Carsten Otte [Thu, 29 Mar 2007 08:20:39 +0000 (01:20 -0700)]
[PATCH] mm: fix xip issue with /dev/zero
Fix the bug, that reading into xip mapping from /dev/zero fills the user
page table with ZERO_PAGE() entries. Later on, xip cannot tell which pages
have been ZERO_PAGE() filled by access to a sparse mapping, and which ones
origin from /dev/zero. It will unmap ZERO_PAGE from all mappings when
filling the sparse hole with data. xip does now use its own zeroed page
for its sparse mappings. Please apply.
Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Thu, 29 Mar 2007 08:20:38 +0000 (01:20 -0700)]
[PATCH] holepunch: fix mmap_sem i_mutex deadlock
sys_madvise has down_write of mmap_sem, then madvise_remove calls
vmtruncate_range which takes i_mutex and i_alloc_sem: no, we can easily devise
deadlocks from that ordering.
madvise_remove drop mmap_sem while calling vmtruncate_range: luckily, since
madvise_remove doesn't split or merge vmas, it's easy to handle this case with
a NULL prev, without restructuring sys_madvise. (Though sad to retake
mmap_sem when it's unlikely to be needed, and certainly down_read is
sufficient for MADV_REMOVE, unlike the other madvices.)
Hugh Dickins [Thu, 29 Mar 2007 08:20:37 +0000 (01:20 -0700)]
[PATCH] holepunch: fix disconnected pages after second truncate
shmem_truncate_range has its own truncate_inode_pages_range, to free any pages
racily instantiated while it was in progress: a SHMEM_PAGEIN flag is set when
this might have happened. But holepunching gets no chance to clear that flag
at the start of vmtruncate_range, so it's always set (unless a truncate came
just before), so holepunch almost always does this second
truncate_inode_pages_range.
shmem holepunch has unlikely swap<->file races hereabouts whatever we do
(without a fuller rework than is fit for this release): I was going to skip
the second truncate in the punch_hole case, but Miklos points out that would
make holepunch correctness more vulnerable to swapoff. So keep the second
truncate, but follow it by an unmap_mapping_range to eliminate the
disconnected pages (freed from pagecache while still mapped in userspace) that
it might have left behind.
Miklos Szeredi observes that during truncation of shmem page directories,
info->lock is released to improve latency (after lowering i_size and
next_index to exclude races); but this is quite wrong for holepunching, which
receives no such protection from i_size or next_index, and is left vulnerable
to races with shmem_unuse, shmem_getpage and shmem_writepage.
Hold info->lock throughout when holepunching? No, any user could prevent
rescheduling for far too long. Instead take info->lock just when needed: in
shmem_free_swp when removing the swap entries, and whenever removing a
directory page from the level above. But so long as we remove before
scanning, we can safely skip taking the lock at the lower levels, except at
misaligned start and end of the hole.
Hugh Dickins [Thu, 29 Mar 2007 08:20:35 +0000 (01:20 -0700)]
[PATCH] holepunch: fix shmem_truncate_range punching too far
Miklos Szeredi observes BUG_ON(!entry) in shmem_writepage() triggered in rare
circumstances, because shmem_truncate_range() erroneously removes partially
truncated directory pages at the end of the range: later reclaim on pages
pointing to these removed directories triggers the BUG. Indeed, and it can
also cause data loss beyond the hole.
Fix this as in the patch proposed by Miklos, but distinguish between "limit"
(how far we need to search: ignore truncation's next_index optimization in the
holepunch case - if there are races it's more consistent to act on the whole
range specified) and "upper_limit" (how far we can free directory pages:
generally we must be careful to keep partially punched pages, but can relax at
end of file - i_size being held stable by i_mutex).
* rename name to host_root_path
* rename data to req_root.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Thu, 29 Mar 2007 08:20:32 +0000 (01:20 -0700)]
[PATCH] uml: fix compilation problems
Fix a few miscellaneous compilation problems -
an assignment with mismatched types in ldt.c
a missing include in mconsole.h which needs a definition of uml_pt_regs
I missed removing an include of user_util.h in hostfs
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jason Lunz [Thu, 29 Mar 2007 08:20:31 +0000 (01:20 -0700)]
[PATCH] uml: fix LVM crash
Permit lvm to create logical volumes without crashing UML.
When device-mapper's DM_DEV_CREATE_CMD ioctl is called to create a new device,
dev_create()->dm_create()->alloc_dev()-> blk_queue_bounce_limit(md->queue,
BLK_BOUNCE_ANY) is called.
blk_queue_bounce_limit(BLK_BOUNCE_ANY) calls init_emergency_isa_pool() if
blk_max_pfn < blk_max_low_pfn. This is the case on UML, but
init_emergency_isa_pool() hits BUG_ON(!isa_page_pool) because there doesn't
seem to be a dma zone on UML for mempool_create() to allocate from.
Most architectures seem to have max_low_pfn == max_pfn, but UML doesn't
because of the uml_reserved chunk it keeps for itself. From what I can see,
max_pfn and max_low_pfn don't get much use after the bootmem-allocator stops
being used anyway, except that they initialize the block layer's
blk_max_low_pfn/blk_max_pfn.
This ensures init_emergency_isa_pool() doesn't crash uml in this situation by
setting max_low_pfn == max_pfn in mem_init().
Signed-off-by: Jason Lunz <lunz@falooley.org> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Alasdair G Kergon <agk@redhat.com> Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Thu, 29 Mar 2007 08:20:30 +0000 (01:20 -0700)]
[PATCH] uml: irq locking fixes
As the comment immediately preceding this points out, this list is changed in
irq context, so it needs to be protected with spin_lock_irqsave in process
context when it is processed.
Sometimes, gcc should just compile the comments and forget the code.
The IRQ side of this was better, in the sense that it blocked and unblocked
interrupts, but it still should have saved and restored them.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Thu, 29 Mar 2007 08:20:28 +0000 (01:20 -0700)]
[PATCH] uml: fix device unplug crash
Fix a NULL dereference when unplugging a device. The default value of
err_msg wants to be "" in case the driver doesn't modify it.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Thu, 29 Mar 2007 08:20:27 +0000 (01:20 -0700)]
[PATCH] uml: fix I/O hang when multiple devices are in use
Commit 62f96cb01e8de7a5daee472e540f726db2801499 introduced per-devices
queues and locks, which was fine as far as it went, but left in place a
global which controlled access to submitting requests to the host. This
should have been made per-device as well, since it causes I/O hangs when
multiple block devices are in use.
This patch fixes that by replacing the global with an activity flag in the
device structure in order to tell whether the queue is currently being run.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Kosina [Thu, 29 Mar 2007 08:20:25 +0000 (01:20 -0700)]
[PATCH] bluetooth hid quirks: mightymouse quirk
I have a bugreport that scrollwheel of bluetooth version of apple
mightymouse doesn't work. The USB version of mightymouse works, as there
is a quirk for handling scrollwheel in hid/usbhid for it.
Now that bluetooth git tree is hooked to generic hid layer, it could easily
use the quirks which are already present in generic hid parser, hid-input,
etc.
Below is a simple patch against bluetooth git tree, which adds quirk
handling to current bluetooth hidp code, and sets quirk flags for device
0x05ac/0x030c, which is the bluetooth version of the apple mightymouse.
Salyzyn, Mark [Thu, 29 Mar 2007 08:20:24 +0000 (01:20 -0700)]
[PATCH] adaptec MAINTAINERS updates
The IPS and DPT_I2O drivers are missing, so here is my 'hand coded'
addition to deal with overlap to the patch below (apply both). I
selected Maintained rather than supported for the ips and dpt_i2o driver
due to their legacy nature.
Cc: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[PATCH] pid: Properly detect orphaned process groups in exit_notify
In commit 0475ac0845f9295bc5f69af45f58dff2c104c8d1 when converting the
orphaned process group handling to use struct pid I made a small
mistake. I accidentally replaced an == with a !=.
Besides just being a dumb thing to do apparently this has a bad side
effect. The improper orphaned process group detection causes kwin to
die after a suspend/resume cycle.
I'm amazed this patch has been around as long as it has without anyone
else noticing something funny going on.
And the following people deserve credit for spotting and helping
to reproduce this.
Thanks to: Sid Boyce <g3vbv@blueyonder.co.uk>
Thanks to: "Michael Wu"
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 28 Mar 2007 21:00:01 +0000 (14:00 -0700)]
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
IB/iser: Handle aborting a command after it is sent
IB/mthca: Fix thinko in init_mr_table()
RDMA/cxgb3: Fix resource leak in cxio_hal_init_ctrl_qp()
So I think the right solution is to simply make pci_enable_device just
flip enable bits and move the rest of the work someplace else.
However a thorough cleanup is a little extreme for this point in the
release cycle, so I think a quick hack that makes the code not stomp the
irq when msi irq's are enabled should be the first fix. Then we can
later make the code not change the irqs at all.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Kosina [Wed, 28 Mar 2007 16:12:34 +0000 (18:12 +0200)]
[PATCH] oprofile: fix potential deadlock on oprofilefs_lock
nmi_cpu_setup() is called from hardirq context and acquires oprofilefs_lock.
alloc_event_buffer() and oprofilefs_ulong_from_user() acquire this lock
without disabling irqs, which could deadlock.
Linus Torvalds [Wed, 28 Mar 2007 20:46:00 +0000 (13:46 -0700)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
ata: NCQ is broken on Maxtor 6L250S0
pata_pdc202xx_old: LBA48 bug
libata: IDENTIFY backwards for drive side cable detection
ahci.c: walkaround for SB600 SATA internal error issue
[libata] Disable ACPI by default; fix namespace problems
Linus Torvalds [Wed, 28 Mar 2007 20:45:13 +0000 (13:45 -0700)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
SUN3/3X Lance trivial fix improved
mv643xx_eth: Fix use of uninitialized port_num field
forcedeth: fix tx timeout
forcedeth: fix nic poll
qla3xxx: bugfix: Jumbo frame handling.
qla3xxx: bugfix: Dropping interrupt under heavy network load.
qla3xxx: bugfix: Multi segment sends were getting whacked.
qla3xxx: bugfix: Add tx control block memset.
atl1: remove unnecessary crc inversion
myri10ge: correctly detect when TSO should be used
[PATCH] WE-22 : prevent information leak on 64 bit
[PATCH] wext: Add missing ioctls to 64<->32 conversion
[PATCH] bcm43xx: Fix machine check on PPC for version 1 PHY
[PATCH] bcm43xx: fix radio_set_tx_iq
[PATCH] bcm43xx: Fix code for confusion between PHY revision and PHY version
Ingo Molnar [Wed, 28 Mar 2007 11:17:18 +0000 (13:17 +0200)]
[PATCH] hrtimers: fix reprogramming SMP race
hrtimer_start() incorrectly set the 'reprogram' flag to enqueue_hrtimer(),
which should only be 1 if the hrtimer is queued to the current CPU.
Doing otherwise could result in a reprogramming of the current CPU's
clockevents device, with a timer that is not queued to it - resulting in a
bogus next expiry value.
Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
We were only checking if there was enough space to put the int, but
left len as specified by the (malicious) user, sigh, fix it by setting
len to sizeof(val) and transfering just one int worth of data, the one
asked for.
Also check for negative len values.
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch adds checking for allocated DVMA memory and granted IRQ line.
Signed-off-by: Cyrill V. Gorcunov <gorcunov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Gabriel Paubert [Fri, 23 Mar 2007 19:03:52 +0000 (12:03 -0700)]
mv643xx_eth: Fix use of uninitialized port_num field
In this driver, the default ethernet address is first set by by calling
eth_port_uc_addr_get() which reads the relevant registers of the
corresponding port as initially set by firmware. However that function
used the port_num field accessed through the private area of net_dev
before it was set.
The result was that one board I have ended up with the unicast address
set to 00:00:00:00:00:00 (only port 1 is connected on this board). The
problem appeared after commit 84dd619e4dc3b0b1c40dafd98c90fd950bce7bc5.
This patch fixes the bug by setting mp->port_num prior to calling
eth_port_uc_get_addr().
Signed-off-by: Gabriel Paubert <paubert@iram.es> Signed-off-by: Dale Farnsworth <dale@farnsworth.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ayaz Abdulla [Fri, 23 Mar 2007 10:50:02 +0000 (05:50 -0500)]
forcedeth: fix tx timeout
The tx timeout routine was waking the tx queue conditionally. However,
it must call it unconditionally since the dev_watchdog has halted the tx
queue before calling the timeout function.
Signed-Off-By: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ron Mercer [Mon, 26 Mar 2007 20:43:00 +0000 (13:43 -0700)]
qla3xxx: bugfix: Jumbo frame handling.
Fixed rx checksum bits. Turn on TCP processing for rx checksum.
Fixed max frame length register write. It wasn't getting set
in multi-port system. Set rx buffer queue length properly
for jumbo frames.
Signed-off-by: Ron Mercer <ron.mercer@qlogic.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ron Mercer [Mon, 26 Mar 2007 20:42:59 +0000 (13:42 -0700)]
qla3xxx: bugfix: Dropping interrupt under heavy network load.
Update the rx queue pointer when exiting NAPI poll rather than
at the end of each iteration. Remove unnecessary PCI flushes
that occurred after every write. Now write all regs and
flush once.
Signed-off-by: Ron Mercer <ron.mercer@qlogic.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Jay Cliburn [Wed, 28 Mar 2007 00:43:49 +0000 (19:43 -0500)]
atl1: remove unnecessary crc inversion
The original vendor driver contained a private ether_crc_le() function
that produced an inverted crc. When we changed to the kernel version of
ether_crc_le(), we neglected to undo the inversion. Let's do it now.
Discovered by and patch proffered by Jose Alberto Reguero.
Signed-off-by: Jose Alberto Reguero <jareguero@telefonica.net> Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Brice Goglin [Tue, 27 Mar 2007 19:54:53 +0000 (21:54 +0200)]
myri10ge: correctly detect when TSO should be used
Correctly detect when TSO should be used on transmit by looking at the
skb->gso_size rather than seeing if the frame was larger than our MTU.
The old method causes problems when a host with a large (jumbo) MTU is
sending to a host with a small (standard) MTU.
Signed-off-by: Brice Goglin <brice@myri.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Paul Rolland [Tue, 27 Mar 2007 05:43:44 +0000 (21:43 -0800)]
ata: NCQ is broken on Maxtor 6L250S0
With this applied, my machine has stopped all those painful messages.
dmesg now says :
root@riri:/Kernels# dmesg | grep LBA
ata1.00: 490234752 sectors, multi 0: LBA48 NCQ (not used)
ata2.00: 640 sectors, multi 1: LBA
ata3.00: 490234752 sectors, multi 0: LBA48 NCQ (not used)
Signed-off-by: Paul Rolland <rol@as2917.net> Acked-by: Alan Cox <alan@redhat.com> Cc: Jeff Garzik <jeff@garzik.org> Cc: Tejun Heo <htejun@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Alan Cox [Fri, 23 Mar 2007 18:57:23 +0000 (18:57 +0000)]
pata_pdc202xx_old: LBA48 bug
In LBA48 mode we have to help the controller to get anything to work. The
chip provides a register giving word counts meant for ATAPI use which we
can use. However we need to load the count in words not bytes..
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Tejun Heo [Thu, 22 Mar 2007 13:24:19 +0000 (22:24 +0900)]
libata: IDENTIFY backwards for drive side cable detection
For drive side cable detection to work correctly, drives need to be
identified backwards such that the slave device releases PDIAG- before
the mater drive tries to detect cable type. ata_bus_probe() was fixed
by commit f31f0cc2f0b7527072d94d02da332d9bb8d7d94c but the new EH path
wasn't fixed. This patch makes new EH path do IDENTIFY backwards.
ata_dev_configure() for new devices are still performed master first.
This is to keep the detection messages in forward order.
Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Conke Hu [Tue, 27 Mar 2007 10:33:05 +0000 (18:33 +0800)]
ahci.c: walkaround for SB600 SATA internal error issue
There is a HW issue in ATI SB600 SATA that PxSERR.E should not be
set on some conditions, for example, when there is no media in SATA
CD/DVD drive or media is not ready, AHCI controller fails to execute
ATAPI commands and reports PORT_IRQ_TF_ERR, but ATI SB600 SATA
controller sets PxSERR.E at the
same time, which is not necessary.
This patch is just to ignore the INTERNAL ERROR in such case.
Without this patch, ahci error handler will report many errors as
below:
----------- cut from dmesg -----------
ata9: soft resetting port
ata9: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
ata9.00: configured for UDMA/33
ata9: EH complete
ata9.00: exception Emask 0x40 SAct 0x0 SErr 0x800 action 0x2
ata9.00: (irq_stat 0x40000001)
ata9.00: cmd a0/00:00:00:00:20/00:00:00:00:00/a0 tag 0 cdb 0x0 data 0
res 51/24:03:00:00:20/00:00:00:00:00/a0 Emask 0x40 (internal error)
ata9: soft resetting port
ata9: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
ata9.00: configured for UDMA/33
ata9: EH complete
ata9.00: exception Emask 0x40 SAct 0x0 SErr 0x800 action 0x2
ata9.00: (irq_stat 0x40000001)
ata9.00: cmd a0/01:00:00:00:00/00:00:00:00:00/a0 tag 0 cdb 0x43 data 12 in
res 51/24:03:00:00:00/00:00:00:00:00/a0 Emask 0x40 (internal error)
-------- end cut ---------
Signed-off-by: Conke Hu <conke.hu@amd.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPV6]: Set IF_READY if the device is up and has carrier
[NET_SCHED]: sch_htb/sch_hfsc: fix oops in qlen_notify
[NET]: Remove dead net/sched/Makefile entry for sch_hpfq.o.
Zach Brown [Tue, 27 Mar 2007 22:44:01 +0000 (15:44 -0700)]
[PATCH] aio: remove bare user-triggerable error printk
The user can generate console output if they cause do_mmap() to fail
during sys_io_setup(). This was seen in a regression test that does
exactly that by spinning calling mmap() until it gets -ENOMEM before
calling io_setup().
We don't need this printk at all, just remove it.
Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Herbert Xu [Tue, 27 Mar 2007 21:31:52 +0000 (14:31 -0700)]
[IPV6]: Set IF_READY if the device is up and has carrier
We still need to set the IF_READY flag in ipv6_add_dev for the case
where all addresses (including the link-local) are deleted and then
recreated. In that case the IPv6 device too will be destroyed and
then recreated.
In order to prevent the original problem, we simply ensure that
the device is up before setting IF_READY.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 27 Mar 2007 21:04:24 +0000 (14:04 -0700)]
[NET_SCHED]: sch_htb/sch_hfsc: fix oops in qlen_notify
During both HTB and HFSC class deletion the class is removed from the
class hash before calling qdisc_tree_decrease_qlen. This makes the
->get operation in qdisc_tree_decrease_qlen fail, so it passes a NULL
pointer to ->qlen_notify, causing an oops.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Jean Tourrilhes [Fri, 23 Mar 2007 00:31:16 +0000 (00:31 +0000)]
[PATCH] WE-22 : prevent information leak on 64 bit
Johannes Berg discovered that kernel space was leaking to
userspace on 64 bit platform. He made a first patch to fix that. This
is an improved version of his patch.
Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jean Tourrilhes [Fri, 23 Mar 2007 00:26:49 +0000 (00:26 +0000)]
[PATCH] wext: Add missing ioctls to 64<->32 conversion
Johannes Berg and Michael Buesch noticed that the WPA ioctls
were missing from the 64<->32 bit conversion. This means that when
using a 32 bits userspace on a 64 bit kernel, those ioctls fail.
Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
David Woodhouse [Sun, 25 Mar 2007 13:45:54 +0000 (08:45 -0500)]
[PATCH] bcm43xx: Fix machine check on PPC for version 1 PHY
Recent changes in the specs that were introduced in commit 740ac4fb08866d702be90f167665d03759bd27d0 were incorrect and resulted in machine check
errors on the PPC architecture for G PHY's with a revision number equal to 1. The
two offending changes are reverted.
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Sat, 17 Mar 2007 16:28:21 +0000 (11:28 -0500)]
[PATCH] bcm43xx: Fix code for confusion between PHY revision and PHY version
There are several places where the PHY version and revision were interchanged.
These are changed in the specifications on 2/13/07 and now use "analog" instead
instead of "version" to help reduce confusion.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Linus Torvalds [Tue, 27 Mar 2007 16:22:05 +0000 (09:22 -0700)]
Merge git://kvm.qumranet.com/home/avi/kvm
* git://kvm.qumranet.com/home/avi/kvm:
KVM: always reload segment selectors
KVM: Prevent system selectors leaking into guest on real->protected mode transition on vmx
The problem is that we call disable_nonboot_cpus() in swsusp before
powering down the system in order to avoid triggering the WARN_ON()
in arch/x86_64/kernel/acpi/sleep.c:init_low_mapping() and this doesn't
work well on Thomas' system.
So instead, remove the WARN_ON() in arch/x86_64/kernel/acpi/sleep.c:
init_low_mapping(), which triggers every time during the suspend to disk
in the platform mode, as the potential problem it is related to doesn't
seem to occur in practice.
[ I think we might want to disallow the case of multiple users of that
mm, or something. Normally, playing with the current process page
tables on the current CPU should be fine as long as we don't have
other threads using those tables at the same time..
Anyway, not pretty, but better than the warning or the lockup - Linus ]
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 27 Mar 2007 16:05:49 +0000 (09:05 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/data/git/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/data/git/linux-2.6-block:
Export __splice_from_pipe()
2/2 splice: dont readpage
1/2 splice: dont steal
make elv_register() output atomic
block: blk_max_pfn is somtimes wrong
Mika Kukkonen [Tue, 27 Mar 2007 05:32:33 +0000 (21:32 -0800)]
[PATCH] Fix kernel build with EMBEDDED & PROC_FS & !PROC_SYSCTL
Without attached patch against current -git I get following with
!PROC_SYSCTL (with EMBEDDED and PROC_FS set):
CC init/version.o
LD init/built-in.o
LD vmlinux
fs/built-in.o: In function `do_proc_sys_lookup':
proc_sysctl.c:(.text+0x26583): undefined reference to `sysctl_head_next'
fs/built-in.o: In function `proc_sys_revalidate':
proc_sysctl.c:(.text+0x265bb): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_readdir':
proc_sysctl.c:(.text+0x26720): undefined reference to `sysctl_head_next'
proc_sysctl.c:(.text+0x267d8): undefined reference to `sysctl_head_finish'
proc_sysctl.c:(.text+0x268e7): undefined reference to `sysctl_head_next'
proc_sysctl.c:(.text+0x26910): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_write':
proc_sysctl.c:(.text+0x2695d): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x2699c): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_read':
proc_sysctl.c:(.text+0x269e9): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x26a25): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_permission':
proc_sysctl.c:(.text+0x26ad1): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x26adb): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_lookup':
proc_sysctl.c:(.text+0x26b39): undefined reference to `sysctl_head_finish'
make: *** [vmlinux] Virhe 1
All those functions are in fs/proc/proc_sysctl.c, which has no CONFIG_
#define's in it, so the patch makes the compilation of that file to depend
on CONFIG_PROC_SYSCTL (the simplest choice).
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Markus Lidel [Tue, 27 Mar 2007 05:32:32 +0000 (21:32 -0800)]
[PATCH] I2O: remove Markus from MAINTAINERS
Because i don't have much time lately and my responses are pretty slow
it's probably best to remove me from MAINTAINERS to give someone else
the chance to jump in.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vasily Averin [Tue, 27 Mar 2007 05:32:30 +0000 (21:32 -0800)]
[PATCH] i2o: block IO errors on i2o disk
I2O subsystem has been broken in mainstream several months ago (after
2.6.18). Commit 4aff5e2333c9a1609662f2091f55c3f6fffdad36 from Jens
Axboe split struct request ->flags into two parts: cmd_type and
cmd_flags.
In i2o layer this patch has replaced flag REQ_SPECIAL by the according
cmd_type. However i2o has used REQ_SPECIAL not as command type but as
driver-specific flag for the debug purposes. As result all i2o requests
have type "special" now, are not processed to the hardware and fail with
I/O error:
i2o/hda:<3>Buffer I/O error on device i2o/hda, logical block 0
Buffer I/O error on device i2o/hda, logical block 0
Buffer I/O error on device i2o/hda, logical block 0
unable to read partition table
block-osm: device added (TID: 207): i2o/hda
The following patch removes the extra debug checks without any drawbacks and
restores the normal driver's work.
Yoichi Yuasa [Tue, 27 Mar 2007 05:32:28 +0000 (21:32 -0800)]
[PATCH] Fix struct device member name in PCMCIA au1000_generic
drivers/pcmcia/au1000_generic.c: In function 'au1x00_pcmcia_socket_probe':
drivers/pcmcia/au1000_generic.c:375: error: 'struct device' has no member named 'dev'
Adrian Bunk [Tue, 27 Mar 2007 05:32:27 +0000 (21:32 -0800)]
[PATCH] drivers/eisa/pci_eisa.c:pci_eisa_init() should be init
WARNING: drivers/built-in.o - Section mismatch: reference to .init.text:eisa_root_register from .text between 'pci_eisa_init' (at offset 0xabf670) and 'virtual_eisa_release'
AFAIK a PCI to EISA bridge isn't anything hotpluggable, so
pci_eisa_init() can become __init.
Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
john stultz [Tue, 27 Mar 2007 05:32:26 +0000 (21:32 -0800)]
[PATCH] ntp: avoid time_offset overflows
I've been seeing some odd NTP behavior recently on a few boxes and
finally narrowed it down to time_offset overflowing when converted to
SHIFT_UPDATE units (which was a side effect from my HZfreeNTP patch).
This patch converts time_offset from a long to a s64 which resolves the
issue.
[tglx@linutronix.de: signedness fixes] Signed-off-by: John Stultz <johnstul@us.ibm.com> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: john stultz <johnstul@us.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 27 Mar 2007 05:32:25 +0000 (21:32 -0800)]
[PATCH] uml: use correct register file size everywhere
This patch uses MAX_REG_NR consistently to refer to the register file size.
FRAME_SIZE isn't sufficient because on x86_64, it is smaller than the
ptrace register file size. MAX_REG_NR was introduced as a consistent way
to get the number of registers, but wasn't used everywhere it should be.
When this causes a problem, it makes PTRACE_SETREGS fail on x86_64 because
of a corrupted segment register value in the known-good register file. The
patch also adds a register dump at that point in case there are any future
problems here.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 27 Mar 2007 05:32:24 +0000 (21:32 -0800)]
[PATCH] uml: fix static linking
During a static link, ld has started putting a .note section in the
.uml.setup.init section. This has the result that the UML setups begin
with 32 bytes of garbage and UML crashes immediately on boot.
This patch creates a specific .note section for ld to drop this stuff
into.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adrian Bunk [Tue, 27 Mar 2007 05:32:23 +0000 (21:32 -0800)]
[PATCH] drivers/spi/: fix section mismatches
WARNING: drivers/built-in.o - Section mismatch: reference to .init.text:spi_register_master from .text between 'spi_bitbang_start' (at offset 0x84e11a) and 'bitbang_work'
WARNING: drivers/built-in.o - Section mismatch: reference to .init.text:spi_alloc_master from .text between 'butterfly_attach' (at offset 0x84e681) and 'at25_remove'
WARNING: drivers/built-in.o - Section mismatch: reference to .init.text:spi_new_device from .text between 'butterfly_attach' (at offset 0x84e7e4) and 'at25_remove'
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
john stultz [Tue, 27 Mar 2007 05:32:19 +0000 (21:32 -0800)]
[PATCH] correct slow acpi_pm rating
On Bob's machine clocksource is selecting PIT over the ACPI PM timer,
because he has the PIIX4 bug. That bug drops the ACPI PM timers rating
to the same as the PIT, so that's why you're getting the PIT.
Realistically, the PIT is much slower then even the triple read ACPI PM,
so the de-ranking code is probably dropping it too far.
So don't drop ACPI PM quite so low if we see the PIIX4 bug.
Signed-off-by: John Stultz <johnstul@us.ibm.com> Cc: Bob Tracy <rct@gherkin.frus.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Drake [Tue, 27 Mar 2007 05:32:15 +0000 (21:32 -0800)]
[PATCH] generic_serial: fix decoding of baud rate
Commit d720bc4b8fc5d6d179ef094908d4fbb5e436ffad partially removed a
private implementation of baud speed decoding. However it doesn't seem
to be complete: after the speed is decoded, it is still being used as an
index to a local speed table (array overrun, no doubt).
This was found by Graham Murray who noticed it caused a 2.6.19 regression
with the SX driver: https://bugs.gentoo.org/170554
Signed-off-by: Daniel Drake <dsd@gentoo.org> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Russell King <rmk@arm.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Tue, 27 Mar 2007 05:32:14 +0000 (21:32 -0800)]
[PATCH] md: convert compile time warnings into runtime warnings
... still not sure why we need this ....
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Tue, 27 Mar 2007 05:32:14 +0000 (21:32 -0800)]
[PATCH] md: clear the congested_fn when stopping a raid5
If this mddev and queue got reused for another array that doesn't register a
congested_fn, this function would get called incorretly.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Tue, 27 Mar 2007 05:32:13 +0000 (21:32 -0800)]
[PATCH] md: allow raid4 arrays to be reshaped
All that is missing the the function pointers in raid4_pers.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This cancel_delayed_work call is called from a function that is only called
from a piece of code that immediate follows a cancel and destruction of the
workqueue, so it's clearly a mistake.
Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bruce Fields [Tue, 27 Mar 2007 05:32:09 +0000 (21:32 -0800)]
[PATCH] knfsd: nfsd4: demote "clientid in use" printk to a dprintk
The reused clientid here is a more of a problem for the client than the
server, and the client can report the problem itself if it's serious.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bruce Fields [Tue, 27 Mar 2007 05:32:09 +0000 (21:32 -0800)]
[PATCH] knfsd: nfsd4: fix inheritance flags on v4 ace derived from posix default ace
A regression introduced in the last set of acl patches removed the
INHERIT_ONLY flag from aces derived from the posix acl. Fix.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Tue, 27 Mar 2007 05:32:08 +0000 (21:32 -0800)]
[PATCH] knfsd: allow nfsd READDIR to return 64bit cookies
->readdir passes lofft_t offsets (used as nfs cookies) to
nfs3svc_encode_entry{,_plus}, but when they pass it on to encode_entry it
becomes an 'off_t', which isn't good.
So filesystems that returned 64bit offsets would lose.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ingo Molnar [Sun, 11 Mar 2007 12:52:33 +0000 (13:52 +0100)]
KVM: always reload segment selectors
failed VM entry on VMX might still change %fs or %gs, thus make sure
that KVM always reloads the segment selectors. This is crutial on both
x86 and x86_64: x86 has __KERNEL_PDA in %fs on which things like
'current' depends and x86_64 has 0 there and needs MSR_GS_BASE to work.
Avi Kivity [Mon, 19 Mar 2007 11:18:10 +0000 (13:18 +0200)]
KVM: Prevent system selectors leaking into guest on real->protected mode transition on vmx
Intel virtualization extensions do not support virtualizing real mode. So
kvm uses virtualized vm86 mode to run real mode code. Unfortunately, this
virtualized vm86 mode does not support the so called "big real" mode, where
the segment selector and base do not agree with each other according to the
real mode rules (base == selector << 4).
To work around this, kvm checks whether a selector/base pair violates the
virtualized vm86 rules, and if so, forces it into conformance. On a
transition back to protected mode, if we see that the guest did not touch
a forced segment, we restore it back to the original protected mode value.
This pile of hacks breaks down if the gdt has changed in real mode, as it
can cause a segment selector to point to a system descriptor instead of a
normal data segment. In fact, this happens with the Windows bootloader
and the qemu acpi bios, where a protected mode memcpy routine issues an
innocent 'pop %es' and traps on an attempt to load a system descriptor.
"Fix" by checking if the to-be-restored selector points at a system segment,
and if so, coercing it into a normal data segment. The long term solution,
of course, is to abandon vm86 mode and use emulation for big real mode.
Oliver Endriss [Wed, 14 Mar 2007 02:44:57 +0000 (23:44 -0300)]
V4L/DVB (5441): Saa7146: Fix allocation of clipping memory
Olaf Hering pointed out that SAA7146_CLIPPING_MEM would become
very large for PAGE_SIZE > 4K.
In fact, the number of clipping windows is limited to 16,
and calculate_clipping_registers_rect() does not use more
than 256 bytes. SAA7146_CLIPPING_MEM adjusted accordingly.
Thanks-to: Olaf Hering <olaf@aepfle.de> Acked-by: Michael Hunold <hunold@linuxtv.org> Signed-off-by: Oliver Endriss <o.endriss@gmx.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Simon Arlott [Sat, 10 Mar 2007 09:21:25 +0000 (06:21 -0300)]
V4L/DVB (5400): Core: fix several locking related problems
Fix several instances of dvb-core functions using mutex_lock_interruptible
and returning -ERESTARTSYS where the calling function will either never
retry or never check the return value.
These cause a race condition with dvb_dmxdev_filter_free and
dvb_dvr_release, both of which are filesystem release functions whose
return value is ignored and will never be retried. When this happens it
becomes impossible to open dvr0 again (-EBUSY) since it has not been
released properly.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-By: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>