[PATCH] swsusp: prevent possible image corruption on resume
The function free_pagedir() used by swsusp for freeing its internal data
structures clears the PG_nosave and PG_nosave_free flags for each page
being freed.
However, during resume PG_nosave_free set means that the page in
question is "unsafe" (ie. it will be overwritten in the process of
restoring the saved system state from the image), so it should not be
used for the image data.
Therefore free_pagedir() should not clear PG_nosave_free if it's called
during resume (otherwise "unsafe" pages freed by it may be used for
storing the image data and the data may get corrupted later on).
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Barksdale [Wed, 19 Apr 2006 05:20:27 +0000 (22:20 -0700)]
[PATCH] m41t00: fix bitmasks when writing to chip
Fix the bitmasks used when writing to the M41T00 registers.
The original code used a mask of 0x7f when writing to each register,
this is incorrect and probably the result of a copy-paste error. As a
result years from 1980 to 1999 will be read back as 2000 to 2019.
Signed-off-by: David Barksdale <amatus@ocgnet.org> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Wed, 19 Apr 2006 05:20:24 +0000 (22:20 -0700)]
[PATCH] uml: MADV_REMOVE fixes
MADV_REMOVE fixes - change the test mapping to be MAP_SHARED instead of
MAP_PRIVATE, as MADV_REMOVE on MAP_PRIVATE maps won't work. Also, use
the kernel's definition of MADV_REMOVE instead of hardcoding it if there
isn't a libc definition.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
for_each_cpu() actually iterates across all possible CPUs. We've had
mistakes in the past where people were using for_each_cpu() where they
should have been iterating across only online or present CPUs. This is
inefficient and possibly buggy.
We're renaming for_each_cpu() to for_each_possible_cpu() to avoid this
in the future.
This patch replaces for_each_cpu with for_each_possible_cpu.
[PATCH] task: Make task list manipulations RCU safe
While we can currently walk through thread groups, process groups, and
sessions with just the rcu_read_lock, this opens the door to walking the
entire task list.
We already have all of the other RCU guarantees so there is no cost in
doing this, this should be enough so that proc can stop taking the
tasklist lock during readdir.
prev_task was killed because it has no users, and using it will miss new
tasks when doing an rcu traversal.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml: make 64-bit COW files compatible with 32-bit ones
This is the minimal fix to make 64-bit UML binaries create 32-bit
compatible COW files and read them.
I've indeed tested that current code doesn't do this - the code gets
SIGFPE for a division by a value read at the wrong place, where 0 is
found.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (47 commits)
[MAINTAINERS] The ham radio code now has website at http://www.linux-ax25.org.
[MIPS] Use __ffs() instead of ffs() for waybit calculation.
[MIPS] Fix Makefile bugs for MIPS32/MIPS64 R1 and R2.
[MIPS] Handle IDE PIO cache aliases on SMP.
[MIPS] Make mips_srs_init static.
[MIPS] MIPS boards: Set HZ to 100.
[MIPS] kgdb: Let gcc compute the array size itself.
[MIPS] FPU affinity for MT ASE.
[MIPS] MT: Improved multithreading support.
[MIPS] kpsd and other AP/SP improvements.
[MIPS] R2: Instruction hazard barrier.
[MIPS] Fix genrtc compilation.
[MIPS] R2: Implement shadow register allocation without spinlock.
[MIPS] Fix VR41xx build errors.
[MIPS] Fix tx49_blast_icache32_page_indexed.
[MIPS] Enable SCHED_NO_NO_OMIT_FRAME_POINTER for MIPS.
[MIPS] Use "R" constraint for cache_op.
[MIPS] Rewrite all the assembler interrupt handlers to C.
[MIPS] Fix the crime against humanity that mipsIRQ.S is.
[MIPS] Fixup damage done by 22a9835c350782a5c3257343713932af3ac92ee0.
...
[MIPS] Rewrite all the assembler interrupt handlers to C.
Saves like 1,600 lines of code, is way easier to debug, compilers
frequently do a better job than the cut and paste type of handlers many
boards had. And finally having all the stuff done in a single place
also means alot of bug potencial for the MT ASE is gone.
The only surviving handler in assembler is the DECstation one; I hope
Maciej will rewrite it.
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Remove redundant NULL checks before [kv]free
unaligned access in sk_run_filter()
[IPV6]: Clean up hop-by-hop options handler.
[IPV6] XFRM: Fix decoding session with preceding extension header(s).
[IPV6] XFRM: Don't use old copy of pointer after pskb_may_pull().
[IPV6]: Ensure to have hop-by-hop options in our header of &sk_buff.
[TCP]: Fix truesize underflow
- Removed unused argument (nhoff) for ipv6_parse_hopopts().
- Make ipv6_parse_hopopts() to align with other extension header
handlers.
- Removed pointless assignment (hdr), which is not used afterwards.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV6] XFRM: Fix decoding session with preceding extension header(s).
We did not correctly decode session with preceding extension
header(s). This was because we had already pulled preceding
headers, skb->nh.raw + 40 + 1 - skb->data was minus, and
pskb_may_pull() failed.
We now have IP6CB(skb)->nhoff and skb->h.raw, and we can
start parsing / decoding upper layer protocol from current
position.
Tracked down by Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
and tested by Kazunori Miyazawa <kazunori@miyazawa.org>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 18 Apr 2006 20:24:14 +0000 (13:24 -0700)]
[TCP]: Fix truesize underflow
There is a problem with the TSO packet trimming code. The cause of
this lies in the tcp_fragment() function.
When we allocate a fragment for a completely non-linear packet the
truesize is calculated for a payload length of zero. This means that
truesize could in fact be less than the real payload length.
When that happens the TSO packet trimming can cause truesize to become
negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE
which would trigger the warning.
I've copied the code DaveM used in tso_fragment which should work here.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Renninger [Thu, 13 Apr 2006 13:14:04 +0000 (15:14 +0200)]
[CPUFREQ] If max_freq got reduced (e.g. by _PPC) a write to sysfs scaling_governor let cpufreq core stuck at low max_freq for ever
The previous patch had bugs (locking and refcount).
This one could also be related to the latest DELL reports.
But they only slip into this if a user prog (e.g. powersave daemon does when
AC got (un) plugged due to a scheme change) echos something to
/sys/../cpufreq/scaling_governor
while the frequencies got limited by BIOS.
This one works:
Subject: Max freq stucks at low freq if reduced by _PPC and sysfs gov access
The problem is reproducable by(if machine is limiting freqs via BIOS):
- Unplugging AC -> max freq gets limited
- echo ${governor} >/sys/.../cpufreq/scaling_governor (policy->user_data.max
gets overridden with policy->max and will never come up again.)
This patch exchanged the cpufreq_set_policy call to __cpufreq_set_policy and
duplicated it's functionality but did not override user_data.max.
The same happens with overridding min/max values. If freqs are limited and
you override the min freq value, the max freq global value will also get
stuck to the limited freq, even if BIOS allows all freqs again.
Last scenario does only happen if BIOS does not reduce the frequency
to the lowest value (should never happen, just for correctness...)
Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: "Pallipadi, Venkatesh" <venkatesh.pallipadi@intel.com> Signed-off-by: Dave Jones <davej@redhat.com>
Move platform_scoop_config from the SharpSL scoop PCMCIA driver to
the SCOOP driver. This avoids build failures when PCMCIA is not built
or is modular (scoop.c itself cannot be modular).
Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
x86: don't allow tail-calls in sys_ftruncate[64]()
Gcc thinks it owns the incoming argument stack, but that's not true for
"asmlinkage" functions, and it corrupts the caller-set-up argument stack
when it pushes the third argument onto the stack. Which can result in
%ebx getting corrupted in user space.
Now, normally nobody sane would ever notice, since libc will save and
restore %ebx anyway over the system call, but it's still wrong.
I'd much rather have "asmlinkage" tell gcc directly that it doesn't own
the stack, but no such attribute exists, so we're stuck with our hacky
manual "prevent_tail_call()" macro once more (we've had the same issue
before with sys_waitpid() and sys_wait4()).
Thanks to Hans-Werner Hilse <hilse@sub.uni-goettingen.de> for reporting
the issue and testing the fix.
Merge branch 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: Fix further issues in drivers/char/drm/via_irq.c
drivers/char/drm/drm_memory.c: possible cleanups
drm: deline a few large inlines in DRM code
drm: remove master setting from add/remove context
drm: drm_pci needs dma-mapping.h
[PATCH] drm: Fix issue reported by Coverity in drivers/char/drm/via_irq.c
o Start booting into the capture kernel after an Oops if system is in a
unrecoverable state. System will boot into the capture kernel, if one is
pre-loaded by the user, and capture the kernel core dump.
o One of the following conditions should be true to trigger the booting of
capture kernel.
- panic_on_oops is set.
- pid of current thread is 0
- pid of current thread is 1
- Oops happened inside interrupt context.
The patch I submitted earlier to fix disabled LAPIC handling in ACPI
was mismerged for some reason I still don't quite understand. Parts
of it was applied to the wrong function.
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge:
powerpc: Use correct sequence for putting CPU into nap mode
[PATCH] spufs: fix context-switch decrementer code
[PATCH] powerpc32: Set cpu explicitly in kernel compiles
[PATCH] powerpc/pseries: bugfix: balance calls to pci_device_put
[PATCH] powerpc: Fix machine detection in prom_init.c
[PATCH] ppc32: Fix string comparing in platform_notify_map
[PATCH] powerpc: Avoid __initcall warnings
[PATCH] powerpc: Ensure runlatch is off in the idle loop
powerpc: Fix CHRP booting - needs a define_machine call
powerpc: iSeries has only 256 IRQs
[PATCH] cfq: Further rbtree traversal and cfq_exit_queue() race fix
In current code, we are re-reading cic->key after dead cic->key check.
So, in theory, it may really re-read *after* cfq_exit_queue() seted NULL.
To avoid race, we copy it to stack, then use it. With this change, I
guess gcc will assign cic->key to a register or stack, and it wouldn't
be re-readed.
Paul Mackerras [Tue, 18 Apr 2006 11:49:11 +0000 (21:49 +1000)]
powerpc: Use correct sequence for putting CPU into nap mode
We weren't using the recommended sequence for putting the CPU into
nap mode. When I changed the idle loop, for some reason 7447A cpus
started hanging when we put them into nap mode. Changing to the
recommended sequence fixes that.
The complexity here is that the recommended sequence is a loop that
keeps putting the cpu back into nap mode. Clearly we need some way
to break out of the loop when an interrupt (external interrupt,
decrementer, performance monitor) occurs. Here we use a bit in
the thread_info struct to indicate that we need this, and the exception
entry code notices this and arranges for the exception to return
to the value in the link register, thus breaking out of the loop.
We use a new `local_flags' field in the thread_info which we can
alter without needing to use an atomic update sequence.
The PPC970 has the same recommended sequence, so we do the same thing
there too.
This also fixes a bug in the kernel stack overflow handling code on
32-bit, since it was causing a value that we needed in a register to
get trashed.
When queue dies, we set cic->key=NULL as dead mark. So, when we
traverse a rbtree, we must check whether it's still valid key. if it
was invalidated, drop it, then restart the traversal from top.
[PATCH] IPC: access to unmapped vmalloc area in grow_ary()
grow_ary() should not copy struct ipc_id_ary (it copies new->p, not
new). Due to this, memcpy() src pointer could hit unmapped vmalloc page
when near page boundary.
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
The bug is caused by ip_route_input dereferencing skb->nh.protocol of
the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
it). It only happens if the route requested is for a multicast IP
address.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>