remove registered capi controllers
can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter
Phonet: do not dump addresses from other namespaces
netlabel: Fix a potential NULL pointer dereference
bnx2: Add workaround to handle missed MSI.
xfrm: Fix kernel panic when flush and dump SPD entries
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
ide: build-fix for CONFIG_BLK_DEV_IDEDMA_PMAC=n
Revert "ide: respect current DMA setting during resume"
J. Bruce Fields [Mon, 8 Dec 2008 23:24:18 +0000 (18:24 -0500)]
EXPORTFS: handle NULL returns from fh_to_dentry()/fh_to_parent()
While 440037287c5 "[PATCH] switch all filesystems over to
d_obtain_alias" removed some cases where fh_to_dentry() and
fh_to_parent() could return NULL, there are still a few NULL returns
left in individual filesystems. Thus it was a mistake for that commit
to remove the handling of NULL returns in the callers.
Revert those parts of 440037287c5 which removed the NULL handling.
(We could, alternatively, modify all implementations to return -ESTALE
instead of NULL, but that proves to require fixing a number of
filesystems, and in some cases it's arguably more natural to return
NULL.)
Thanks to David for original patch and Linus, Christoph, and Hugh for
review.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: David Howells <dhowells@redhat.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Williams [Mon, 8 Dec 2008 20:46:00 +0000 (13:46 -0700)]
async_xor: dma_map destination DMA_BIDIRECTIONAL
Mapping the destination multiple times is a misuse of the dma-api.
Since the destination may be reused as a source, ensure that it is only
mapped once and that it is mapped bidirectionally. This appears to add
ugliness on the unmap side in that it always reads back the destination
address from the descriptor, but gcc can determine that dma_unmap is a
nop and not emit the code that calculates its arguments.
Cc: <stable@kernel.org> Cc: Saeed Bishara <saeed@marvell.com> Acked-by: Yuri Tikhonov <yur@emcraft.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
IDE pmac host driver build fails with CONFIG_BLK_DEV_IDEDMA_PMAC=n
as reported by Kamalesh:
> drivers/ide/pmac.c: In function 'pmac_ide_set_pio_mode':
> drivers/ide/pmac.c:527: error: implicit declaration of function 'kauai_lookup_timing'
> drivers/ide/pmac.c:527: error: 'shasta_pio_timings' undeclared (first use in this function)
> drivers/ide/pmac.c:527: error: (Each undeclared identifier is reported only once
> drivers/ide/pmac.c:527: error: for each function it appears in.)
> drivers/ide/pmac.c:534: error: 'kauai_pio_timings' undeclared (first use in this function)
> drivers/ide/pmac.c: In function 'pmac_ide_do_resume':
> drivers/ide/pmac.c:914: error: 'IDE_WAKEUP_DELAY' undeclared (first use in this function)
> drivers/ide/pmac.c: At top level:
> drivers/ide/pmac.c:1007: error: 'pmac_ide_init_dma' undeclared here (not in a function)
> drivers/ide/pmac.c: In function 'pmac_ide_setup_device':
> drivers/ide/pmac.c:1107: error: 'IDE_WAKEUP_DELAY' undeclared (first use in this function)
> drivers/ide/pmac.c: In function 'pmac_ide_macio_attach':
> drivers/ide/pmac.c:1209: error: 'pmac_ide_hwif_t' has no member named 'dma_regs'
> drivers/ide/pmac.c:1210: error: 'pmac_ide_hwif_t' has no member named 'dma_regs'
> make[2]: *** [drivers/ide/pmac.o] Error 1
Fix it by removing the superfluous config option.
Reported-and-tested-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Ingo Molnar [Fri, 17 Oct 2008 14:09:57 +0000 (16:09 +0200)]
x86: fix default_spin_lock_flags() prototype
these warnings:
arch/x86/kernel/paravirt-spinlocks.c: In function ‘default_spin_lock_flags’:
arch/x86/kernel/paravirt-spinlocks.c:12: warning: passing argument 1 of ‘__raw_spin_lock’ from incompatible pointer type
arch/x86/kernel/paravirt-spinlocks.c: At top level:
arch/x86/kernel/paravirt-spinlocks.c:11: warning: ‘default_spin_lock_flags’ defined but not used
showed that the prototype of default_spin_lock_flags() was confused about
what type spinlocks have.
Russell King [Sun, 7 Dec 2008 09:44:55 +0000 (09:44 +0000)]
[ARM] Fix alignment fault handling for ARMv6 and later CPUs
On ARMv6 and later CPUs, it is possible for userspace processes to
get stuck on a misaligned load or store due to the "ignore fault"
setting; unlike previous CPUs, retrying the instruction without
the 'A' bit set does not always cause the load to succeed.
We have no real option but to default to fixing up alignment faults
on these CPUs, and having the CPU fix up those misaligned accesses
which it can.
Reported-by: Wolfgang Grandegger <wg@grandegger.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[ARM] 5340/1: fix stack placement after noexecstack changes
Commit 8ec53663d2698076468b3e1edc4e1b418bd54de3 ("[ARM] Improve
non-executable support") added support for detecting non-executable
stack binaries. One of the things it does is to make READ_IMPLIES_EXEC
be set in ->personality if we are running on a CPU that doesn't support
the XN ("Execute Never") page table bit or if we are running a binary
that needs an executable stack.
This exposed a latent bug in ARM's asm/processor.h due to which we'll
end up placing the stack at a very low address, where it will bump into
the heap on any application that uses significant amount of stack or
heap or both, causing many interesting crashes.
Fix this by testing the ADDR_LIMIT_32BIT bit in ->personality instead
of testing for equality against PER_LINUX_32BIT.
Reviewed-by: Nicolas Pitre <nico@marvell.com> Signed-off-by: Lennert Buytenhek <buytenh@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jonathan Corbet [Fri, 5 Dec 2008 23:12:48 +0000 (16:12 -0700)]
Fix a race condition in FASYNC handling
Changeset a238b790d5f99c7832f9b73ac8847025815b85f7 (Call fasync()
functions without the BKL) introduced a race which could leave
file->f_flags in a state inconsistent with what the underlying
driver/filesystem believes. Revert that change, and also fix the same
races in ioctl_fioasync() and ioctl_fionbio().
This is a minimal, short-term fix; the real fix will not involve the
BKL.
Linus Torvalds [Fri, 5 Dec 2008 22:49:18 +0000 (14:49 -0800)]
Enforce a minimum SG_IO timeout
There's no point in having too short SG_IO timeouts, since if the
command does end up timing out, we'll end up through the reset sequence
that is several seconds long in order to abort the command that timed
out.
As a result, shorter timeouts than a few seconds simply do not make
sense, as the recovery would be longer than the timeout itself.
Add a BLK_MIN_SG_TIMEOUT to match the existign BLK_DEFAULT_SG_TIMEOUT.
Suggested-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Jens Axboe <jens.axboe@oracle.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Andrew [Fri, 5 Dec 2008 16:34:56 +0000 (16:34 +0000)]
Fix incorrect use of loose in i2o_block.c
Fix incorrect use of loose in i2o_block.c
It should be 'lose', not 'loose'.
Signed-off-by: Nick Andrew <nick@nick-andrew.net> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Andrew [Fri, 5 Dec 2008 16:34:46 +0000 (16:34 +0000)]
Fix incorrect use of loose in tty/serial drivers
[Folded together as one diff from 3]
It should be 'lose', not 'loose'.
Signed-off-by: Nick Andrew <nick@nick-andrew.net> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 5 Dec 2008 21:30:03 +0000 (13:30 -0800)]
Revert "ACPI: battery: Convert discharge energy rate to current properly"
This reverts commit 558073dd56707864f09d563b64e7c37c021e89d2, along with
the failed try to fix the regression it caused ("ACPI: Fix ACPI battery
regression introduced by commit 558073"), which just made things worse.
Commit aaad077638be1a25871bcae5e43952d6b63abfca (that failed "Fix ACPI
battery regression") got the voltage conversion confused, and fixed the
problem with Rafael's battery monitor apparently just by mistake.
So revert them both, getting us back to the 2.6.27 state in this, and
let's revisit it when people understand what's going on.
Noted-by: Paul Martin <pm@debian.org> Requested-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Len Brown <len.brown@intel.com> Cc: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The 440x5 core in the Virtex5 uses the 440A type machine check
(ie, they have MCSRR0/MCSRR1). They thus need to call the
appropriate fixup function to hook the right variant of the
exception.
Without this, all machine checks become fatal due to loss
of context when entering the exception handler.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Shaddy Baddah [Fri, 28 Nov 2008 06:10:45 +0000 (17:10 +1100)]
zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr()
Under my 2.6.28-rc6 sparc64, when associating to an AP through my
zd1211rw device, I was seeing kernel log messages like (not exact output):
Kernel unaligned access at TPC[10129b68] zd_mac_rx+0x144/0x32c [zd1211rw]
For the zd1211rw module, on RX, the 80211 packet will be located after
the PLCP header in the skb data buffer. The PLCP header being 5 bytes
long, the 80211 header will start unaligned from an aligned skb
buffer.
As per Documentation/unaligned-memory-access.txt, we must replace the
not unaligned() safe compare_ether_addr() with memcmp() to protect
architectures that require alignment.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Shaddy Baddah [Fri, 28 Nov 2008 06:08:10 +0000 (17:08 +1100)]
mac80211: use unaligned safe memcmp() in-place of compare_ether_addr()
After fixing zd1211rw: use unaligned safe memcmp() in-place of
compare_ether_addr(), I started to see kernel log messages detailing
unaligned access:
Kernel unaligned access at TPC[100f7f44] sta_info_get+0x24/0x68 [mac80211]
As with the aforementioned patch, the unaligned access was eminating
from a compare_ether_addr() call. Concerned that whilst it was safe to
assume that unalignment was the norm for the zd1211rw, and take
preventative measures, it may not be the case or acceptable to use the
easy fix of changing the call to memcmp().
My research however indicated that it was OK to do this, as there are
a few instances where memcmp() is the preferred mechanism for doing
mac address comparisons throughout the module.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Zhu Yi [Thu, 27 Nov 2008 05:42:20 +0000 (13:42 +0800)]
ipw2200: fix netif_*_queue() removal regression
In "ipw2200: Call netif_*_queue() interfaces properly", netif_stop_queue()
and netif_wake_queue() were removed with the reason
"netif_carrier_{on,off}() handles starting and stopping packet flow into
the driver". The patch also removes a valid condition check that
ipw_tx_skb() cannot be called if device is not in STATUS_ASSOCIATED state.
But netif_carrier_off() doesn't guarantee netdev->hard_start_xmit won't
be called because linkwatch event is handled in a delayed workqueue. This
caused a kernel oops reported by Frank Seidel:
https://bugzilla.novell.com/show_bug.cgi?id=397390
This patch fixes the problem by moving the STATUS_ASSOCIATED check back
to ipw_tx_skb(). It also adds a missing netif_carrier_off() call to
ipw_disassociate().
Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Chatre, Reinette <reinette.chatre@intel.com> Tested-by: Frank Seidel <fseidel@suse.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tomas Winkler [Tue, 25 Nov 2008 21:29:03 +0000 (23:29 +0200)]
iwlwifi: clean key table in iwl_clear_stations_table function
This patch cleans uCode key table bit map iwl_clear_stations_table
since all stations are cleared also the key table must be.
Since the keys are not removed properly on suspend by mac80211
this may result in exhausting key table on resume leading
to memory corruption during removal
This patch also fixes a memory corruption problem reported in
http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in
http://bugzilla.kernel.org/show_bug.cgi?id=12040.
When the key is removed a second time the offset is set to 255 - this
index is not valid for the ucode_key_table and corrupts the eeprom pointer
(which is 255 bits from ucode_key_table).
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Reported-by: Carlos R. Mafra <crmafra2@gmail.com> Reported-by: Lukas Hejtmanek <xhejtman@ics.muni.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Linus Torvalds [Fri, 5 Dec 2008 05:45:44 +0000 (21:45 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev:
[PATCH] fix bogus argument of blkdev_put() in pktcdvd
[PATCH 2/2] documnt FMODE_ constants
[PATCH 1/2] kill FMODE_NDELAY_NOW
[PATCH] clean up blkdev_get a little bit
[PATCH] Fix block dev compat ioctl handling
[PATCH] kill obsolete temporary comment in swsusp_close()
Linus Torvalds [Fri, 5 Dec 2008 05:44:40 +0000 (21:44 -0800)]
Merge branch 'drm-gem-update' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-gem-update' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Return error in i915_gem_set_to_gtt_domain if we're not in the GTT.
drm/i915: Retry execbuffer pinning after clearing the GTT
drm/i915: Move the execbuffer domain computations together
drm/i915: Rename object_set_domain to object_set_to_gpu_domain
drm/i915: Make a single set-to-cpu-domain path and use it wherever needed.
drm/i915: Make a single set-to-gtt-domain path.
drm/i915: If interrupted while setting object domains, still emit the flush.
drm/i915: Move flushing list cleanup from flush request retire to request emit.
drm/i915: Respect GM965/GM45 bit-17-instead-of-bit-11 option for swizzling.
ACPI: Fix ACPI battery regression introduced by commit 558073
Commit 558073dd56707864f09d563b64e7c37c021e89d2 ("ACPI: battery: Convert
discharge energy rate to current properly") caused the battery subsystem
to report wrong values of the remaining time on battery power and the
time until fully charged on Toshiba Portege R500 (and presumably on
other boxes too).
Fix the issue by correcting the conversion from mW to mA.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 5 Dec 2008 05:40:29 +0000 (21:40 -0800)]
Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
time: catch xtime_nsec underflows and fix them
posix-cpu-timers: fix clock_gettime with CLOCK_PROCESS_CPUTIME_ID
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Sync FPU state in VIS emulation handler.
sparc64: Fix VIS emulation bugs
sparc: asm/bitops.h should define __fls
sparc64: Fix bug in PTRACE_SETFPREGS64 handling.
Linus Torvalds [Fri, 5 Dec 2008 05:40:08 +0000 (21:40 -0800)]
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: fix early panic with boot option "nosmp"
x86/oprofile: fix Intel cpu family 6 detection
oprofile: fix CPU unplug panic in ppro_stop()
AMD IOMMU: fix possible race while accessing iommu->need_sync
AMD IOMMU: set device table entry for aliased devices
AMD IOMMU: struct amd_iommu remove padding on 64 bit
x86: fix broken flushing in GART nofullflush path
x86: fix dma_mapping_error for 32bit x86
Linus Torvalds [Fri, 5 Dec 2008 05:39:41 +0000 (21:39 -0800)]
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
check_hung_task(): unsigned sysctl_hung_task_warnings cannot be less than 0
documentation: local_ops fix on_each_cpu
Linus Torvalds [Fri, 5 Dec 2008 05:39:21 +0000 (21:39 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
MIPS: Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
MIPS: 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
MIPS: o32: Fix number of arguments to splice(2).
MIPS: Malta: Consolidate platform device code.
MIPS: IP22, Fulong, Malta: Update defconfigs.
MIPS: Malta: Add back RTC support
MIPS: Fix potential DOS by untrusted user app.
Dave Chinner [Wed, 3 Dec 2008 22:09:34 +0000 (09:09 +1100)]
[XFS] Fix hang after disallowed rename across directory quota domains
When project quota is active and is being used for directory tree
quota control, we disallow rename outside the current directory
tree. This requires a check to be made after all the inodes
involved in the rename are locked. We fail to unlock the inodes
correctly if we disallow the rename when the target is outside the
current directory tree. This results in a hang on the next access
to the inodes involved in failed rename.
Doug Leith [Fri, 5 Dec 2008 01:17:18 +0000 (17:17 -0800)]
tcp: tcp_vegas ssthresh bug fix
This patch fixes a bug in tcp_vegas.c. At the moment this code leaves
ssthresh untouched. However, this means that the vegas congestion
control algorithm is effectively unable to reduce cwnd below the
ssthresh value (if the vegas update lowers the cwnd below ssthresh,
then slow start is activated to raise it back up). One example where
this matters is when during slow start cwnd overshoots the link
capacity and a flow then exits slow start with ssthresh set to a value
above where congestion avoidance would like to adjust it.
Signed-off-by: Doug Leith <doug.leith@nuim.ie> Signed-off-by: David S. Miller <davem@davemloft.net>
Anton Vorontsov [Thu, 4 Dec 2008 17:52:31 +0000 (20:52 +0300)]
powerpc/83xx: Enable FIXED_PHY in mpc834x_itx and mpc83xx defconfigs
This is needed so that Vitesse 7385 5-port switch could work on
MPC8349E-mITX boards.
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com> Acked-by: Timur Tabi <timur@freescale.com> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Chas Williams [Thu, 4 Dec 2008 22:58:13 +0000 (14:58 -0800)]
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
Ralf Baechle [Wed, 3 Dec 2008 16:33:17 +0000 (16:33 +0000)]
MIPS: o32: Fix number of arguments to splice(2).
The syscall code was assuming splice only takes 4 arguments so no stack
arguments were being copied from the userspace stack to the kernel stack.
As the result splice was likely to fail with EINVAL.
Ralf Baechle [Mon, 1 Dec 2008 08:09:10 +0000 (08:09 +0000)]
MIPS: IP22, Fulong, Malta: Update defconfigs.
These haven't seen much attention for too long but particularly important
enable RTC_CLASS and CONFIG_RTC_HCTOSYS so the wall clock time is set on
kernel startup.
Tiejun Chen [Tue, 25 Nov 2008 08:33:20 +0000 (16:33 +0800)]
MIPS: Malta: Add back RTC support
With the conversion of MIPS to RTC_LIB the old RTC driver CONFIG_RTC became
unselectable. Fix by setting up a platform device. Also enable
RTC_CLASS so system time gets set from RTC on kernel initialization.
[Ralf: Original patch by Tiejun; polished nice and shiny by me]
Vlad Malov [Tue, 18 Nov 2008 23:05:46 +0000 (15:05 -0800)]
MIPS: Fix potential DOS by untrusted user app.
On a 64 bit kernel if an o32 syscall was made with a syscall number less
than 4000, we would read the function from outside of the bounds of the
syscall table. This led to non-deterministic behavior including system
crashes.
While we were at it we reworked the 32 bit version as well to use fewer
instructions. Both 32 and 64 bit versions are use the same code now.