KOSAKI Motohiro [Tue, 9 Dec 2008 21:14:16 +0000 (13:14 -0800)]
mm: remove UP version of lru_add_drain_all()
Currently, lru_add_drain_all() has two version.
(1) use schedule_on_each_cpu()
(2) don't use schedule_on_each_cpu()
Gerald Schaefer reported it doesn't work well on SMP (not NUMA) S390
machine.
offline_pages() calls lru_add_drain_all() followed by drain_all_pages().
While drain_all_pages() works on each cpu, lru_add_drain_all() only runs
on the current cpu for architectures w/o CONFIG_NUMA. This let us run
into the BUG_ON(!PageBuddy(page)) in __offline_isolated_pages() during
memory hotplug stress test on s390. The page in question was still on the
pcp list, because of a race with lru_add_drain_all() and drain_all_pages()
on different cpus.
Actually, Almost machine has CONFIG_UNEVICTABLE_LRU=y. Then almost machine use
(1) version lru_add_drain_all although the machine is UP.
Then this ifdef is not valueable.
simple removing is better.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com> Acked-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Cc: Dave Hansen <dave@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
percpu counter: clean up percpu_counter_sum_and_set()
Before this patch we had the following:
percpu_counter_sum(): return the percpu_counter's value
percpu_counter_sum_and_set(): return the percpu_counter's value, copying
that value into the central value and zeroing the per-cpu counters before
returning.
After this patch, percpu_counter_sum_and_set() has gone, and
percpu_counter_sum() gets the old percpu_counter_sum_and_set()
functionality.
Problem is, as Eric points out, the old percpu_counter_sum_and_set()
functionality was racy and wrong. It zeroes out counters on "other" cpus,
without holding any locks which will prevent races agaist updates from
those other CPUS.
This patch reverts 1f7c14c62ce63805f9574664a6c6de3633d4a354. This means
that percpu_counter_sum_and_set() still has the race, but
percpu_counter_sum() does not.
Note that this is not a simple revert - ext4 has since started using
percpu_counter_sum() for its dirty_blocks counter as well.
Note that this revert patch changes percpu_counter_sum() semantics.
Before the patch, a call to percpu_counter_sum() will bring the counter's
central counter mostly up-to-date, so a following percpu_counter_read()
will return a close value.
After this patch, a call to percpu_counter_sum() will leave the counter's
central accumulator unaltered, so a subsequent call to
percpu_counter_read() can now return a significantly inaccurate result.
If there is any code in the tree which was introduced after e8ced39d5e8911c662d4d69a342b9d053eaaac4e was merged, and which depends
upon the new percpu_counter_sum() semantics, that code will break.
Reported-by: Eric Dumazet <dada1@cosmosbay.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Mingming Cao <cmm@us.ibm.com> Cc: <linux-ext4@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Dumazet [Tue, 9 Dec 2008 21:14:11 +0000 (13:14 -0800)]
percpu_counter: fix CPU unplug race in percpu_counter_destroy()
We should first delete the counter from percpu_counters list
before freeing memory, or a percpu_counter_hotcpu_callback()
could dereference a NULL pointer.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: David S. Miller <davem@davemloft.net> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Mingming Cao <cmm@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
rtc: fix missing id_table in rtc-ds1672 and rtc-max6900 drivers
Add missing id_table to the drivers in subject. Patch is against the
latest git. It should go in with 2.6.28 if possible, the drivers won't
work without the id_table bits.
Signed-off-by: Alessandro Zummo <a.zummo@towertech.it> Reported-by: Imre Kaloz <kaloz@openwrt.org> Tested-by: Imre Kaloz <kaloz@openwrt.org> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Balbir Singh [Tue, 9 Dec 2008 21:14:07 +0000 (13:14 -0800)]
uml: boot broken due to buffer overrun
mconsole_init() passed 256 bytes as length in os_create_unix_socket, while
the sizeof UNIX_PATH_MAX is 108. This patch fixes that problem and avoids
a big overrun bug reported on UML bootup.
sockaddr_un.sun_path is UNIX_PATH_MAX long which causes the problem. Reported-by: Vikas K Managutte <vikki.km@gmail.com> Reported-by: Sarvesh Kumar Lal Das <skldas@gmail.com> Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com> Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi> Reviewed-by: WANG Cong <wangcong@zeuux.org> Cc: Jeff Dike <jdike@addtoit.com> Cc: <stable@kernel.org> [please check with Jeff] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Tue, 9 Dec 2008 21:14:06 +0000 (13:14 -0800)]
mm/backing-dev.c: remove recently-added WARN_ON()
On second thoughts, this is just going to disturb people while telling us
things which we already knew.
Cc: Peter Korsgaard <jacmet@sunsite.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 9 Dec 2008 16:29:31 +0000 (08:29 -0800)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] Fix alignment fault handling for ARMv6 and later CPUs
[ARM] 5340/1: fix stack placement after noexecstack changes
[ARM] 5339/1: fix __fls() on ARM
[ARM] Orion: fix bug in pcie configuration cycle function field mask
[ARM] omap: fix a pile of issues
Linus Torvalds [Tue, 9 Dec 2008 16:28:13 +0000 (08:28 -0800)]
Merge branch 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] fix broken timestamps in AVC generated by kernel threads
[patch 1/1] audit: remove excess kernel-doc
[PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin
[PATCH] return records for fork() both to child and parent
[PATCH] Audit: make audit=0 actually turn off audit
Linus Torvalds [Tue, 9 Dec 2008 16:27:39 +0000 (08:27 -0800)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Disable the GM965 MSI errata workaround.
drm/i915: Don't return error in evict_everything when we get to the end.
drm/radeon: don't actually enable the IRQ regs until irq is enabled
radeonfb: Disable new color expand acceleration unless explicitely enabled
This new color expansion acceleration for radeonfb appears to trigger
problems with X on VT switch and suspend/resume on some machines. It
might be a problem in the VT layer or in X, but I haven't quite found
it yet, so in the meantime, this disables the acceleration by default,
reverting to 2.6.27 state. It can be enabled using the "accel_cexp"
module parameter or fbdev argument.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Mon, 1 Dec 2008 22:16:06 +0000 (14:16 -0800)]
[patch 1/1] audit: remove excess kernel-doc
Delete excess kernel-doc notation in kernel/auditsc.c:
Warning(linux-2.6.27-git10//kernel/auditsc.c:1481): Excess function parameter or struct member 'tsk' description in 'audit_syscall_entry'
Warning(linux-2.6.27-git10//kernel/auditsc.c:1564): Excess function parameter or struct member 'tsk' description in 'audit_syscall_exit'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Mike Frysinger [Tue, 18 Nov 2008 07:03:49 +0000 (15:03 +0800)]
[PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin
If you enable some common audit code, the kernel fails to build.
In file included from lib/audit.c:17:
include/asm-generic/audit_write.h:3: error: '__NR_swapon' undeclared here (not in a function)
make[1]: *** [lib/audit.o] Error 1
make: *** [lib] Error 2
So do not use __NR_swapon if it isnt defined for a port.
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com> Signed-off-by: Bryan Wu <cooloney@kernel.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Eric Paris [Wed, 5 Nov 2008 17:47:09 +0000 (12:47 -0500)]
[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing.
Audit always loads and always uses its resources such as creating the
kernel netlink socket. This patch causes audit=0 to actually disable
audit. Audit will use no resources and starting the userspace auditd
daemon will not cause the kernel audit system to activate.
Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Alan Cox [Fri, 5 Dec 2008 19:41:52 +0000 (19:41 +0000)]
pata_sis: Remove bogus cable match
Some systems report SIS 5513 as both vendor/id and subvendor/id
string. In that case we can't distinguish the system by the id
svid/sdid and in fact the entry here breaks some boxes. At some
point we need to find another way to detect the Targa Visionary 1000,
until then this trades a hang for some users with lower performance
for others.
Closes: #12092 Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Jiri Slaby [Wed, 3 Dec 2008 08:13:46 +0000 (09:13 +0100)]
ATA: piix, fix pointer deref on suspend
Hi,
I've found this issue in the mmotm 2008-12-02-17-08.
--
Commit
ata_piix: add borked Tecra M4 to broken suspend list
introduced DMI variables checking, but they can be null, so that
we possibly dereference null.
Check if they are null and avoid checks in that case.
Solves:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffff8043da97>] piix_pci_device_suspend+0x117/0x230
Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Jeff Garzik <jgarzik@redhat.com> Cc: Alexandru Romanescu <a_romanescu@yahoo.co.uk> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Keith Packard [Mon, 8 Dec 2008 19:12:28 +0000 (11:12 -0800)]
drm/i915: Disable the GM965 MSI errata workaround.
Since applying the fix suggested by the errata (disabling MSI), we've had
issues with interrupts being stuck on despite IIR being 0 on GM965 hardware.
Most reporters of the issue have confirmed that turning MSI back on fixes
things, and given the difficulties experienced in getting reliable MSI working
on Linux, it's believable that the errata was about software issues and not
actual hardware issues.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
tproxy: fixe a possible read from an invalid location in the socket match
zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr()
mac80211: use unaligned safe memcmp() in-place of compare_ether_addr()
ipw2200: fix netif_*_queue() removal regression
iwlwifi: clean key table in iwl_clear_stations_table function
tcp: tcp_vegas ssthresh bug fix
can: omit received RTR frames for single ID filter lists
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
netx-eth: initialize per device spinlock
tcp: make urg+gso work for real this time
enc28j60: Fix sporadic packet loss (corrected again)
hysdn: fix writing outside the field on 64 bits
b1isa: fix b1isa_exit() to really remove registered capi controllers
can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter
Phonet: do not dump addresses from other namespaces
netlabel: Fix a potential NULL pointer dereference
bnx2: Add workaround to handle missed MSI.
xfrm: Fix kernel panic when flush and dump SPD entries
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
ide: build-fix for CONFIG_BLK_DEV_IDEDMA_PMAC=n
Revert "ide: respect current DMA setting during resume"
J. Bruce Fields [Mon, 8 Dec 2008 23:24:18 +0000 (18:24 -0500)]
EXPORTFS: handle NULL returns from fh_to_dentry()/fh_to_parent()
While 440037287c5 "[PATCH] switch all filesystems over to
d_obtain_alias" removed some cases where fh_to_dentry() and
fh_to_parent() could return NULL, there are still a few NULL returns
left in individual filesystems. Thus it was a mistake for that commit
to remove the handling of NULL returns in the callers.
Revert those parts of 440037287c5 which removed the NULL handling.
(We could, alternatively, modify all implementations to return -ESTALE
instead of NULL, but that proves to require fixing a number of
filesystems, and in some cases it's arguably more natural to return
NULL.)
Thanks to David for original patch and Linus, Christoph, and Hugh for
review.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: David Howells <dhowells@redhat.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
IDE pmac host driver build fails with CONFIG_BLK_DEV_IDEDMA_PMAC=n
as reported by Kamalesh:
> drivers/ide/pmac.c: In function 'pmac_ide_set_pio_mode':
> drivers/ide/pmac.c:527: error: implicit declaration of function 'kauai_lookup_timing'
> drivers/ide/pmac.c:527: error: 'shasta_pio_timings' undeclared (first use in this function)
> drivers/ide/pmac.c:527: error: (Each undeclared identifier is reported only once
> drivers/ide/pmac.c:527: error: for each function it appears in.)
> drivers/ide/pmac.c:534: error: 'kauai_pio_timings' undeclared (first use in this function)
> drivers/ide/pmac.c: In function 'pmac_ide_do_resume':
> drivers/ide/pmac.c:914: error: 'IDE_WAKEUP_DELAY' undeclared (first use in this function)
> drivers/ide/pmac.c: At top level:
> drivers/ide/pmac.c:1007: error: 'pmac_ide_init_dma' undeclared here (not in a function)
> drivers/ide/pmac.c: In function 'pmac_ide_setup_device':
> drivers/ide/pmac.c:1107: error: 'IDE_WAKEUP_DELAY' undeclared (first use in this function)
> drivers/ide/pmac.c: In function 'pmac_ide_macio_attach':
> drivers/ide/pmac.c:1209: error: 'pmac_ide_hwif_t' has no member named 'dma_regs'
> drivers/ide/pmac.c:1210: error: 'pmac_ide_hwif_t' has no member named 'dma_regs'
> make[2]: *** [drivers/ide/pmac.o] Error 1
Fix it by removing the superfluous config option.
Reported-and-tested-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Ingo Molnar [Fri, 17 Oct 2008 14:09:57 +0000 (16:09 +0200)]
x86: fix default_spin_lock_flags() prototype
these warnings:
arch/x86/kernel/paravirt-spinlocks.c: In function ‘default_spin_lock_flags’:
arch/x86/kernel/paravirt-spinlocks.c:12: warning: passing argument 1 of ‘__raw_spin_lock’ from incompatible pointer type
arch/x86/kernel/paravirt-spinlocks.c: At top level:
arch/x86/kernel/paravirt-spinlocks.c:11: warning: ‘default_spin_lock_flags’ defined but not used
showed that the prototype of default_spin_lock_flags() was confused about
what type spinlocks have.
Russell King [Sun, 7 Dec 2008 09:44:55 +0000 (09:44 +0000)]
[ARM] Fix alignment fault handling for ARMv6 and later CPUs
On ARMv6 and later CPUs, it is possible for userspace processes to
get stuck on a misaligned load or store due to the "ignore fault"
setting; unlike previous CPUs, retrying the instruction without
the 'A' bit set does not always cause the load to succeed.
We have no real option but to default to fixing up alignment faults
on these CPUs, and having the CPU fix up those misaligned accesses
which it can.
Reported-by: Wolfgang Grandegger <wg@grandegger.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[ARM] 5340/1: fix stack placement after noexecstack changes
Commit 8ec53663d2698076468b3e1edc4e1b418bd54de3 ("[ARM] Improve
non-executable support") added support for detecting non-executable
stack binaries. One of the things it does is to make READ_IMPLIES_EXEC
be set in ->personality if we are running on a CPU that doesn't support
the XN ("Execute Never") page table bit or if we are running a binary
that needs an executable stack.
This exposed a latent bug in ARM's asm/processor.h due to which we'll
end up placing the stack at a very low address, where it will bump into
the heap on any application that uses significant amount of stack or
heap or both, causing many interesting crashes.
Fix this by testing the ADDR_LIMIT_32BIT bit in ->personality instead
of testing for equality against PER_LINUX_32BIT.
Reviewed-by: Nicolas Pitre <nico@marvell.com> Signed-off-by: Lennert Buytenhek <buytenh@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jonathan Corbet [Fri, 5 Dec 2008 23:12:48 +0000 (16:12 -0700)]
Fix a race condition in FASYNC handling
Changeset a238b790d5f99c7832f9b73ac8847025815b85f7 (Call fasync()
functions without the BKL) introduced a race which could leave
file->f_flags in a state inconsistent with what the underlying
driver/filesystem believes. Revert that change, and also fix the same
races in ioctl_fioasync() and ioctl_fionbio().
This is a minimal, short-term fix; the real fix will not involve the
BKL.
Linus Torvalds [Fri, 5 Dec 2008 22:49:18 +0000 (14:49 -0800)]
Enforce a minimum SG_IO timeout
There's no point in having too short SG_IO timeouts, since if the
command does end up timing out, we'll end up through the reset sequence
that is several seconds long in order to abort the command that timed
out.
As a result, shorter timeouts than a few seconds simply do not make
sense, as the recovery would be longer than the timeout itself.
Add a BLK_MIN_SG_TIMEOUT to match the existign BLK_DEFAULT_SG_TIMEOUT.
Suggested-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Jens Axboe <jens.axboe@oracle.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Andrew [Fri, 5 Dec 2008 16:34:56 +0000 (16:34 +0000)]
Fix incorrect use of loose in i2o_block.c
Fix incorrect use of loose in i2o_block.c
It should be 'lose', not 'loose'.
Signed-off-by: Nick Andrew <nick@nick-andrew.net> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Andrew [Fri, 5 Dec 2008 16:34:46 +0000 (16:34 +0000)]
Fix incorrect use of loose in tty/serial drivers
[Folded together as one diff from 3]
It should be 'lose', not 'loose'.
Signed-off-by: Nick Andrew <nick@nick-andrew.net> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 5 Dec 2008 21:30:03 +0000 (13:30 -0800)]
Revert "ACPI: battery: Convert discharge energy rate to current properly"
This reverts commit 558073dd56707864f09d563b64e7c37c021e89d2, along with
the failed try to fix the regression it caused ("ACPI: Fix ACPI battery
regression introduced by commit 558073"), which just made things worse.
Commit aaad077638be1a25871bcae5e43952d6b63abfca (that failed "Fix ACPI
battery regression") got the voltage conversion confused, and fixed the
problem with Rafael's battery monitor apparently just by mistake.
So revert them both, getting us back to the 2.6.27 state in this, and
let's revisit it when people understand what's going on.
Noted-by: Paul Martin <pm@debian.org> Requested-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Len Brown <len.brown@intel.com> Cc: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The 440x5 core in the Virtex5 uses the 440A type machine check
(ie, they have MCSRR0/MCSRR1). They thus need to call the
appropriate fixup function to hook the right variant of the
exception.
Without this, all machine checks become fatal due to loss
of context when entering the exception handler.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Shaddy Baddah [Fri, 28 Nov 2008 06:10:45 +0000 (17:10 +1100)]
zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr()
Under my 2.6.28-rc6 sparc64, when associating to an AP through my
zd1211rw device, I was seeing kernel log messages like (not exact output):
Kernel unaligned access at TPC[10129b68] zd_mac_rx+0x144/0x32c [zd1211rw]
For the zd1211rw module, on RX, the 80211 packet will be located after
the PLCP header in the skb data buffer. The PLCP header being 5 bytes
long, the 80211 header will start unaligned from an aligned skb
buffer.
As per Documentation/unaligned-memory-access.txt, we must replace the
not unaligned() safe compare_ether_addr() with memcmp() to protect
architectures that require alignment.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Shaddy Baddah [Fri, 28 Nov 2008 06:08:10 +0000 (17:08 +1100)]
mac80211: use unaligned safe memcmp() in-place of compare_ether_addr()
After fixing zd1211rw: use unaligned safe memcmp() in-place of
compare_ether_addr(), I started to see kernel log messages detailing
unaligned access:
Kernel unaligned access at TPC[100f7f44] sta_info_get+0x24/0x68 [mac80211]
As with the aforementioned patch, the unaligned access was eminating
from a compare_ether_addr() call. Concerned that whilst it was safe to
assume that unalignment was the norm for the zd1211rw, and take
preventative measures, it may not be the case or acceptable to use the
easy fix of changing the call to memcmp().
My research however indicated that it was OK to do this, as there are
a few instances where memcmp() is the preferred mechanism for doing
mac address comparisons throughout the module.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Zhu Yi [Thu, 27 Nov 2008 05:42:20 +0000 (13:42 +0800)]
ipw2200: fix netif_*_queue() removal regression
In "ipw2200: Call netif_*_queue() interfaces properly", netif_stop_queue()
and netif_wake_queue() were removed with the reason
"netif_carrier_{on,off}() handles starting and stopping packet flow into
the driver". The patch also removes a valid condition check that
ipw_tx_skb() cannot be called if device is not in STATUS_ASSOCIATED state.
But netif_carrier_off() doesn't guarantee netdev->hard_start_xmit won't
be called because linkwatch event is handled in a delayed workqueue. This
caused a kernel oops reported by Frank Seidel:
https://bugzilla.novell.com/show_bug.cgi?id=397390
This patch fixes the problem by moving the STATUS_ASSOCIATED check back
to ipw_tx_skb(). It also adds a missing netif_carrier_off() call to
ipw_disassociate().
Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Chatre, Reinette <reinette.chatre@intel.com> Tested-by: Frank Seidel <fseidel@suse.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tomas Winkler [Tue, 25 Nov 2008 21:29:03 +0000 (23:29 +0200)]
iwlwifi: clean key table in iwl_clear_stations_table function
This patch cleans uCode key table bit map iwl_clear_stations_table
since all stations are cleared also the key table must be.
Since the keys are not removed properly on suspend by mac80211
this may result in exhausting key table on resume leading
to memory corruption during removal
This patch also fixes a memory corruption problem reported in
http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in
http://bugzilla.kernel.org/show_bug.cgi?id=12040.
When the key is removed a second time the offset is set to 255 - this
index is not valid for the ucode_key_table and corrupts the eeprom pointer
(which is 255 bits from ucode_key_table).
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Reported-by: Carlos R. Mafra <crmafra2@gmail.com> Reported-by: Lukas Hejtmanek <xhejtman@ics.muni.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Linus Torvalds [Fri, 5 Dec 2008 05:45:44 +0000 (21:45 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev:
[PATCH] fix bogus argument of blkdev_put() in pktcdvd
[PATCH 2/2] documnt FMODE_ constants
[PATCH 1/2] kill FMODE_NDELAY_NOW
[PATCH] clean up blkdev_get a little bit
[PATCH] Fix block dev compat ioctl handling
[PATCH] kill obsolete temporary comment in swsusp_close()
Linus Torvalds [Fri, 5 Dec 2008 05:44:40 +0000 (21:44 -0800)]
Merge branch 'drm-gem-update' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-gem-update' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Return error in i915_gem_set_to_gtt_domain if we're not in the GTT.
drm/i915: Retry execbuffer pinning after clearing the GTT
drm/i915: Move the execbuffer domain computations together
drm/i915: Rename object_set_domain to object_set_to_gpu_domain
drm/i915: Make a single set-to-cpu-domain path and use it wherever needed.
drm/i915: Make a single set-to-gtt-domain path.
drm/i915: If interrupted while setting object domains, still emit the flush.
drm/i915: Move flushing list cleanup from flush request retire to request emit.
drm/i915: Respect GM965/GM45 bit-17-instead-of-bit-11 option for swizzling.
ACPI: Fix ACPI battery regression introduced by commit 558073
Commit 558073dd56707864f09d563b64e7c37c021e89d2 ("ACPI: battery: Convert
discharge energy rate to current properly") caused the battery subsystem
to report wrong values of the remaining time on battery power and the
time until fully charged on Toshiba Portege R500 (and presumably on
other boxes too).
Fix the issue by correcting the conversion from mW to mA.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 5 Dec 2008 05:40:29 +0000 (21:40 -0800)]
Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
time: catch xtime_nsec underflows and fix them
posix-cpu-timers: fix clock_gettime with CLOCK_PROCESS_CPUTIME_ID
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Sync FPU state in VIS emulation handler.
sparc64: Fix VIS emulation bugs
sparc: asm/bitops.h should define __fls
sparc64: Fix bug in PTRACE_SETFPREGS64 handling.
Linus Torvalds [Fri, 5 Dec 2008 05:40:08 +0000 (21:40 -0800)]
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: fix early panic with boot option "nosmp"
x86/oprofile: fix Intel cpu family 6 detection
oprofile: fix CPU unplug panic in ppro_stop()
AMD IOMMU: fix possible race while accessing iommu->need_sync
AMD IOMMU: set device table entry for aliased devices
AMD IOMMU: struct amd_iommu remove padding on 64 bit
x86: fix broken flushing in GART nofullflush path
x86: fix dma_mapping_error for 32bit x86
Linus Torvalds [Fri, 5 Dec 2008 05:39:41 +0000 (21:39 -0800)]
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
check_hung_task(): unsigned sysctl_hung_task_warnings cannot be less than 0
documentation: local_ops fix on_each_cpu
Linus Torvalds [Fri, 5 Dec 2008 05:39:21 +0000 (21:39 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
MIPS: Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
MIPS: 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
MIPS: o32: Fix number of arguments to splice(2).
MIPS: Malta: Consolidate platform device code.
MIPS: IP22, Fulong, Malta: Update defconfigs.
MIPS: Malta: Add back RTC support
MIPS: Fix potential DOS by untrusted user app.
Dave Chinner [Wed, 3 Dec 2008 22:09:34 +0000 (09:09 +1100)]
[XFS] Fix hang after disallowed rename across directory quota domains
When project quota is active and is being used for directory tree
quota control, we disallow rename outside the current directory
tree. This requires a check to be made after all the inodes
involved in the rename are locked. We fail to unlock the inodes
correctly if we disallow the rename when the target is outside the
current directory tree. This results in a hang on the next access
to the inodes involved in failed rename.
Doug Leith [Fri, 5 Dec 2008 01:17:18 +0000 (17:17 -0800)]
tcp: tcp_vegas ssthresh bug fix
This patch fixes a bug in tcp_vegas.c. At the moment this code leaves
ssthresh untouched. However, this means that the vegas congestion
control algorithm is effectively unable to reduce cwnd below the
ssthresh value (if the vegas update lowers the cwnd below ssthresh,
then slow start is activated to raise it back up). One example where
this matters is when during slow start cwnd overshoots the link
capacity and a flow then exits slow start with ssthresh set to a value
above where congestion avoidance would like to adjust it.
Signed-off-by: Doug Leith <doug.leith@nuim.ie> Signed-off-by: David S. Miller <davem@davemloft.net>
Anton Vorontsov [Thu, 4 Dec 2008 17:52:31 +0000 (20:52 +0300)]
powerpc/83xx: Enable FIXED_PHY in mpc834x_itx and mpc83xx defconfigs
This is needed so that Vitesse 7385 5-port switch could work on
MPC8349E-mITX boards.
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com> Acked-by: Timur Tabi <timur@freescale.com> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Chas Williams [Thu, 4 Dec 2008 22:58:13 +0000 (14:58 -0800)]
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
Ralf Baechle [Wed, 3 Dec 2008 16:33:17 +0000 (16:33 +0000)]
MIPS: o32: Fix number of arguments to splice(2).
The syscall code was assuming splice only takes 4 arguments so no stack
arguments were being copied from the userspace stack to the kernel stack.
As the result splice was likely to fail with EINVAL.
Ralf Baechle [Mon, 1 Dec 2008 08:09:10 +0000 (08:09 +0000)]
MIPS: IP22, Fulong, Malta: Update defconfigs.
These haven't seen much attention for too long but particularly important
enable RTC_CLASS and CONFIG_RTC_HCTOSYS so the wall clock time is set on
kernel startup.
Tiejun Chen [Tue, 25 Nov 2008 08:33:20 +0000 (16:33 +0800)]
MIPS: Malta: Add back RTC support
With the conversion of MIPS to RTC_LIB the old RTC driver CONFIG_RTC became
unselectable. Fix by setting up a platform device. Also enable
RTC_CLASS so system time gets set from RTC on kernel initialization.
[Ralf: Original patch by Tiejun; polished nice and shiny by me]
Vlad Malov [Tue, 18 Nov 2008 23:05:46 +0000 (15:05 -0800)]
MIPS: Fix potential DOS by untrusted user app.
On a 64 bit kernel if an o32 syscall was made with a syscall number less
than 4000, we would read the function from outside of the bounds of the
syscall table. This led to non-deterministic behavior including system
crashes.
While we were at it we reworked the 32 bit version as well to use fewer
instructions. Both 32 and 64 bit versions are use the same code now.
Update FMODE_NDELAY before each ioctl call so that we can kill the
magic FMODE_NDELAY_NOW. It would be even better to do this directly
in setfl(), but for that we'd need to have FMODE_NDELAY for all files,
not just block special files.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Andreas Schwab [Fri, 31 Oct 2008 21:39:46 +0000 (22:39 +0100)]
[PATCH] Fix block dev compat ioctl handling
Commit 33c2dca4957bd0da3e1af7b96d0758d97e708ef6 (trim file propagation
in block/compat_ioctl.c) removed the handling of some ioctls from
compat_blkdev_driver_ioctl. That caused them to be rejected as unknown
by the compat layer.
Signed-off-by: Andreas Schwab <schwab@suse.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sun, 30 Nov 2008 06:47:12 +0000 (01:47 -0500)]
[PATCH] kill obsolete temporary comment in swsusp_close()
it had been put there to mark the call of blkdev_put() that
needed proper argument propagated to it; later patch in the
same series had done just that.
Nicolas Pitre [Thu, 4 Dec 2008 02:59:41 +0000 (03:59 +0100)]
[ARM] 5339/1: fix __fls() on ARM
Commit 0c65f459ce6c intended to fix truncation issues with fls() on
ARMv5+ by renaming it to __fls() and wrapping it into a C function.
However that didn't take into account the fact that __fls() already
already had different semantics in the kernel.
Let's move the __fls() code into fls() function directly, and redefine
__fls() with the appropriate semantics. While at it, bring a generic
__fls() definition for pre ARMv5 too.
Signed-off-by: Nicolas Pitre <nico@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
john stultz [Tue, 2 Dec 2008 02:34:41 +0000 (18:34 -0800)]
time: catch xtime_nsec underflows and fix them
Impact: fix time warp bug
Alex Shi, along with Yanmin Zhang have been noticing occasional time
inconsistencies recently. Through their great diagnosis, they found that
the xtime_nsec value used in update_wall_time was occasionally going
negative. After looking through the code for awhile, I realized we have
the possibility for an underflow when three conditions are met in
update_wall_time():
1) We have accumulated a second's worth of nanoseconds, so we
incremented xtime.tv_sec and appropriately decrement xtime_nsec.
(This doesn't cause xtime_nsec to go negative, but it can cause it
to be small).
2) The remaining offset value is large, but just slightly less then
cycle_interval.
3) clocksource_adjust() is speeding up the clock, causing a
corrective amount (compensating for the increase in the multiplier
being multiplied against the unaccumulated offset value) to be
subtracted from xtime_nsec.
This can cause xtime_nsec to underflow.
Unfortunately, since we notify the NTP subsystem via second_overflow()
whenever we accumulate a full second, and this effects the error
accumulation that has already occured, we cannot simply revert the
accumulated second from xtime nor move the second accumulation to after
the clocksource_adjust call without a change in behavior.
This leaves us with (at least) two options:
1) Simply return from clocksource_adjust() without making a change if we
notice the adjustment would cause xtime_nsec to go negative.
This would work, but I'm concerned that if a large adjustment was needed
(due to the error being large), it may be possible to get stuck with an
ever increasing error that becomes too large to correct (since it may
always force xtime_nsec negative). This may just be paranoia on my part.
2) Catch xtime_nsec if it is negative, then add back the amount its
negative to both xtime_nsec and the error.
This second method is consistent with how we've handled earlier rounding
issues, and also has the benefit that the error being added is always in
the oposite direction also always equal or smaller then the correction
being applied. So the risk of a corner case where things get out of
control is lessened.
This patch fixes bug 11970, as tested by Yanmin Zhang
http://bugzilla.kernel.org/show_bug.cgi?id=11970
The spinlock used in the netx-eth driver was never properly initialized.
This was noticed using CONFIG_DEBUG_SPINLOCK=y
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Thu, 4 Dec 2008 05:24:48 +0000 (21:24 -0800)]
tcp: make urg+gso work for real this time
I should have noticed this earlier... :-) The previous solution
to URG+GSO/TSO will cause SACK block tcp_fragment to do zig-zig
patterns, or even worse, a steep downward slope into packet
counting because each skb pcount would be truncated to pcount
of 2 and then the following fragments of the later portion would
restore the window again.
Basically this reverts "tcp: Do not use TSO/GSO when there is
urgent data" (33cf71cee1). It also removes some unnecessary code
from tcp_current_mss that didn't work as intented either (could
be that something was changed down the road, or it might have
been broken since the dawn of time) because it only works once
urg is already written while this bug shows up starting from
~64k before the urg point.
The retransmissions already are split to mss sized chunks, so
only new data sending paths need splitting in case they have
a segment otherwise suitable for gso/tso. The actually check
can be improved to be more narrow but since this is late -rc
already, I'll postpone thinking the more fine-grained things.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Baruch Siach [Tue, 2 Dec 2008 05:07:01 +0000 (05:07 +0000)]
enc28j60: Fix sporadic packet loss (corrected again)
Packet data read from the RX buffer the when the RSV is at the end of the RX
buffer does not warp around. This causes packet loss, as the actual data is
never read. Fix this by calculating the right packet data location.
Thanks to Shachar Shemesh for suggesting the fix.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Acked-by: Claudio Lanconelli <lanconelli.claudio@eptar.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Pascal Terjan [Mon, 1 Dec 2008 12:24:25 +0000 (12:24 +0000)]
hysdn: fix writing outside the field on 64 bits
ifa_local is assumed to be unsigned long which lead to writing the address
at dev->dev_addr-2 instead of +2
noticed thanks to gcc:
drivers/isdn/hysdn/hysdn_net.c: In function `net_open':
drivers/isdn/hysdn/hysdn_net.c:91: warning: array subscript is below array bounds
Signed-off-by: Pascal Terjan <pterjan@mandriva.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Wilfried Klaebe [Thu, 4 Dec 2008 04:57:19 +0000 (20:57 -0800)]
b1isa: fix b1isa_exit() to really remove registered capi controllers
On "/etc/init.d/capiutils stop", this oops happened.
The oops happens on reading /proc/capi/controllers because
capi_ctrl->procinfo is called for the wrongly not unregistered
controller, which points to b1isa_procinfo(), which was removed on
module unload.
b1isa_exit() did not call b1isa_remove() for its controllers because
io[0] == 0 on module unload despite having been 0x340 on module load.
Besides, just removing the controllers that where added on module
load time and not those that were added later via b1isa_add_card() is
wrong too - the place where all added cards are found is isa_dev[].
relevant dmesg lines:
[ 0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008
[ 67.403555] CAPI Subsystem Rev 1.1.2.8
[ 68.529154] capifs: Rev 1.1.2.3
[ 68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs)
[ 77.026936] b1: revision 1.1.2.2
[ 77.049992] b1isa: revision 1.1.2.3
[ 77.722655] kcapi: Controller [001]: b1isa-340 attached
[ 77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255
[ 81.272669] b1isa-340: card 1 "B1" ready.
[ 81.272683] b1isa-340: card 1 Protocol: DSS1
[ 81.272689] b1isa-340: card 1 Linetype: point to multipoint
[ 81.272695] b1isa-340: B1-card (3.11-03) now active
[ 81.272702] kcapi: card [001] "b1isa-340" ready.
Signed-off-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Joseph Myers [Thu, 4 Dec 2008 03:36:05 +0000 (19:36 -0800)]
sparc64: Fix VIS emulation bugs
This patch fixes some bugs in VIS emulation that cause the GCC test
failure
FAIL: gcc.target/sparc/pdist-3.c execution test
for both 32-bit and 64-bit testing on hardware lacking these
instructions. The emulation code for the pdist instruction uses
RS1(insn) for both source registers rs1 and rs2, which is obviously
wrong and leads to the instruction doing nothing (the observed
problem), and further inspection of the code shows that RS1 uses a
shift of 24 and RD a shift of 25, which clearly cannot both be right;
examining SPARC documentation indicates the correct shift for RS1 is
14.
This patch fixes the bug if single-stepping over the affected
instruction in the debugger, but not if the testcase is run
standalone. For that, Wind River has another patch I hope they will
send as a followup to this patch submission.
Signed-off-by: Joseph Myers <joseph@codesourcery.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Anholt [Wed, 26 Nov 2008 21:58:13 +0000 (13:58 -0800)]
drm/i915: Return error in i915_gem_set_to_gtt_domain if we're not in the GTT.
It's only for flushing caches appropriately for GTT access, not for actually
getting it there. Prevents potential smashing of cpu read/write domains on
unbound objects.
Signed-off-by: Eric Anholt <eric@anholt.net> Signed-off-by: Dave Airlie <airlied@redhat.com>
Keith Packard [Fri, 21 Nov 2008 07:23:03 +0000 (23:23 -0800)]
drm/i915: Move the execbuffer domain computations together
This eliminates the dev_set_domain function and just in-lines it
where its used, with the goal of moving the manipulation and use of
invalidate_domains and flush_domains closer together. This also
avoids calling add_request unless some domain has been flushed.
Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eric Anholt <eric@anholt.net> Signed-off-by: Dave Airlie <airlied@redhat.com>