David Woodhouse [Sat, 27 Aug 2005 09:23:46 +0000 (10:23 +0100)]
Fix missing audit_syscall_exit() on ppc64 sigsuspend exit path
When we leave sigsuspend() directly into a signal handler, we don't want
to go via the normal syscall exit path -- it'll corrupt r4 and r5 which
are supposed to be giving information to the signal handler, and it'll
give us one more single-step SIGTRAP than we need if single-stepping is
in operation.
However, we _should_ be calling audit_syscall_exit(), which would
normally get invoked in that patch. It's not wonderfully pretty, but I
suspect the best answer is just to call it directly...
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Stephen Rothwell [Wed, 17 Aug 2005 03:01:50 +0000 (13:01 +1000)]
[PATCH] iSeries build with newer assemblers and compilers
Paulus suggested that we put xLparMap in its own .c file so that we can
generate a .s file to be included into head.S. This doesn't get around
the problem of having it at a fixed address, but it makes it more
palatable.
It would be good if this could be included in 2.6.13 as it solves our
build problems with various versions of binutils and gcc. In
particular, it allows us to build an iSeries kernel on Debian unstable
using their biarch compiler.
This has been built and booted on iSeries and built for pSeries and g5.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Maneesh Soni [Tue, 16 Aug 2005 22:15:48 +0000 (15:15 -0700)]
[PATCH] Driver core: potentially fix use after free in class_device_attr_show
This moves the code to free devt_attr from class_device_del() to
class_dev_release() which is called after the last reference to the
corresponding kobject() is gone.
This allows us to keep the devt_attr alive while the corresponding
sysfs file is open.
Zachary Amsden [Tue, 16 Aug 2005 19:05:09 +0000 (12:05 -0700)]
[PATCH] i386 / desc_empty macro is incorrect
Chuck Ebbert noticed that the desc_empty macro is incorrect. Fix it.
Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits. I do not
believe this is an issue in practice, but it is a kernel bug.
Signed-off-by: Zachary Amsden <zach@vmware.com> Signed-off-by: Chris Wright <chrisw@osdl.org>
[ x86-64 had the same problem, and the same fix. Linus ]
Trond Myklebust [Tue, 16 Aug 2005 15:49:44 +0000 (11:49 -0400)]
[PATCH] NFS: Ensure we always update inode->i_mode when doing O_EXCL creates
When the client performs an exclusive create and opens the file for writing,
a Netapp filer will first create the file using the mode 01777. It does this
since an NFSv3/v4 exclusive create cannot immediately set the mode bits.
The 01777 mode then gets put into the inode->i_mode. After the file creation
is successful, we then do a setattr to change the mode to the correct value
(as per the NFS spec).
The problem is that nfs_refresh_inode() no longer updates inode->i_mode, so
the latter retains the 01777 mode. A bit later, the VFS notices this, and calls
remove_suid(). This of course now resets the file mode to inode->i_mode & 0777.
Hey presto, the file mode on the server is now magically changed to 0777. Duh...
NTFS: Fix bug in mft record writing where we forgot to set the device in
the buffers when mapping them after the VM had discarded them.
Thanks to Martin MOKREJŠ for the bug report.
Signed-off-by: Anton Altaparmakov <aia21@cantab.net>
[PATCH] intelfb/fbdev: Save info->flags in a local variable
Reported by: Pavel Kysilka (Bugzilla Bug 5059)
The intelfb driver does not keep resolution set with fbset after
switching to anot console and back.
Steps to reproduce:
initial options: tty1,tty2 - 1024x768-60
1) tty1 - fbset after booting (1024x768-60)
2) tty1 - fbset 800x600-100
tty1: 800x600-100
3) swith to tty2, swith to tty1
tty1: 1024x768-60 (the same resolution as default from kernel booting)
This bug is caused by intelfb unintentionally destroying info->flags in
set_par(). Therefore the flag, FBINFO_MISC_USEREVENT used to notify
fbcon of a mode change was cleared causing the above problem. This bug
though is not intelfb specific, as other drivers may also be affected.
The fix is to save info->flags in a local variable before calling any
of the driver hooks. A more definitive fix (for post 2.6.13) is to
separate info->flags into one that is set by the driver and another that
is set by core fbdev/fbcon.
Sylvain Meyer [Mon, 15 Aug 2005 13:27:13 +0000 (21:27 +0800)]
[PATCH] intelfb: Do not ioremap entire graphics aperture
Reported by: Pavel Kysilka (Bugzilla Bug 4738)
modprobe of intelfb results in the following error message:
intelfb: Framebuffer driver for Intel(R) 830M/845G/852GM/855GM/865G/915G chi
intelfb: Version 0.9.2
ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 16
allocation failed: out of vmalloc space - use vmalloc=<size> to increase siz
intelfb: Cannot remap FB region.
This will fail if the graphics aperture size is greater than 128 MB.
Fix is to ioremap only from the beginning of graphics aperture to the
end of the used framebuffer memory.
John McCutchan [Mon, 15 Aug 2005 16:13:28 +0000 (12:13 -0400)]
[PATCH] inotify: add MOVE_SELF event
This adds a MOVE_SELF event to inotify. It is sent whenever the inode
you are watching is moved. We need this event so that we can catch
something like this:
Paul Mundt [Sat, 13 Aug 2005 17:28:06 +0000 (20:28 +0300)]
[PATCH] sh: Make _syscall6() do the right thing.
There was a rather silly and embarrassing typo in the sh _syscall6().
For the syscall ABI we have the trapa value specified as 0x10 + number
of arguments, this was being set incorrectly in the _syscall6() case
which ended up causing some problems for users.
Signed-off-by: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Sat, 13 Aug 2005 21:22:59 +0000 (14:22 -0700)]
Fix up mmap of /dev/kmem
This leaves the issue of whether we should deprecate the whole thing (or
if we should check the whole mmap range, for that matter) open. Just do
the minimal fix for now.
Oops. I knew I didn't have the physical versus logical cpu identifiers right
when I generated that patch. It's not nearly as bad as I feared at the time
though.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ingo Molnar [Fri, 12 Aug 2005 02:26:42 +0000 (19:26 -0700)]
[NETPOLL]: pre-fill skb pool
we could do one thing (see the patch below): i think it would be useful
to fill up the netlogging skb queue straight at initialization time.
Especially if netpoll is used for dumping alone, the system might not be
in a situation to fill up the queue at the point of crash, so better be
a bit more prepared and keep the pipeline filled.
[ I've modified this to be called earlier - mpm ]
Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Mackall [Fri, 12 Aug 2005 02:25:54 +0000 (19:25 -0700)]
[NETPOLL]: add retry timeout
Add limited retry logic to netpoll_send_skb
Each time we attempt to send, decrement our per-device retry counter.
On every successful send, we reset the counter.
We delay 50us between attempts with up to 20000 retries for a total of
1 second. After we've exhausted our retries, subsequent failed
attempts will try only once until reset by success.
Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Moyer [Fri, 12 Aug 2005 02:23:50 +0000 (19:23 -0700)]
[NETPOLL]: deadlock bugfix
This fixes an obvious deadlock in the netpoll code. netpoll_rx takes the
npinfo->rx_lock. netpoll_rx is also the only caller of arp_reply (through
__netpoll_rx). As such, it is not necessary to take this lock.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Moyer [Fri, 12 Aug 2005 02:23:04 +0000 (19:23 -0700)]
[NETPOLL]: rx_flags bugfix
Initialize npinfo->rx_flags. The way it stands now, this will have random
garbage, and so will incur a locking penalty even when an rx_hook isn't
registered and we are not active in the netpoll polling code.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 11 Aug 2005 01:32:36 +0000 (18:32 -0700)]
[TCP]: Adjust {p,f}ackets_out correctly in tcp_retransmit_skb()
Well I've only found one potential cause for the assertion
failure in tcp_mark_head_lost. First of all, this can only
occur if cnt > 1 since tp->packets_out is never zero here.
If it did hit zero we'd have much bigger problems.
So cnt is equal to fackets_out - reordering. Normally
fackets_out is less than packets_out. The only reason
I've found that might cause fackets_out to exceed packets_out
is if tcp_fragment is called from tcp_retransmit_skb with a
TSO skb and the current MSS is greater than the MSS stored
in the TSO skb. This might occur as the result of an expiring
dst entry.
In that case, packets_out may decrease (line 1380-1381 in
tcp_output.c). However, fackets_out is unchanged which means
that it may in fact exceed packets_out.
Previously tcp_retrans_try_collapse was the only place where
packets_out can go down and it takes care of this by decrementing
fackets_out.
So we should make sure that fackets_out is reduced by an appropriate
amount here as well.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
James Bottomley [Wed, 10 Aug 2005 18:29:15 +0000 (11:29 -0700)]
[PATCH] remove name length check in a workqueue
We have a chek in there to make sure that the name won't overflow
task_struct.comm[], but it's triggering for scsi with lots of HBAs, only
scsi is using single-threaded workqueues which don't append the "/%d"
anyway.
All too hard. Just kill the BUG_ON.
Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org>
[ kthread_create() uses vsnprintf() and limits the thing, so no
actual overflow can actually happen regardless ]
[PATCH] ppc64: Fix Fan control for new PowerMac G5 2.7GHz machines
The workaround for broken device-tree that prevents fan control from
working on recent G5 models need to be "enabled" for machines with
revision 0x37 of the bridge in addition to machines with revision 0x35.
Alexander Nyberg [Wed, 10 Aug 2005 17:11:36 +0000 (10:11 -0700)]
[PATCH] ns558 list handling fix
Need to use list_for_entry_safe(), as we're removing items during the
traversal. list_for_each_entry() uses the first ptr also as an iterator, if
you kfree() it slab takes it, might poison it and then you try to use it to
iterate to the next object in list.
Fix the p-persistence CSMA algorithm which in simplex mode was starting
with a slottime delay before doing anything else as if there was carrier
collision resulting in bad performance on simplex links.
Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Acked-by: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Tejun Heo [Sun, 7 Aug 2005 05:53:40 +0000 (14:53 +0900)]
[PATCH] sata: fix sata_sx4 dma_prep to not use sg->length
sata_sx4 directly references sg->length to calculate total_len in
pdc20621_dma_prep(). This is incorrect as dma_map_sg() could have
merged multiple sg's into one and, in such case, sg->length doesn't
reflect true size of the entry. This patch makes it use
sg_dma_len(sg).
Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Dave Kleikamp [Wed, 10 Aug 2005 16:14:39 +0000 (11:14 -0500)]
JFS: Fix race in txLock
TxAnchor.anon_list is protected by jfsTxnLock (TXN_LOCK), but there was
a place in txLock() that was removing an entry from the list without holding
the spinlock.
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Ben Dooks [Wed, 10 Aug 2005 15:45:14 +0000 (16:45 +0100)]
[PATCH] ARM: 2849/1: S3C24XX - USB host update (2848/1)
Patch from Ben Dooks
Rename the s3c2410_report_oc() to s3c2410_usb_report_oc()
as this is an usb specific function.
Change port power on the usb-simtec implementation to only
power up the output if both are set, as per the usb 1.1
specification
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Wed, 10 Aug 2005 15:18:35 +0000 (16:18 +0100)]
[ARM] Control v6 'global' bit via Linux PTE entries
Unfortunately, we can't use the "user" bit in the page tables to
control whether a page table entry is "global" or "asid" specific,
since the vector page is mapped as "user" accessible but is not
process specific.
Therefore, give direct control of the ARMv6 "nG" (not global)
bit to the mm layers.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Markus Lidel [Tue, 9 Aug 2005 21:30:57 +0000 (14:30 -0700)]
[PATCH] I2O: added pci_request_regions() before using the controller
Added pci_request_regions() before using the controller to avoid duplicate
usage of the I2O controller when the dpt_i2o driver and I2O subsystem is
loaded at the same time.
Signed-off-by: Markus Lidel <Markus.Lidel@shadowconnect.com> Cc: James Bottomley <James.Bottomley@SteelEye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Markus Lidel [Tue, 9 Aug 2005 17:08:03 +0000 (10:08 -0700)]
[PATCH] i2o: remove new configuration API
Remove new configuration API from i2o_config
The API-patch is still available from the I2O website (which is mentioned in
the kernel config now). It is removed because it creates a new binary
sysfs-attribute, which doesn't have the limitiation of 4k. Expect for the
Adaptec controllers, which has a limitation in the hardware this attribute
doesn't make sense anywhere else. Until the sysfs API provides an attribute
which doesn't buffer (like firmware) and let access to at least 64k blocks i
provide a separate patch...
(akpm: basically, this API was introduced post-2.6.12 and Markus wants to pull
it out before 2.6.13).
Signed-off-by: Markus Lidel <Markus.Lidel@shadowconnect.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Paul Jackson [Tue, 9 Aug 2005 17:07:59 +0000 (10:07 -0700)]
[PATCH] cpuset release ABBA deadlock fix
Fix possible cpuset_sem ABBA deadlock if 'notify_on_release' set.
For a particular usage pattern, creating and destroying cpusets fairly
frequently using notify_on_release, on a very large system, this deadlock
can be seen every few days. If you are not using the cpuset
notify_on_release feature, you will never see this deadlock.
The existing code, on task exit (or cpuset deletion) did:
get cpuset_sem
if cpuset marked notify_on_release and is ready to release:
compute cpuset path relative to /dev/cpuset mount point
call_usermodehelper() forks /sbin/cpuset_release_agent with path
drop cpuset_sem
Unfortunately, the fork in call_usermodehelper can allocate memory, and
allocating memory can require cpuset_sem, if the mems_generation values
changed in the interim. This results in an ABBA deadlock, trying to obtain
cpuset_sem when it is already held by the current task.
To fix this, I put the cpuset path (which must be computed while holding
cpuset_sem) in a temporary buffer, to be used in the call_usermodehelper
call of /sbin/cpuset_release_agent only _after_ dropping cpuset_sem.
So the new logic is:
get cpuset_sem
if cpuset marked notify_on_release and is ready to release:
compute cpuset path relative to /dev/cpuset mount point
stash path in kmalloc'd buffer
drop cpuset_sem
call_usermodehelper() forks /sbin/cpuset_release_agent with path
free path
The sharp eyed reader might notice that this patch does not contain any
calls to kmalloc. The existing code in the check_for_release() routine was
already kmalloc'ing a buffer to hold the cpuset path. In the old code, it
just held the buffer for a few lines, over the cpuset_release_agent() call
that in turn invoked call_usermodehelper(). In the new code, with the
application of this patch, it returns that buffer via the new char
**ppathbuf parameter, for later use and freeing in cpuset_release_agent(),
which is called after cpuset_sem is dropped. Whereas the old code has just
one call to cpuset_release_agent(), right in the check_for_release()
routine, the new code has three calls to cpuset_release_agent(), from the
various places that a cpuset can be released.
This patch has been build and booted on SN2, and passed a stress test that
previously hit the deadlock within a few seconds.
Signed-off-by: Paul Jackson <pj@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] i8xx_tco.c: arm watchdog only when started
i8xx_tco.c v0.08: only "arm" the watchdog when the watchdog has been
started. (Kernel Bug 4251: system reset when battery is read and i8xx_tco
driver loaded)
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
default_idle() is looking at new variable can_do_pal_halt. However,
that variable did not get cleared upon "nohalt" boot option. Result
is that "nohalt" option is ignored until perfmon is exercised.
Signed-off-by: Ken Chen <kenneth.w.chen@intel.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Kumar Gala [Mon, 8 Aug 2005 21:49:17 +0000 (14:49 -0700)]
[PATCH] ppc32: Fix MPC834x USB memory map offsets
The memory mappings for MPC8349 USB MPH and DR modules were reversed.
Signed-off-by: Li Yang <LeoLi@freescale.com> Signed-off-by: Jiang Bo <Tanya.jiang@freescale.com> Signed-off-by: Kumar Gala <kumar.gala@freescale.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>