Anand Gadiyar [Tue, 11 Mar 2008 06:40:35 +0000 (12:10 +0530)]
ARM: OMAP: Fix chain_a_transfer return value
This patch changes the return value of omap_dma_chain_a_transfer
to 0 on success instead of the flag 'start_dma', which wasn't really useful
for anything.
Signed-off-by: Anand Gadiyar <gadiyar@ti.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
Linus Torvalds [Tue, 11 Mar 2008 01:45:51 +0000 (18:45 -0700)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[libata] Add support for the RB500 PATA CompactFlash
ahci: logical-bitwise and confusion in ahci_save_initial_config()
libata: don't allow sysfs read access to force param
ahci: add the Device IDs for nvidia MCP7B AHCI
libata-sff: handle controllers w/o ctl register
libata: allow LLDs w/o any reset method
ata: replace remaining __FUNCTION__ occurrences
I figured out another ACPI related regression today.
randconfig testing triggered an early boot-time hang on a laptop of mine
(32-bit x86, config attached) - the screen was scrolling ACPI AML
exceptions [with no serial port and no early debugging available].
v2.6.24 works fine on that laptop with the same .config, so after a few
hours of bisection (had to restart it 3 times - other regressions
interacted), it honed in on this commit:
| 10270d4838bdc493781f5a1cf2e90e9c34c9142f is first bad commit
|
| Author: Linus Torvalds <torvalds@woody.linux-foundation.org>
| Date: Wed Feb 13 09:56:14 2008 -0800
|
| acpi: fix acpi_os_read_pci_configuration() misuse of raw_pci_read()
reverting this commit ontop of -rc5 gave a correctly booting kernel.
But this commit fixes a real bug so the real question is, why did it
break the bootup?
After quite some head-scratching, the following change stood out:
- pci_id->bus = tu8;
+ pci_id->bus = val;
pci_id->bus is defined as u16:
struct acpi_pci_id {
u16 segment;
u16 bus;
...
and 'tu8' changed from u8 to u32. So previously we'd unconditionally
mask the return value of acpi_os_read_pci_configuration()
(raw_pci_read()) to 8 bits, but now we just trust whatever comes back
from the PCI access routines and only crop it to 16 bits.
But if the high 8 bits of that result contains any noise then we'll
write that into ACPI's PCI ID descriptor and confuse the heck out of the
rest of ACPI.
So lets check the PCI-BIOS code on that theory. We have this codepath
for 8-bit accesses (arch/x86/pci/pcbios.c:pci_bios_read()):
Aha! The "=a" output constraint puts the full 32 bits of EAX into
*value. But if the BIOS's routines set any of the high bits to nonzero,
we'll return a value with more set in it than intended.
The other, more common PCI access methods (v1 and v2 PCI reads) clear
out the high bits already, for example pci_conf1_read() does:
which explicitly converts the return byte up to 32 bits and zero-extends
it.
So zero-extending the result in the PCI-BIOS read routine fixes the
regression on my laptop. ( It might fix some other long-standing issues
we had with PCI-BIOS during the past decade ... ) Both 8-bit and 16-bit
accesses were buggy.
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6:
PCI Hotplug: Fix small mem leak in IBM Hot Plug Controller Driver
PCI: rename DECLARE_PCI_DEVICE_TABLE to DEFINE_PCI_DEVICE_TABLE
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6:
drivers: fix dma_get_required_mask
firmware: provide stubs for the FW_LOADER=n case
nozomi: fix initialization and early flow control access
sysdev: fix problem with sysdev_class being re-registered
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
lguest: Do not append space to guests kernel command line
lguest: Revert 1ce70c4fac3c3954bd48c035f448793867592bc0, fix real problem.
lguest: Sanitize the lguest clock.
lguest: fix __get_vm_area usage.
lguest: make sure cpu is initialized before accessing it
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
[WATCHDOG] make watchdog/hpwdt.c:asminline_call() static
[WATCHDOG] Remove volatiles from watchdog device structures
[WATCHDOG] replace remaining __FUNCTION__ occurrences
[WATCHDOG] hpwdt: Use dmi_walk() instead of own copy
[WATCHDOG] Fix return value warning in hpwdt
[WATCHDOG] Fix declaration of struct smbios_entry_point in hpwdt
[WATCHDOG] it8712f_wdt support for 16-bit timeout values, WDIOC_GETSTATUS
Krzysztof Helt [Mon, 10 Mar 2008 18:44:00 +0000 (11:44 -0700)]
mbxfb: fix incorrect argument type
Fix wrong pointer type passed into the dev_dbg() function.
Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl> Acked-by: Mike Rapoport <mike@compulab.co.il> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Piggin [Mon, 10 Mar 2008 18:43:59 +0000 (11:43 -0700)]
iov_iter_advance() fix
iov_iter_advance() skips over zero-length iovecs, however it does not properly
terminate at the end of the iovec array. Fix this by checking against
i->count before we skip a zero-length iov.
The bug was reproduced with a test program that continually randomly creates
iovs to writev. The fix was also verified with the same program and also it
could verify that the correct data was contained in the file after each
writev.
Paul E. McKenney [Mon, 10 Mar 2008 18:43:57 +0000 (11:43 -0700)]
rcu: move PREEMPT_RCU config option back under PREEMPT
The original preemptible-RCU patch put the choice between classic and
preemptible RCU into kernel/Kconfig.preempt, which resulted in build failures
on machines not supporting CONFIG_PREEMPT. This choice was therefore moved to
init/Kconfig, which worked, but placed the choice between classic and
preemptible RCU at the top level, a very obtuse choice indeed.
This patch changes from the Kconfig "choice" mechanism to a pair of booleans,
only one of which (CONFIG_PREEMPT_RCU) is user-visible, and is located in
kernel/Kconfig.preempt, where one would expect it to be. The other
(CONFIG_CLASSIC_RCU) is in init/Kconfig so that it is available to all
architectures, hopefully avoiding build breakage. Thanks to Roman Zippel for
suggesting this approach.
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Acked-by: Steven Rostedt <rostedt@goodmis.org> Cc: Dipankar Sarma <dipankar@in.ibm.com> Cc: Josh Triplett <josh@freedesktop.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexey Dobriyan [Mon, 10 Mar 2008 18:43:53 +0000 (11:43 -0700)]
modules: warn about suspicious return values from module's ->init() hook
Return value convention of module's init functions is 0/-E. Sometimes,
e.g. during forward-porting mistakes happen and buggy module created,
where result of comparison "workqueue != NULL" is propagated all the way up
to sys_init_module. What happens is that some other module created
workqueue in question, our module created it again and module was
successfully loaded.
Or it could be some other bug.
Let's make such mistakes much more visible. In retrospective, such
messages would noticeably shorten some of my head-scratching sessions.
Note, that dump_stack() is just a way to get attention from user. Sample
message:
sys_init_module: 'foo'->init suspiciously returned 1, it should follow 0/-E convention
sys_init_module: loading module anyway...
Pid: 4223, comm: modprobe Not tainted 2.6.24-25f666300625d894ebe04bac2b4b3aadb907c861 #5
Rusty Russell [Mon, 10 Mar 2008 18:43:52 +0000 (11:43 -0700)]
modules: fix module waiting for dependent modules' init
Commit c9a3ba55 (module: wait for dependent modules doing init.) didn't quite
work because the waiter holds the module lock, meaning that the state of the
module it's waiting for cannot change.
Fortunately, it's fairly simple to update the state outside the lock and do
the wakeup.
Thanks to Jan Glauber for tracking this down and testing (qdio and qeth).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Cc: Jan Glauber <jang@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adam Litke [Mon, 10 Mar 2008 18:43:50 +0000 (11:43 -0700)]
hugetlb: correct page count for surplus huge pages
Free pages in the hugetlb pool are free and as such have a reference count of
zero. Regular allocations into the pool from the buddy are "freed" into the
pool which results in their page_count dropping to zero. However, surplus
pages can be directly utilized by the caller without first being freed to the
pool. Therefore, a call to put_page_testzero() is in order so that such a
page will be handed to the caller with a correct count.
This has not affected end users because the bad page count is reset before the
page is handed off. However, under CONFIG_DEBUG_VM this triggers a BUG when
the page count is validated.
Thanks go to Mel for first spotting this issue and providing an initial fix.
Signed-off-by: Adam Litke <agl@us.ibm.com> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: William Lee Irwin III <wli@holomorphy.com> Cc: Andy Whitcroft <apw@shadowen.org> Cc: Mel Gorman <mel@csn.ul.ie> Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Arnaud Patard [Mon, 10 Mar 2008 18:43:48 +0000 (11:43 -0700)]
gpio/pca953x bugfix: mark as can_sleep
The pca953x driver is an I2C driver so gpio_chip->can_sleep should be set.
This lets upper layers know they should use the gpio_*_cansleep() calls to
access values, and may not access them from nonsleeping contexts.
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: "eric miao" <eric.y.miao@gmail.com> Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Mon, 10 Mar 2008 18:43:48 +0000 (11:43 -0700)]
md: reduce CPU wastage on idle md array with a write-intent bitmap
Recent patch titled
Reduce CPU wastage on idle md array with a write-intent bitmap.
would sometimes leave the array with dirty bitmap bits that stay dirty. A
subsequent write would sort things out so it isn't a big problem, but should
be fixed nonetheless.
We need to make sure that when the bitmap becomes not "allclean", the
daemon_sleep really does get set to a sensible value.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
NeilBrown [Mon, 10 Mar 2008 18:43:47 +0000 (11:43 -0700)]
md: fix formatting error in /proc/mdstat
If an md array is "auto-read-only", then this appears in /proc/mdstat as
/dev/md0: active(auto-read-only)
whereas if it is truely readonly, it appears as
/dev/md0: active (read-only)
The difference being a space.
One program known to parse this file expects the space and gets badly
confused. It will be fixed, but it would be best if what the kernel generates
is more consistent too.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Lee Schermerhorn [Mon, 10 Mar 2008 18:43:45 +0000 (11:43 -0700)]
mempolicy: fix reference counting bugs
Address 3 known bugs in the current memory policy reference counting method.
I have a series of patches to rework the reference counting to reduce overhead
in the allocation path. However, that series will require testing in -mm once
I repost it.
1) alloc_page_vma() does not release the extra reference taken for
vma/shared mempolicy when the mode == MPOL_INTERLEAVE. This can result in
leaking mempolicy structures. This is probably occurring, but not being
noticed.
Fix: add the conditional release of the reference.
2) hugezonelist unconditionally releases a reference on the mempolicy when
mode == MPOL_INTERLEAVE. This can result in decrementing the reference
count for system default policy [should have no ill effect] or premature
freeing of task policy. If this occurred, the next allocation using task
mempolicy would use the freed structure and probably BUG out.
Fix: add the necessary check to the release.
3) The current reference counting method assumes that vma 'get_policy()'
methods automatically add an extra reference a non-NULL returned mempolicy.
This is true for shmem_get_policy() used by tmpfs mappings, including
regular page shm segments. However, SHM_HUGETLB shm's, backed by
hugetlbfs, just use the vma policy without the extra reference. This
results in freeing of the vma policy on the first allocation, with reuse of
the freed mempolicy structure on subsequent allocations.
Fix: Rather than add another condition to the conditional reference
release, which occur in the allocation path, just add a reference when
returning the vma policy in shm_get_policy() to match the assumptions.
Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com> Cc: Greg KH <greg@kroah.com> Cc: Andi Kleen <ak@suse.de> Cc: Christoph Lameter <clameter@sgi.com> Cc: Mel Gorman <mel@csn.ul.ie> Cc: David Rientjes <rientjes@google.com> Cc: <eric.whitney@hp.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Dubov [Mon, 10 Mar 2008 18:43:40 +0000 (11:43 -0700)]
tifm: fix memorystick host initialization code
Instead of assuming that host is powered on only once at card insertion, allow
for the possibility that memstick layer may need to cycle card's power to get
it out from some unhealthy states.
Signed-off-by: Alex Dubov <oakad@yahoo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Dubov [Mon, 10 Mar 2008 18:43:40 +0000 (11:43 -0700)]
tifm: fix the MemoryStick host fifo handling code
Additional input received from JMicron on MemoryStick host interfaces showed
that some assumtions in fifo handling code were incorrect. This patch also
fixes data corruption used to occure during PIO transfers.
Signed-off-by: Alex Dubov <oakad@yahoo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Krzysztof Helt [Mon, 10 Mar 2008 18:43:37 +0000 (11:43 -0700)]
tridentfb: fix memory size detection
Fix memory size multiplier during detection.
Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Krzysztof Helt [Mon, 10 Mar 2008 18:43:36 +0000 (11:43 -0700)]
tridentfb: register should be left in non-locked state
Remove locking registers after they are unlocked during switch to/from MMIO
mode. This fixes regression on the Blade3D (Trident 9880) caused by the
previous patch (probe fixes).
Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Josh Boyer [Mon, 10 Mar 2008 18:43:35 +0000 (11:43 -0700)]
of_serial: fix section mismatch warnings
Fix the following section mismatches:
WARNING: drivers/built-in.o(.exit.text+0x5a): Section mismatch in reference from the function of_platform_serial_exit() to the variable .devinit.data:of_platform_serial_driver
The function __exit of_platform_serial_exit() references
a variable __devinitdata of_platform_serial_driver.
Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Thu, 6 Mar 2008 04:12:54 +0000 (13:12 +0900)]
libata-sff: handle controllers w/o ctl register
SFF incorrectly assumed that ctl register is available for all
controllers while some old SFF controllers don't have ctl register.
Make SFF handle controllers w/o ctl register by conditionalizing ctl
register access and softreset method.
Tejun Heo [Thu, 6 Mar 2008 04:09:34 +0000 (13:09 +0900)]
libata: allow LLDs w/o any reset method
Some old SFF controllers don't have any way to reset the channel.
Currently, this isn't supported and libata EH causes an oops. Allow
LLDs w/o any reset method and just assume ATA class in such cases.
David Brownell [Fri, 7 Mar 2008 21:49:42 +0000 (13:49 -0800)]
USB: fix ehci unlink regressions
The recent EHCI driver update to split the IAA watchdog timer out from
the other timers made several things work better, but not everything;
and it created a couple new issues in bugzilla. Ergo this patch:
- Handle a should-be-rare SMP race between the watchdog firing
and (very late) IAA interrupts;
- Remove a shouldn't-have-been-added WARN_ON() test;
- Guard against one observed OOPS;
- If this watchdog fires during clean HC shutdown, it should act
as a NOP instead of interfering with the shutdown sequence;
- Guard against silicon errata hypothesized by some vendors:
* IAA status latch broken, but IAAD cleared OK;
* IAAD wasn't cleared when IAA status got reported;
The WARN_ON is in bugzilla as 10168; the OOPS as 10078; these are
both regressions.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Tested-by: Gordon Farquharson <gordonfarquharson@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mirko Bordignon [Mon, 10 Mar 2008 10:38:55 +0000 (11:38 +0100)]
USB: new ftdi_sio device id
Here is a patch that adds support for the propox jtagcable II dongle
(http://www.propox.com/products/t_117.html): their PID was missing,
therefore we were not able to have the device recognized though it uses
a standard FTDI chip.
Li Yang [Thu, 6 Mar 2008 10:40:07 +0000 (18:40 +0800)]
USB: fsl_usb2_udc: fix broken Kconfig
The patch fixes broken Kconfig caused by the name change of MPC834x option.
It also makes fsl_usb2_udc selectable on new platforms like MPC837x.
Signed-off-by: Li Yang <leoli@freescale.com> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrew Morton [Tue, 4 Mar 2008 23:25:08 +0000 (15:25 -0800)]
USB: drivers/usb/storage/sddr55.c: fix uninitialized var warnings
drivers/usb/storage/sddr55.c: In function 'sddr55_transport':
drivers/usb/storage/sddr55.c:526: warning: 'deviceID' may be used uninitialized in this function
drivers/usb/storage/sddr55.c:525: warning: 'manufacturerID' may be used uninitialized in this function
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pete Zaitcev [Wed, 5 Mar 2008 07:28:42 +0000 (23:28 -0800)]
USB: fix usb-serial generic recursive lock
Nobody should be using the generic usb-serial for anything other than
testing. Still, it's not a good thing that it's easy to lock up. There
is a traceback from NMI oopser here:
https://bugzilla.redhat.com/show_bug.cgi?id=431379
But in short, if a line discipline has a chance to echo anything, input
can loop back a write method. So, don't call tty_flip_buffer_push from
under a lock taken on write path.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesper Juhl [Sat, 8 Mar 2008 01:16:07 +0000 (02:16 +0100)]
PCI Hotplug: Fix small mem leak in IBM Hot Plug Controller Driver
In drivers/pci/hotplug/ibmphp_ebda.c::ebda_rsrc_controller(), storage is
allocated with kzalloc() and assigned to 'tmp_slot'. Then lots of
stuff, like ->flag, ->supported_speed etc is set in tmp_slot. A bit
further down there's then this test :
if (!bus_info_ptr1) {
rc = -ENODEV;
goto error;
}
At this point, tmp_slot has not been assigned to anything, so when
erroring-out we want to free it, but nothing at the 'error:' label
free's 'tmp_slot' - and we can't really free 'tmp_slot' at 'error:'
since we may jump to that label later when 'tmp_slot' *has* been used
and we do not want it freed. So, the only sane option left seems to be
to kfree(tmp_slot) just before jumping to the 'error:' label in the one
place where this is what actually makes sense. The following patch does
just that and thus kills off a tiny potential memory leak.
James Bottomley [Sun, 9 Mar 2008 16:57:56 +0000 (11:57 -0500)]
drivers: fix dma_get_required_mask
There's a bug in the current implementation of dma_get_required_mask()
where it ands the returned mask with the current device mask. This
rather defeats the purpose if you're using the call to determine what
your mask should be (since you will at that time have the default
DMA_32BIT_MASK). This bug results in any driver that uses this function
*always* getting a 32 bit mask, which is wrong.
James Bottomley [Fri, 7 Mar 2008 14:57:54 +0000 (08:57 -0600)]
firmware: provide stubs for the FW_LOADER=n case
libsas has a case where it uses the firmware loader to provide services,
but doesn't want to select it all the time. This currently causes a
compile failure in libsas if FW_LOADER=n. Fix this by providing error
stubs for the firmware loader API in the FW_LOADER=n case.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Frank Seidel [Thu, 6 Mar 2008 20:45:57 +0000 (21:45 +0100)]
nozomi: fix initialization and early flow control access
Due to some flaws in the initialization and flow control
code kernel oopses could be triggered e.g. when accessing
the card too early after insertion.
See e.g. kernel.org bug #10077.
The main part of the fix is a trivial state management
making sure the card is realy ready to use before allowing
any access.
Signed-off-by: Frank Seidel <fseidel@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Paul Bolle [Mon, 10 Mar 2008 15:39:03 +0000 (16:39 +0100)]
lguest: Do not append space to guests kernel command line
The lguest launcher appends a space to the kernel command line (if kernel
arguments are specified on its command line). This space is unneeded. More
importantly, this appended space will make Red Hat's nash script interpreter
(used in a Fedora style initramfs) add an empty argument to init's command
line. This empty argument will make kernel arguments like "init=/bin/bash"
fail (because the shell will try to execute a script with an empty name).
This could be considered a bug in nash, but is easily fixed in the lguest
launcher too.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ahmed managed to crash the Host in release_pgd(), which cannot be a Guest
bug, and indeed it wasn't.
The bug was that handing a 0 as the address of the toplevel page table
being manipulated can cause the lookup code in find_pgdir() to return
an uninitialized cache entry (we shadow up to 4 top level page tables
for each Guest).
The patch which he submitted (which removed the /4 from the index
calculation) simply ensured that these high-indexed entries hit the
early exit path of guest_set_pmd(). But you get lots of segfaults in
guest userspace as the PMDs aren't being updated.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 11 Mar 2008 14:35:56 +0000 (09:35 -0500)]
lguest: Sanitize the lguest clock.
Now the TSC code handles a zero return from calculate_cpu_khz(),
lguest can simply pass through the value it gets from the Host: if
non-zero, all the normal TSC code applies.
Otherwise (or if the Host really doesn't support TSC), the clocksource
code will fall back to the slower but reasonable lguest clock.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
lguest should pass the exact "end" it wants, not some random constant
(it was possible previously that it would actually get an address
different from SWITCHER_ADDR).
Also, Fabio Checconi pointed out that we should make sure we're not
hitting the fixmap area.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Cc: Robert Bragg <robert@sixbynine.org>
Eugene Teo [Sat, 9 Feb 2008 15:53:17 +0000 (23:53 +0800)]
lguest: make sure cpu is initialized before accessing it
If req is LHREQ_INITIALIZE, and the guest has been initialized before
(unlikely), it will attempt to access cpu->tsk even though cpu is not yet
initialized.
Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Tao Ma [Wed, 5 Mar 2008 07:49:55 +0000 (15:49 +0800)]
ocfs2: Fix NULL pointer dereferences in o2net
In some situations, ocfs2_set_nn_state might get called with sc = NULL and
valid = 0. If sc = NULL, we can't dereference it to get the o2nm_node
member. Instead, do what o2net_initialize_handshake does and use NULL when
calling o2net_reconnect_delay and o2net_idle_timeout.
Signed-off-by: Tao Ma <tao.ma@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Sunil Mushran [Sat, 1 Mar 2008 22:04:21 +0000 (14:04 -0800)]
ocfs2/dlm: Add missing dlm_lockres_put()s in migration path
During migration, the recovery master node may be asked to master a lockres
it may not know about. In that case, it would not only have to create a
lockres and add it to the hash, but also remember to to do the _put_
corresponding to the kref_init in dlm_init_lockres(), as soon as the migration
is completed. Yes, we don't wait for the dlm_purge_lockres() to do that
matching put. Note the ref added for it being in the hash protects the lockres
from being freed prematurely.
This patch adds that missing put, as described above, to plug a memleak.
Signed-off-by: Sunil Mushran <sunil.mushran@oracle.com> Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Sunil Mushran [Sat, 1 Mar 2008 22:04:20 +0000 (14:04 -0800)]
ocfs2/dlm: Add missing dlm_lock_put()s
Normally locks for remote nodes are freed when that node sends an UNLOCK
message to the master. The master node tags an DLM_UNLOCK_FREE_LOCK action
to do an extra put on the lock at the end.
However, there are times when the master node has to free the locks for the
remote nodes forcibly.
Two cases when this happens are:
1. When the master has migrated the lockres plus all locks to another node.
2. When the master is clearing all the locks of a dead node.
It was in the above two conditions that the dlm was missing the extra put.
Signed-off-by: Sunil Mushran <sunil.mushran@oracle.com> Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Tao Ma [Mon, 3 Mar 2008 02:53:02 +0000 (10:53 +0800)]
ocfs2: Fix an endian bug in online resize.
In ocfs2_group_add, 'cr' is a disk field of type 'ocfs2_chain_rec', and we
were putting cpu byteorder values into it. Swap things to the right endian
before storing.
Signed-off-by: Tao Ma <tao.ma@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Joel Becker [Tue, 12 Feb 2008 22:56:25 +0000 (14:56 -0800)]
ocfs2: Fix endian bug in o2dlm protocol negotiation.
struct dlm_query_join_packet is made up of four one-byte fields. They
are effectively in big-endian order already. However, little-endian
machines swap them before putting the packet on the wire (because
query_join's response is a status, and that status is treated as a u32
on the wire). Thus, a big-endian and little-endian machines will
treat this structure differently.
The solution is to have little-endian machines swap the structure when
converting from the structure to the u32 representation.
Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Tao Ma [Thu, 28 Feb 2008 02:41:55 +0000 (10:41 +0800)]
ocfs2: Use dlm_print_one_lock_resource for lock resource print
__dlm_print_one_lock_resource must be called with spin_lock
the res->spinlock. While in some cases, we use it without this
precondition and lead to the failure of assert_spin_locked.
So call dlm_print_one_lock_resource instead.
Signed-off-by: Tao Ma <tao.ma@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
fs/ocfs2/dlm/dlmdomain.c: In function 'dlm_send_join_cancels':
fs/ocfs2/dlm/dlmdomain.c:983: warning: format '%u' expects type 'unsigned int', but argument 7 has type 'long unsigned int'
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt:
time: remove obsolete CLOCK_TICK_ADJUST
time: don't touch an offlined CPU's ts->tick_stopped in tick_cancel_sched_timer()
time: prevent the loop in timespec_add_ns() from being optimised away
ntp: use unsigned input for do_div()
Ivan Kokshaysky [Sun, 9 Mar 2008 13:31:17 +0000 (16:31 +0300)]
alpha: fix iommu-related boot panic
This fixes a boot panic due to a typo in the recent iommu patchset from
FUJITA Tomonori <tomof@acm.org> - the code used dma_get_max_seg_size()
instead of dma_get_seg_boundary().
It also removes a couple of unnecessary BUG_ON() and ALIGN() macros.
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Reported-and-tested-by: Bob Tracy <rct@frus.com> Acked-by: FUJITA Tomonori <tomof@acm.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Gregory Haskins [Sat, 8 Mar 2008 05:10:15 +0000 (00:10 -0500)]
cpu hotplug: adjust root-domain->online span in response to hotplug event
We currently set the root-domain online span automatically when the
domain is added to the cpu if the cpu is already a member of
cpu_online_map.
This was done as a hack/bug-fix for s2ram, but it also causes a problem
with hotplug CPU_DOWN transitioning. The right way to fix the original
problem is to actually respond to CPU_UP events, instead of CPU_ONLINE,
which is already too late.
This solves the hung reboot regression reported by Andrew Morton and
others.
While the fix did greatly improve the situation, it was correctly pointed out
by Roman that it does have a small bug: If the users change clocksources after
the system has been running and NTP has made corrections, the correctoins made
against the old clocksource will be applied against the new clocksource,
causing error.
The second attempt, which corrects the issue in the NTP_INTERVAL_LENGTH
definition has also made it up-stream as commit e13a2e61dd5152f5499d2003470acf9c838eab84
Roman has correctly pointed out that CLOCK_TICK_ADJUST is calculated
based on the PIT's frequency, and isn't really relevant to non-PIT
driven clocksources (that is, clocksources other then jiffies and pit).
This patch reverts both of those changes, and simply removes
CLOCK_TICK_ADJUST.
This does remove the granularity error correction for users of PIT and Jiffies
clocksource users, but the granularity error but for the majority of users, it
should be within the 500ppm range NTP can accommodate for.
For systems that have granularity errors greater then 500ppm, the
"ntp_tick_adj=" boot option can be used to compensate.
[johnstul@us.ibm.com: provided changelog]
[mattilinnanvuori@yahoo.com: maek ntp_tick_adj static] Signed-off-by: Roman Zippel <zippel@linux-m68k.org> Acked-by: john stultz <johnstul@us.ibm.com> Signed-off-by: Matti Linnanvuori <mattilinnanvuori@yahoo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: mingo@elte.hu Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Karsten Wiese [Tue, 4 Mar 2008 22:59:55 +0000 (14:59 -0800)]
time: don't touch an offlined CPU's ts->tick_stopped in tick_cancel_sched_timer()
Silences WARN_ONs in rcu_enter_nohz() and rcu_exit_nohz(), which appeared
before caused by (repeated) calls to:
$ echo 0 > /sys/devices/system/cpu/cpu1/online
$ echo 1 > /sys/devices/system/cpu/cpu1/online
Signed-off-by: Karsten Wiese <fzu@wemgehoertderstaat.de> Cc: johnstul@us.ibm.com Cc: Rafael Wysocki <rjw@sisk.pl> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ingo Molnar <mingo@elte.hu> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
David Howells [Mon, 25 Feb 2008 17:31:57 +0000 (18:31 +0100)]
ntp: use unsigned input for do_div()
The kernel NTP code shouldn't hand 64-bit *signed* values to do_div(). Make it
instead hand 64-bit unsigned values. This gets rid of a couple of warnings.
Signed-off-by: David Howells <dhowells@redhat.com> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: john stultz <johnstul@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Roland McGrath [Sat, 8 Mar 2008 19:41:22 +0000 (11:41 -0800)]
Fix waitid si_code regression
In commit ee7c82da830ea860b1f9274f1f0cdf99f206e7c2 ("wait_task_stopped:
simplify and fix races with SIGCONT/SIGKILL/untrace"), the magic (short)
cast when storing si_code was lost in wait_task_stopped. This leaks the
in-kernel CLD_* values that do not match what userland expects.
Herbert Xu [Sat, 8 Mar 2008 12:29:43 +0000 (20:29 +0800)]
[CRYPTO] skcipher: Fix section mismatches
The previous patch to move chainiv and eseqiv into blkcipher created
a section mismatch for the chainiv exit function which was also called
from __init. This patch removes the __exit marking on it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Roland McGrath [Fri, 7 Mar 2008 22:56:02 +0000 (14:56 -0800)]
x86_64: make ptrace always sign-extend orig_ax to 64 bits
This makes 64-bit ptrace calls setting the 64-bit orig_ax field for a
32-bit task sign-extend the low 32 bits up to 64. This matches what a
64-bit debugger expects when tracing a 32-bit task.
This follows on my "x86_64 ia32 syscall restart fix". This didn't
matter until that was fixed.
The debugger ignores or zeros the high half of every register slot it
sets (including the orig_rax pseudo-register) uniformly. It expects
that the setting of the low 32 bits always has the same meaning as a
32-bit debugger setting those same 32 bits with native 32-bit
facilities.
This never arose before because the syscall restart check never
matched any -ERESTART* values due to lack of sign extension. Before
that fix, even 32-bit ptrace setting orig_eax to -1 failed to trigger
the restart check anyway. So this was never noticed as a regression
of 64-bit debuggers vs 32-bit debuggers on the same 64-bit kernel.
Signed-off-by: Roland McGrath <roland@redhat.com>
[ Changed to just do the sign-extension unconditionally on x86-64,
since orig_ax is always just a small integer and doesn't need
the full 64-bit range ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 7 Mar 2008 21:49:32 +0000 (13:49 -0800)]
Merge branch 'slab-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/christoph/vm
* 'slab-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/christoph/vm:
slub: fix typo in Documentation/vm/slub.txt
slab: NUMA slab allocator migration bugfix
slub: Do not cross cacheline boundaries for very small objects
slab - use angle brackets for include of kmalloc_sizes.h
slab numa fallback logic: Do not pass unfiltered flags to page allocator
slub statistics: Fix check for DEACTIVATE_REMOTE_FREES
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
ide: update references to Documentation/ide/ide.txt (v2)
ide: move ide.txt to Documentation/ide/
ide: fix buggy code in ide_register_hw()
ide: fix enabling DMA on it821x in "smart" mode
ide-cd: mark REQ_TYPE_ATA_PC write requests with REQ_RW flag