Marc Zyngier [Wed, 23 Aug 2006 22:50:57 +0000 (15:50 -0700)]
[SERIAL] sunsab: Fix E250 console with RSC.
This fixes yet another sunsab problem, when console is set to anything
but the first port. The console framework calls sunsab_console_setup
for each port, and we end up setting up a console on a not yet
discovered port, which leads to an Oops. Instead, defer console setup
until the requested port is properly initialized. Tested on an E250
through an RSC console.
Reported by Daniel Smolik <marvin@mydatex.cz>
Signed-off-by: Marc Zyngier <maz@misterjones.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Update the driver's list of HCA firmware revisions to make sure people
running Sinai firmware older than 1.1.0 get a message suggesting a
firmware upgrade. Update the Arbel versions as well while we are at it.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Michael Rash [Tue, 22 Aug 2006 07:45:22 +0000 (00:45 -0700)]
[TEXTSEARCH]: Fix Boyer Moore initialization bug
The pattern is set after trying to compute the prefix table, which tries
to use it. Initialize it before calling compute_prefix_tbl, make
compute_prefix_tbl consistently use only the data from struct ts_bm
and remove the now unnecessary arguments.
Signed-off-by: Michael Rash <mbr@cipherdyne.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This small change allows for easy per-route workarounds for broken hosts or
middleboxes that are not compliant with TCP standards for window scaling.
Rather than having to turn off window scaling globally. This patch allows
reducing or disabling window scaling if window clamp is present.
Example: Mark Lord reported a problem with 2.6.17 kernel being unable to
access http://www.everymac.com
# ip route add 216.145.246.23/32 via 10.8.0.1 window 65535
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.
It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.
Oleg Nesterov [Mon, 21 Aug 2006 06:34:15 +0000 (08:34 +0200)]
[PATCH] Fix current_io_context() vs set_task_ioprio() race
I know nothing about io scheduler, but I suspect set_task_ioprio() is not safe.
current_io_context() initializes "struct io_context", then sets ->io_context.
set_task_ioprio() running on another cpu may see the changes out of order, so
->set_ioprio(ioc) may use io_context which was not initialized properly.
Roland Dreier [Fri, 18 Aug 2006 17:41:46 +0000 (10:41 -0700)]
IB/mthca: No userspace SRQs if HCA doesn't have SRQ support
Leave all SRQ methods out of the device's uverbs_cmd_mask if the
device doesn't have SRQ support (because of ancient firmware) so that
we don't allow userspace to call the driver's create_srq method. This
fixes a userspace-triggerable oops caused by ib_uverbs_create_srq()
following the device's ->create_srq function pointer, which will be
NULL if the device doesn't support SRQs.
ACPI 3.0 appended a variable length UID string to the LAPIC structure
as part of support for > 256 processors. So the BAD_MADT_ENTRY() sanity
check can no longer compare for equality with a fixed structure length.
Signed-off-by: Alexey Y Starikovskiy <alexey.y.starikovskiy@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
Nicolas Pitre [Fri, 18 Aug 2006 16:20:15 +0000 (17:20 +0100)]
[ARM] 3746/2: Userspace helpers must be Thumb mode interworkable
Patch from Nicolas Pitre
The userspace helpers in clean/arch/arm/kernel/entry-armv.S are called
directly in/from userspace. They need to cope with being called from
Thumb code.
Patch below uses the bx interworking instruction when
CONFIG_ARM_THUMB=y.
Based on an earlier patch from Paul Brook <paul@codesourcery.com>
Signed-off-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Paul Gortmaker [Fri, 18 Aug 2006 14:32:17 +0000 (15:32 +0100)]
[ARM] 3756/1: Assign value for HWCAP_IWMMXT
Patch from Paul Gortmaker
Some folks here at Wind River asked me if I'd push this out
so that the value was generally agreed upon in advance by
all folks interested in working with iWMMXt. Seems simple
enough...
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Ben Dooks [Fri, 18 Aug 2006 14:32:10 +0000 (15:32 +0100)]
[ARM] 3753/1: S3C24XX: DMA fixes
Patch from Ben Dooks
A number of small issues with the S3C24XX DMA have
cropped up, which this patch fixes. These are:
- check wether we can load another buff in start
- update state handling in s3c2410_dma_lastxfer
- only reload in irq if channel is not idle
- more informative timeout errors (add source)
- do not call request_irq() with irqs locked
- added waitforstop function
The patch also adds a S3C2410_DMAOP_STARTED for
the occasions when the driver wants to ensure that
the DMA system load state is resynced after loading.
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Herbert Xu [Fri, 18 Aug 2006 01:22:32 +0000 (18:22 -0700)]
[BRIDGE]: Disable SG/GSO if TX checksum is off
When the bridge recomputes features, it does not maintain the
constraint that SG/GSO must be off if TX checksum is off.
This patch adds that constraint.
On a completely unrelated note, I've also added TSO6 and TSO_ECN
feature bits if GSO is enabled on the underlying device through
the new NETIF_F_GSO_SOFTWARE macro.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Jon Loeliger [Thu, 17 Aug 2006 13:42:35 +0000 (08:42 -0500)]
[POWERPC] Convert to mac-address for ethernet MAC address data.
Also accept "local-mac-address". However the old "address"
is now obsolete, but accepted for backwards compatibility.
It should be removed after all device trees have been
converted to use "mac-address".
Signed-off-by: Jon Loeliger <jdl@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Alexey Kuznetsov [Thu, 17 Aug 2006 23:44:46 +0000 (16:44 -0700)]
[IPV4]: severe locking bug in fib_semantics.c
Found in 2.4 by Yixin Pan <yxpan@hotmail.com>.
> When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) =
> is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). =
> Is the following case possible: a BH interrupts fib_release_info() while =
> holding the write lock, and calls ip_check_fib_default() which calls =
> read_lock(&fib_info_lock), and spin forever.
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Panagiotis Issaris <takis@issaris.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Kevin Hilman [Tue, 15 Aug 2006 09:02:33 +0000 (02:02 -0700)]
[ATM]: Compile error on ARM
atm_proc_exit() is declared as __exit, and thus in .exit.text. On
some architectures (ARM) .exit.text is discarded at compile time, and
since atm_proc_exit() is called by some other __init functions, it
results in a link error.
Signed-off-by: Kevin Hilman <khilman@mvista.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Tue, 15 Aug 2006 08:39:10 +0000 (01:39 -0700)]
[BNX2]: Fix tx race condition.
Fix a subtle race condition between bnx2_start_xmit() and bnx2_tx_int()
similar to the one in tg3 discovered by Herbert Xu:
CPU0 CPU1
bnx2_start_xmit()
if (tx_ring_full) {
tx_lock
bnx2_tx()
if (!netif_queue_stopped)
netif_stop_queue()
if (!tx_ring_full)
update_tx_ring
netif_wake_queue()
tx_unlock
}
Even though tx_ring is updated before the if statement in bnx2_tx_int() in
program order, it can be re-ordered by the CPU as shown above. This
scenario can cause the tx queue to be stopped forever if bnx2_tx_int() has
just freed up the entire tx_ring. The possibility of this happening
should be very rare though.
The following changes are made, very much identical to the tg3 fix:
1. Add memory barrier to fix the above race condition.
2. Eliminate the private tx_lock altogether and rely solely on
netif_tx_lock. This eliminates one spinlock in bnx2_start_xmit()
when the ring is full.
3. Because of 2, use netif_tx_lock in bnx2_tx_int() before calling
netif_wake_queue().
4. Add memory barrier to bnx2_tx_avail().
5. Add bp->tx_wake_thresh which is set to half the tx ring size.
6. Check for the full wake queue condition before getting
netif_tx_lock in tg3_tx(). This reduces the number of unnecessary
spinlocks when the tx ring is full in a steady-state condition.
Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
this minor patch fixes the description of net.ipv4.tcp_mem sysctl
in ip-sysctl.txt - the headline names the values "min, pressure, max",
while the description uses the "low, pressure, high" values.
Both tcp_rmem and tcp_wmem descriptions use the "min, pressure, max"
values, so I have changed the tcp_mem to match this and not vice versa.
Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
Michal Ruzicka [Tue, 15 Aug 2006 07:20:17 +0000 (00:20 -0700)]
[IPV4]: Possible leak of multicast source filter sctructure
There is a leak of a socket's multicast source filter list structure
on closing a socket with a multicast source filter set on an interface
that does not exist any more.
Signed-off-by: Michal Ruzicka <michal.ruzicka@comstar.cz> Acked-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Ingo Molnar [Tue, 15 Aug 2006 07:06:56 +0000 (00:06 -0700)]
[IPV6] lockdep: annotate __icmpv6_socket
Split off __icmpv6_socket's sk->sk_dst_lock class, because it gets
used from softirqs, which is safe for __icmpv6_sockets (because they
never get directly used via userspace syscalls), but unsafe for normal
sockets.
Has no effect on non-lockdep kernels.
Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Suresh Siddha [Tue, 15 Aug 2006 07:03:01 +0000 (00:03 -0700)]
[NET]: Fix potential stack overflow in net/core/utils.c
On High end systems (1024 or so cpus) this can potentially cause stack
overflow. Fix the stack usage.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 15 Aug 2006 00:08:36 +0000 (17:08 -0700)]
[VLAN]: Make sure bonding packet drop checks get done in hwaccel RX path.
Since __vlan_hwaccel_rx() is essentially bypassing the
netif_receive_skb() call that would have occurred if we did the VLAN
decapsulation in software, we are missing the skb_bond() call and the
assosciated checks it does.
Export those checks via an inline function, skb_bond_should_drop(),
and use this in __vlan_hwaccel_rx().
Signed-off-by: David S. Miller <davem@davemloft.net>
The code for using the radix tree for reverse mapping of interrupts has
a typo that causes it to create incorrect mappings if the software and
hardware numbers happen to be different. This would, among others, cause
the IDE interrupt to fail on js20's. This fixes it.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
[POWERPC] kprobes: Fix possible system crash during out-of-line single-stepping
- On archs that have no-exec support, we vmalloc() a executable scratch
area of PAGE_SIZE and divide it up into an array of slots of maximum
instruction size for that arch
- On a kprobe registration, the original instruction is copied to the
first available free slot, so if multiple kprobes are registered, chances
are, they get contiguous slots
- On POWER4, due to not having coherent icaches, we could hit a situation
where a probe that is registered on one processor, is hit immediately on
another. This second processor could have fetched the stream of text from
the out-of-line single-stepping area *before* the probe registration
completed, possibly due to an earlier (and a different) kprobe hit and
hence would see stale data at the slot.
Executing such an arbitrary instruction lead to a problem as reported
in LTC bugzilla 23555.
The correct solution is to call flush_icache_range() as soon as the
instruction is copied for out-of-line single-stepping, so the correct
instruction is seen on all processors.
Thanks to Will Schmidt who tracked this down.
Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Acked-by: Will Schmidt <will_schmidt@vnet.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
To compile kexec on 32-bit we need a few more bits and pieces. Rather
than add empty definitions, we can make crash.c work on 32-bit, with
only a couple of kludges.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
[POWERPC] Move some kexec logic into machine_kexec.c
We're missing a few functions for kexec to compile on 32-bit. There's
nothing really 64-bit specific about the 64-bit versions, so make them
generic rather than adding empty definitions for 32-bit.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
Will Schmidt [Tue, 8 Aug 2006 14:40:00 +0000 (09:40 -0500)]
[POWERPC] update {g5,iseries,pseries}_defconfigs
Updating the defconfigs for iseries, pseries, and G5. Sticking with
the defaults, with the following exceptions: I've turned off HW_RANDOM
for all three configs. For G5, I've enabled SND_AOA and friends as
modules; this includes the FABRIC_LAYOUT, ONYX, TAS, TOONIE and
SOUNDBUS* config options.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
David Wilder [Thu, 29 Jun 2006 22:17:30 +0000 (15:17 -0700)]
[POWERPC] Make secondary CPUs call into kdump on reset exception
In the case of a system hang, the user will invoke soft-reset to
initiate the kdump boot. If xmon is enabled, the CPU(s) enter into the
xmon debugger. Unfortunately, the secondary CPU(s) will return to the
hung state when they exit from the debugger (returned from die() ->
system_reset_exception()). This causes a problem in kdump since the
hung CPU(s) will not respond to the IPI sent from kdump. This patch
fixes the issue by calling crash_kexec_secondary() directly from
system_reset_exception() without returning to the previous state. These
secondary CPUs wait 5ms until the kdump boot is started by the primary
CPU. In the case we exited from the debugger to "recover" (command 'x'
in xmon) the primary and the secondary CPUs will all return from die()
-> system_reset_exception() ->crash_kexec_secondary() wait 5ms, then
return to the previous state. A kdump boot is not started in this case.
Signed-off-by: Haren Myneni <haren@us.ibm.com> Signed-off-by: David Wilder <dwilder@us.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
William Morrrow [Tue, 15 Aug 2006 05:37:31 +0000 (22:37 -0700)]
ACPI: Handle BIOS that resumes from S3 to suspend routine rather than resume vector
A BIOS has been found that resumes from S3 to the routine that invoked suspend,
ignoring the resume vector. This appears to the OS as a failed S3 attempt.
This same system suspend/resume's properly with Windows.
It is possible to invoke the protected mode register restore routine (which
would normally restore the sysenter registers) when the BIOS returns from
S3. This has no effect on a correctly running system and repairs the
damage from the deviant BIOS.
Signed-off-by: William Morrow <william.morrow@amd.com> Signed-off-by: Jordan Crouse <jordan.crouse@amd.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Len Brown <len.brown@intel.com>
Jack Morgenstein [Tue, 15 Aug 2006 14:20:50 +0000 (17:20 +0300)]
IB/core: Fix SM LID/LID change with client reregister set
After commit 12bbb2b7be7f5564952ebe0196623e97464b8ac5, when SM LID
change or LID change MAD also has a client reregistration bit set,
only CLIENT_REREGISTER event is generated.
As a result, the sa_query module and the cache module don't update the
port information, and ULPs (e.g. IPoIB) stop working. This is the
regression we observe as compared to 2.6.17.
Rather than generate multiple events (which would have negative
performance impact), let us simply let cache and SA query respond to
reregister event in the same way as to LID and SM change events.
Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il> Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
In some situations PAV alias devices on LPAR are not accessible.
The initialization procedure required to enable access to PAV alias
devices has to be performed per storage server subsystem and not
only once per storage server.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Change the build options for acpiphp so that it may build without being
dependent on the ACPI_DOCK option, but yet does not allow the option of
acpiphp being built-in when dock is built as a module.
This does not change the previous patch for ACPI_IBM_DOCK Kconfig.
For the following matrix of config options, I built an i386 kernel.
Dock acpiphp should it build? confirmed
y y y y
y n y y
y m y y
m y no - acpiphp should acpiphp was
convert to m converted to m
m n y y
m m y y
n y y y
n n y y
n m y y
Signed-off-by: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
Yasunori Goto [Tue, 15 Aug 2006 05:37:32 +0000 (22:37 -0700)]
ACPI: memory hotplug: remove useless message at boot time
This is to remove noisy useless message at boot. The message is a ton of
"ACPI Exception (acpi_memory-0492): AE_ERROR, handle is no memory device"
In my emulation, number of memory devices are not so many (only 6), but,
this messages are displayed 114 times.
It is showed by acpi_memory_register_notify_handler() which is called by
acpi_walk_namespace().
acpi_walk_namespace() parses all of ACPI's namespace and execute
acpi_memory_register_notify_handler(). So, it is called for all of the
device which is defined in namespace. If the parsing device is not memory,
acpi_memhotplug ignores it due to "no match" and will parse next device.
This is normal route, not an exception.
Signed-off-by: Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Len Brown <len.brown@intel.com>
Hans de Goede [Tue, 15 Aug 2006 10:09:27 +0000 (12:09 +0200)]
[PATCH] PATCH: 1 line 2.6.18 bugfix: modpost-64bit-fix.patch
There is a small but annoying bug in scripts/mod/file2alias.c which causes
it to generate invalid aliases for input devices on 64 bit archs. This causes
joydev.ko to not be automaticly loaded when inserting a joystick, resulting in
a non working joystick (for the average user).
In scripts/mod/file2alias.c is the following code for generating the input
aliases:
static void do_input(char *alias,
kernel_ulong_t *arr, unsigned int min, unsigned int max)
{
unsigned int i;
for (i = min; i < max; i++)
if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG)))
sprintf(alias + strlen(alias), "%X,*", i);
}
On 32 bits systems, this correctly generates "0,*" for the first alias, "8,*"
for the second etc.
However on 64 bits it generates: "0,*20,*" resp "8,*28,*" Notice how it adds 20
+ first entry (hex) ! to the list of hex codes, which is 32 more then the first
entry, thus is because the bit test above wraps at 32 bits instead of 64.
scripts/mod/file2alias.c, line 379 reads:
if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG)))
That should be:
if (arr[i / BITS_PER_LONG] & (1L << (i%BITS_PER_LONG)))
Notice the added 'L' after the 1, otherwise that is an 32 bit int instead of a
64 bit long, and when that int gets shifted >= 32 times, appearantly the number
by which to shift is wrapped at 5 bits ( % 32) causing it to test a bit 32 bits
too low.
The patch below makes the nescesarry 1 char change :)
Signed-off-by: Hans de Goede <j.w.r.degoede@hhs.nl> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 14 Aug 2006 15:54:48 +0000 (08:54 -0700)]
[PATCH] fcntl(F_SETSIG) fix
fcntl(F_SETSIG) no longer works on leases because
lease_release_private_callback() gets called as the lease is copied in
order to initialise it.
The problem is that lease_alloc() performs an unnecessary initialisation,
which sets the lease_manager_ops. Avoid the problem by allocating the
target lease structure using locks_alloc_lock().
[PATCH] fbdev: include backlight.h only when __KERNEL__ is defined
linux/backlight.h pulls in header files (eg. ioport.h) that break
compilation of userspace programs. To solve the problem, only include
backlight.h in fb.h if compiling kernel stuff.
Signed-off-by: Michal Januszewski <spock@gentoo.org> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
john stultz [Mon, 14 Aug 2006 06:24:24 +0000 (23:24 -0700)]
[PATCH] futex_handle_fault always fails
We found this issue last week w/ the -RT kernel, but it seems the same
issue is in mainline as well.
Basically it is possible for futex_unlock_pi to return without actually
freeing the lock. This is due to buggy logic in the use of
futex_handle_fault() and its attempt argument in a failure case.
Looking at futex.c the logic is as follows:
1) In futex_unlock_pi() we start w/ ret=0 and we go down to the first
futex_atomic_cmpxchg_inatomic(), where we find uval==-EFAULT. We then
jump to the pi_faulted label.
2) From pi_faulted: We increment attempt, unlock the sem and hit the
retry label.
3) From the retry label, with ret still zero, we again hit EFAULT on the
first futex_atomic_cmpxchg_inatomic(), and again goto the pi_faulted
label.
4) Again from pi_faulted: we increment attempt and enter the
conditional, where we call futex_handle_fault.
5) futex_handle_fault fails, and we goto the out_unlock_release_sem
label.
6) From out_unlock_release_sem we return, and since ret is still zero,
we return without error, while never actually unlocking the lock.
Issue #1: at the first futex_atomic_cmpxchg_inatomic() we should probably
be setting ret=-EFAULT before jumping to pi_faulted: However in our case
this doesn't really affect anything, as the glibc we're using ignores the
error value from futex_unlock_pi().
Issue #2: Look at futex_handle_fault(), its first conditional will return
-EFAULT if attempt is >= 2. However, from the "if(attempt++)
futex_handle_fault(attempt)" logic above, we'll *never* call
futex_handle_fault when attempt is less then two. So we never get a chance
to even try to fault the page in.
The following patch addresses these two issues by 1) Always setting ret to
-EFAULT if futex_handle_fault fails, and 2) Removing the = in
futex_handle_fault's (attempt >= 2) check.
I'm really not sure this is the right fix, but wanted to bring it up so
folks knew the issue is alive and well in the current -git tree. From
looking at the git logs the logic was first introduced (then later copied
to other places) in the following commit almost a year ago:
Kirill Korotaev [Mon, 14 Aug 2006 06:24:23 +0000 (23:24 -0700)]
[PATCH] sys_getppid oopses on debug kernel
sys_getppid() optimization can access a freed memory. On kernels with
DEBUG_SLAB turned ON, this results in Oops. As Dave Hansen noted, this
optimization is also unsafe for memory hotplug.
Horms [Mon, 14 Aug 2006 06:24:22 +0000 (23:24 -0700)]
[PATCH] Change panic_on_oops message to "Fatal exception"
Previously the message was "Fatal exception: panic_on_oops", as introduced
in a recent patch whith removed a somewhat dangerous call to ssleep() in
the panic_on_oops path. However, Paul Mackerras suggested that this was
somewhat confusing, leadind people to believe that it was panic_on_oops
that was the root cause of the fatal exception. On his suggestion, this
patch changes the message to simply "Fatal exception". A suitable oops
message should already have been displayed.
Signed-off-by: Simon Horman <horms@verge.net.au> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michal Miroslaw [Mon, 14 Aug 2006 06:24:20 +0000 (23:24 -0700)]
[PATCH] dm: BUG/OOPS fix
Fix BUG I tripped on while testing failover and multipathing.
BUG shows up on error path in multipath_ctr() when parse_priority_group()
fails after returning at least once without error. The fix is to
initialize m->ti early - just after alloc()ing it.
Dan Bastone [Mon, 14 Aug 2006 06:24:18 +0000 (23:24 -0700)]
[PATCH] initialize parts of udf inode earlier in create
Eric says:
> I saw an oops down this path when trying to create a new file on a UDF
> filesystem which was internally marked as readonly, but mounted rw:
>
> udf_create
> udf_new_inode
> new_inode
> alloc_inode
> udf_alloc_inode
> udf_new_block
> returns EIO due to readonlyness
> iput (on error)
I ran into the same issue today, but when listing a directory with
invalid/corrupt entries:
udf_lookup
udf_iget
get_new_inode_fast
alloc_inode
udf_alloc_inode
__udf_read_inode
fails for any reason
iput (on error)
...
The following patch to udf_alloc_inode() should take care of both (and
other similar) cases, but I've only tested it with udf_lookup().
Signed-off-by: Dan Bastone <dan@pwienterprises.com> Cc: Eric Sandeen <sandeen@sandeen.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Mon, 14 Aug 2006 03:12:58 +0000 (20:12 -0700)]
[INET]: Use pskb_trim_unique when trimming paged unique skbs
The IPv4/IPv6 datagram output path was using skb_trim to trim paged
packets because they know that the packet has not been cloned yet
(since the packet hasn't been given to anything else in the system).
This broke because skb_trim no longer allows paged packets to be
trimmed. Paged packets must be given to one of the pskb_trim functions
instead.
This patch adds a new pskb_trim_unique function to cover the IPv4/IPv6
datagram output path scenario and replaces the corresponding skb_trim
calls with it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Mark Huang [Mon, 14 Aug 2006 01:57:54 +0000 (18:57 -0700)]
[NETFILTER]: ulog: fix panic on SMP kernels
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.
Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Fix from Aji_Srinivas@emc.com, STP packets are incorrectly received on
all LLC datagram sockets, whichever interface they are bound to. The
llc_sap datagram receive logic sends packets with a unicast
destination MAC to one socket bound to that SAP and MAC, and multicast
packets to all sockets bound to that SAP. STP packets are multicast,
and we do need to know on which interface they were received.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 14 Aug 2006 01:55:53 +0000 (18:55 -0700)]
[IPSEC]: Validate properly in xfrm_dst_check()
If dst->obsolete is -1, this is a signal from the
bundle creator that we want the XFRM dst and the
dsts that it references to be validated on every
use.
I misunderstood this intention when I changed
xfrm_dst_check() to always return NULL.
Now, when we purge a dst entry, by running dst_free()
on it. This will set the dst->obsolete to a positive
integer, and we want to return NULL in that case so
that the socket does a relookup for the route.
Thus, if dst->obsolete<0, let stale_bundle() validate
the state, else always return NULL.
In general, we need to do things more intelligently
here because we flush too much state during rule
changes. Herbert Xu has some ideas wherein the key
manager gives us some help in this area. We can also
use smarter state management algorithms inside of
the kernel as well.
Signed-off-by: David S. Miller <davem@davemloft.net>
Yoav Steinberg [Sun, 13 Aug 2006 13:17:12 +0000 (14:17 +0100)]
[ARM] 3752/1: fix versatile flash resource map
Patch from Yoav Steinberg
Flash resource mapping for versatile machine included one extra byte for the end address. This results in failure to map other resources on physical address directly after the NOR flash.
Signed-off-by: Yoav Steinberg <yoav@monfort.co.il> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>