Currently we simply add the debug flags unconditional when checking for a
matching slab. This creates issues for sysfs processing when slabs exist
that are exempt from debugging due to their huge size or because only a
subset of slabs was selected for debugging.
We need to only add the flags if kmem_cache_open() would also add them.
Create a function to calculate the flags that would be set
if the cache would be opened and use that function to determine
the flags before looking for a compatible slab.
[akpm@linux-foundation.org: fixlets] Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Catch illegally nested kmap_atomic()s even if the page that is mapped by
the 'inner' instance is from lowmem.
This avoids spuriously zapped kmap-atomic ptes and turns hard to find
crashes into clear asserts at the bug site.
Problem is, a get_zeroed_page(GFP_KERNEL) from interrupt context will trigger
this check if non-irq code on this CPU holds a KM_USER0 mapping. But that
get_zeroed_page() will never be altering the kmap slot anyway due to the
GFP_KERNEL.
Cc: Christoph Lameter <clameter@sgi.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pavel Emelyanov [Tue, 11 Sep 2007 22:24:01 +0000 (15:24 -0700)]
Leases can be hidden by flocks
The inode->i_flock list contains the leases, flocks and posix
locks in the specified order. However, the flocks are added in
the head of this list thus hiding the leases from F_GETLEASE
command, from time_out_leases() and other code that expects
the leases to come first.
Zhenyu Wang [Tue, 11 Sep 2007 22:23:58 +0000 (15:23 -0700)]
intel_agp: fix GTT map size on G33
G33 has 1MB GTT table range. Fix GTT mapping in case like 512MB aperture
size.
Signed-off-by: Zhenyu Wang <zhenyu.z.wang@intel.com> Acked-by: Dave Airlie <airlied@linux.ie> Cc: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Zhenyu Wang [Tue, 11 Sep 2007 22:23:57 +0000 (15:23 -0700)]
intel_agp: fix stolen mem range on G33
G33 GTT stolen memory is below graphics data stolen memory and be seperate,
so don't subtract it in stolen mem counting.
Signed-off-by: Zhenyu Wang <zhenyu.z.wang@intel.com> Acked-by: Dave Airlie <airlied@linux.ie> Cc: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Taneli Vähäkangas <vahakang@cs.helsinki.fi> reported that commit 786d7e1612f0b0adb6046f19b906609e4fe8b1ba aka "Fix rmmod/read/write races
in /proc entries" broke SBCL + SLIME combo.
The old code in do_select() used DEFAULT_POLLMASK, if couldn't find
->poll handler. The new code makes ->poll always there and returns 0 by
default, which is not correct. Return DEFAULT_POLLMASK instead.
Steps to reproduce:
install emacs, SBCL, SLIME
emacs
M-x slime in *inferior-lisp* buffer
[watch it doing "Connecting to Swank on port X.."]
Please, apply before 2.6.23.
P.S.: why SBCL can't just read(2) /proc/cpuinfo is a mystery.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: T Taneli Vahakangas <vahakang@cs.helsinki.fi> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Ellerman [Tue, 11 Sep 2007 22:23:51 +0000 (15:23 -0700)]
Restore call_usermodehelper_pipe() behaviour
The semantics of call_usermodehelper_pipe() used to be that it would fork
the helper, and wait for the kernel thread to be started. This was
implemented by setting sub_info.wait to 0 (implicitly), and doing a
wait_for_completion().
As part of the cleanup done in 0ab4dc92278a0f3816e486d6350c6652a72e06c8,
call_usermodehelper_pipe() was changed to pass 1 as the value for wait to
call_usermodehelper_exec().
This is equivalent to setting sub_info.wait to 1, which is a change from
the previous behaviour. Using 1 instead of 0 causes
__call_usermodehelper() to start the kernel thread running
wait_for_helper(), rather than directly calling ____call_usermodehelper().
The end result is that the calling kernel code blocks until the user mode
helper finishes. As the helper is expecting input on stdin, and now no one
is writing anything, everything locks up (observed in do_coredump).
The fix is to change the 1 to UMH_WAIT_EXEC (aka 0), indicating that we
want to wait for the kernel thread to be started, but not for the helper to
finish.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Acked-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Miller [Tue, 11 Sep 2007 22:23:50 +0000 (15:23 -0700)]
tty: termios locking functions break with new termios type
I ran into a few problems.
n_tty_ioctl() for instance:
drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no
member named $,1rxc_ispeed$,1ry
This is calling the copy interface that is supposed to be using
a termios2 when the new interfaces are defined, however:
case TIOCGLCKTRMIOS:
if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked))
return -EFAULT;
return 0;
This is going to write over the end of the userspace
structure by a few bytes, and wasn't caught by you yet
because the i386 implementation is simply copy_to_user()
which does zero type checking.
Signed-off-by: Alan Cox <alan@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The futex list traversal on the compat side appears to have
a bug.
It's loop termination condition compares:
while (compat_ptr(uentry) != &head->list)
But that can't be right because "uentry" has the special
"pi" indicator bit still potentially set at bit 0. This
is cleared by fetch_robust_entry() into the "entry"
return value.
What this seems to mean is that the list won't terminate
when list iteration gets back to the the head. And we'll
also process the list head like a normal entry, which could
cause all kinds of problems.
So we should check for equality with "entry". That pointer
is of the non-compat type so we have to do a little casting
to keep the compiler and sparse happy.
The same problem can in theory occur with the 'pending'
variable, although that has not been reported from users
so far.
Based on the original patch from David Miller.
Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: David Miller <davem@davemloft.net> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matthew Wilcox [Tue, 11 Sep 2007 22:23:47 +0000 (15:23 -0700)]
PTR_ALIGN
The AdvanSys driver wants to align some pointers, and the ALIGN macro
doesn't work for pointers. Rather than try to make it work, add a new
PTR_ALIGN macro which is typesafe.
Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Robert P. J. Day <rpjday@mindspring.com> Acked-by: Satyam Sharma <satyam@infradead.org> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
md: fix some bugs with growing raid5/raid6 arrays.
The recent changed to raid5 to allow offload of parity calculation etc
introduced some bugs in the code for growing (i.e. adding a disk to) raid5
and raid6. This fixes them
Acked-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If the quirk enables the SIR part of the SMCf010 device, the 8250 driver
may claim it as a legacy ttyS device, which makes the legacy probe in the
smsc-ircc2 driver fail.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Cc: Andrey Borzenkov <arvidjaar@mail.ru> Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Andersson [Tue, 11 Sep 2007 22:23:30 +0000 (15:23 -0700)]
spi_mpc83xx: hang fix
When the spi_mpc83xx driver receives a tx_buf pointer which is NULL, it
only writes one zero filled word to the transmit register. If the driver
expects to receive more than one word it will wait forever for a second
receive interrupt. With this patch the controller will shift out zeroes
until all words have been received.
Signed-off-by: Jan Andersson <jan@gaisler.com> Tested-by: Anton Vorontsov <avorontsov@ru.mvista.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: Kumar Gala <galak@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Kara [Tue, 11 Sep 2007 22:23:29 +0000 (15:23 -0700)]
quota: fix infinite loop
If we fail to start a transaction when releasing dquot, we have to call
dquot_release() anyway to mark dquot structure as inactive. Otherwise we
end in an infinite loop inside dqput().
Signed-off-by: Jan Kara <jack@suse.cz> Cc: xb <xavier.bru@bull.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix aliasing bug in copy_user_highpage.
[MIPS] IP22: fix wrong argument order
[MIPS] IP22: Fix wrong check for second HPC
[MIPS] Ocelot: remove remaining bits
[MIPS] TLB: Fix instruction bitmasks
[MIPS] R10000: Fix wrong test in dma-default.c
[MIPS] Provide empty irq_enable_hazard definition for legacy and R1 cores.
[MIPS] Sibyte: Remove broken dependency on EXPERIMENTAL from SIBYTE_SB1xxx_SOC.
[MIPS] Kconfig: whitespace cleanup.
[MIPS] PCI: Set need_domain_info if controller domain index is non-zero.
[MIPS] BCM1480: Fix computation of interrupt mask address register.
[MIPS] i8259: Add disable method.
[MIPS] tty: add the new ioctls and definitions.
Fix a bitmask typo in the pdc202xx_new PLL frequency detection code
which causes it to truncate an intermediate difference to 26 bits
instead of the correct 30 bits (the PLL's bitwidth).
Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Daniel Exner [Tue, 11 Sep 2007 20:28:36 +0000 (22:28 +0200)]
pata_ali/alim15x3: override 80-wire cable detection for Toshiba S1800-814
Add Toshiba S1800-814 to whitelist for both pata_ali and alim15x3,
as it is correctly detected as 40-wire connected but this cable is
short enough to still use transfer modes higher than UDMA33.
Signed-off-by: Daniel Exner <dex@dragonslave.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Tue, 11 Sep 2007 20:28:36 +0000 (22:28 +0200)]
hpt366: UltraDMA filter for SATA cards (take 2)
The Marvell bridge chips used on HighPoint SATA cards do not seem to support
the UltraDMA modes 1, 2, and 3 as well as any MWDMA modes, so the driver needs
to account for this in the udma_filter() method. In order to achieve that, do
the following changes:
- install the method for all chips, not only HPT36x/370 and improve the code
formatting by killing the extra tabs while at it;
- add to the end of the 'switch' statement in the method cases for HPT372[AN]
and HPT374 chips upon which the known SATA cards are based;
- use hwif->ultra_mask as a default mask for the ide_dma_filter() method to
behave correctly;
- move the HPT370[A] cases below the HPT36x case for consistency.
While at it, replace the explicit UltraDMA mode masks with ATA_UDMA* constants
all over the driver...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: Bob Ham <rah@bash.sh> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Tue, 11 Sep 2007 20:28:36 +0000 (22:28 +0200)]
ide: add ide_dev_is_sata() helper (take 2)
Make the SATA drive detection code from eighty_ninty_three() into inline
ide_dev_is_sata() helper fixing it along the way to be more strict while
checking word 80 for the reserved values...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Tue, 11 Sep 2007 20:28:35 +0000 (22:28 +0200)]
hpt366: fix PCI clock detection for HPT374 (take 4)
HPT374 BIOS seems to only save f_CNT register value for the function #0 before
re-tuning DPLL (that causes the driver to report obviously distorted f_CNT for
the function #1) -- fix this by always reading the saved f_CNT register value
from the function #0 in the driver's init_chipset() method.
While at it, introduce 'chip_type' for holding the 'struct hpt_info' field
of the same name and replace the structure assignment with memcpy()...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Tue, 11 Sep 2007 20:28:34 +0000 (22:28 +0200)]
pdc202xx_new: fix PCI refcounting
The driver erroneously "lets go" the mate IDE chip in init_setup_pdc20270()
when ide_setup_pci_devices() call succeeds -- fix this, and drop a couple of
useless assignments in this function while at it...
Bart: keep "findev" variable initialization to silence gcc
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Tue, 11 Sep 2007 20:28:34 +0000 (22:28 +0200)]
ide: fix PCI refcounting
The IDE core never marked the PCI IDE devices as being in use after succesfull
driver probe call (the devices were marked in use only while being probed), and
so was susceptible to issues caused by unsolicited PCI hotplug device removal.
So, add pci_dev_get() call to ide_scan_pcidev() and convert this function to
the kernel style, also dropping a bunch of useless curly braces from its caller,
ide_scan_pcibus() and somewhat beautifying printk() call there, while at it...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Kumar Gala [Tue, 11 Sep 2007 20:28:33 +0000 (22:28 +0200)]
mpc8xx: Only build mpc8xx on arch/ppc
Currently the mpc8xx ide driver will only work on arch/ppc so only
allow it to be built there. Also, killed a minor include that isn't
actually used by the driver.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Copy_user_highpage was written assuming it was only being called for
breaking COW pages in which case the source page isn't cached as in
marked cachable under it kernel virtual address. If it is called anyway
the aliasing avoidance strategy implemented by kmap_coherent will fail.
Avoid the use of kmap_coherent for pages marked dirty and to avoid
another instance of this sort of bug, place a BUG_ON in kmap_coherent.
[MIPS] Provide empty irq_enable_hazard definition for legacy and R1 cores.
Following a strict interpretation the empty definition of irq_enable_hazard
has always been a bug - but an intentional one because it didn't bite.
This has now changed, for uniprocessor kernels mm/slab.c:do_drain()
Ralf Baechle [Tue, 28 Aug 2007 23:38:13 +0000 (00:38 +0100)]
[MIPS] BCM1480: Fix computation of interrupt mask address register.
CC arch/mips/sibyte/bcm1480/irq.o
arch/mips/sibyte/bcm1480/irq.c: In function 'bcm1480_mask_irq':
arch/mips/sibyte/bcm1480/irq.c:112: warning: cast to pointer from integer of different size
arch/mips/sibyte/bcm1480/irq.c:114: warning: cast to pointer from integer of different size
arch/mips/sibyte/bcm1480/irq.c: In function 'bcm1480_unmask_irq':
arch/mips/sibyte/bcm1480/irq.c:130: warning: cast to pointer from integer of different size
arch/mips/sibyte/bcm1480/irq.c:132: warning: cast to pointer from integer of different size
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6:
PCI: irq and pci_ids patch for Intel Tolapai
PCI: unhide SMBus on Compaq Deskpro EP 401963-001 motherboard
PCI: Remove __devinit from pcibios_get_irq_routing_table
PCI: remove devinit from pci_read_bridge_bases
PCI AER: fix warnings when PCIEAER=n
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: drivers/usb/serial/bus.c: Fix incompatible pointer type warning
USB: another quirky device (LCD display)
USB: fix serial gadget ACM breakage
USB: More USB_QUIRK_RESET_RESUME devices
USB Mass Storage: limit "Rockchip ROCK MP3" device (071b:3203) max I/O to 64 sectors per command
USB: Nikon D40 Quirks
USB: Add Sony Ericsson P1i to unusual_devs.h
USB: option: Add Dell HSDPA 5520 to driver
USB: option: Add a new device ID for the HUAWEI E220 HSDPA modem.
USB: fix linked list insertion bugfix for usb core
USB: quirky flash drive
USB: prevent Genesys USB-IDE from autosuspending
USB: prevent Thomson card reader from autosuspending
USB: Add iPhone device id to the quirk list.
USB: ftdi_sio: add of a new product/manufacturer, TML
usb/misc/sisusbvga: add product ID of TARGUS/MCT device
USB: oti6858: Remove broken ioctl code in -mm tree and also the broken fixes
Anti Sullin [Thu, 30 Aug 2007 14:15:16 +0000 (16:15 +0200)]
bug in AT91 MCI suspend routines
This patch fixes a bug in AT91 mmc host driver, that enables the wakeup
from suspend on card detection pin even if the card detect pin is not
available (==0). If not card detection pin is defined, IRQ0 == FIQ gets
enabled and if some activity is present on that pin, the system gets a
FIQ request, that causes a crash.
Signed-off-by: Anti Sullin <anti.sullin@artecdesign.ee> Signed-off-by: Nicolas Ferre <nicolas.ferre@rfo.atmel.com> Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
USB: drivers/usb/serial/bus.c: Fix incompatible pointer type warning
drivers/usb/serial/bus.c: In function usb_serial_bus_deregister:
drivers/usb/serial/bus.c:185:
warning: passing argument 1 of free_dynids from incompatible pointer type
Above build warning comes when CONFIG_HOTPLUG=n because argument of
free_dynids() in serial/bus.c is a struct usb_serial_driver, not a
struct usb_driver. This is not a runtime bug, because the function
is an empty stub and never dereferences the passed pointer anyway.
David Brownell [Sun, 26 Aug 2007 19:44:24 +0000 (12:44 -0700)]
USB: fix serial gadget ACM breakage
Two of the CDC ACM control requests in the serial gadget have never
been correct, and have been reported to cause serious troubles ... as
in, soft lockup and maybe watchdog reset (depending on hardware).
This patch makes those request fail cleanly, rather than misbehaving.
Someone using CDC ACM should fix them according to the FIXME comments
which now replace the previous bugs.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
I would like have the attached patch added to Linux kernel. The three
usb flash memories listed in the patch are being used in Intel's
ClassmatePC and need USB_QUIRK_RESET_RESUME to work reliably when
resuming from ram.
USB Mass Storage: limit "Rockchip ROCK MP3" device (071b:3203) max I/O to 64 sectors per command
The MP3/MP4/AVI player "Rockchip ROCK MP3" is seen as a USB disk, but fails
if more than 128 sectors (64kB) are sent or requested in a single read or write
command, and disconnects from the USB bus.
Typical kernel log showing the problem is:
usb 3-1: reset high speed USB device using ehci_hcd and address 6
usb 3-1: reset high speed USB device using ehci_hcd and address 6
sd 14:0:0:0: [sdb] Result: hostbyte=0x07 driverbyte=0x00
end_request: I/O error, dev sdb, sector 32
sd 14:0:0:0: [sdb] Result: hostbyte=0x07 driverbyte=0x00
end_request: I/O error, dev sdb, sector 32
usb 3-1: USB disconnect, address 6
This patch works around the device limitation by adding "Rockchip ROCK MP3"
to unusual USB devices list and limiting data transfers to 64 sectors (32kB)
per command.
Tested on 2.6.23-rc5 (amd64).
Alan Stern [Tue, 4 Sep 2007 14:12:44 +0000 (10:12 -0400)]
USB: prevent Genesys USB-IDE from autosuspending
This patch (as986) prevents the troublesome Genesys USB-IDE adapter
from autosuspending. It may not be necessary for all such devices,
but the one in Bugzilla #8892 sometimes fails to resume.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pierre Castella [Thu, 6 Sep 2007 20:34:39 +0000 (22:34 +0200)]
USB: ftdi_sio: add of a new product/manufacturer, TML
I have added to a new product based on the FTDI 232R USB/Serial
transceiver, which is commercialized by The Mobility Lab. Here is a
trivial patch enclosed, against 2.6.22.6 kernel.
Signed-off-by: Pierre Castella <pp.castella@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[INET_DIAG]: Fix oops in netlink_rcv_skb
[IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames
[NETFILTER]: Fix/improve deadlock condition on module removal netfilter
[NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages
[NET] DOC: Update networking/multiqueue.txt with correct information.
[IPV6]: Freeing alive inet6 address
[DECNET]: Fix interface address listing regression.
[IPV4] devinet: show all addresses assigned to interface
[NET]: Do not dereference iov if length is zero
[TG3]: Workaround MSI bug on 5714/5780.
[Bluetooth] Fix parameter list for event filter command
[Bluetooth] Update security filter for Bluetooth 2.1
[Bluetooth] Add compat handling for timestamp structure
[Bluetooth] Add missing stat.byte_rx counter modification
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] libiscsi: sync up iscsi and scsi eh's access to the connection
[SCSI] libiscsi: fix null ptr regression when aborting a command with data to transfer
[SCSI] qla2xxx: Update version number to 8.02.00-k3.
[SCSI] qla2xxx: Correct mailbox register dump for FWI2 capable ISPs.
[SCSI] qla2xxx: Correct 8GB iIDMA support.
[SCSI] qla2xxx: Correct management-server login-state synchronization issue.
[SCSI] qla2xxx: Don't modify parity bits during ISP25XX restart.
[SCSI] qla2xxx: Allocate enough space for the full PCI descriptor.
[SCSI] zfcp: fix the data buffer accessor patch
[SCSI] zfcp: allocate gid_pn_data objects from gid_pn_cache
[SCSI] zfcp: fix memory leak
Ralf Baechle [Thu, 23 Aug 2007 17:49:17 +0000 (18:49 +0100)]
PCI: remove devinit from pci_read_bridge_bases
On MIPS with PCI && !HOTPLUG, I'm currently getting the following modpost
warning:
MODPOST vmlinux.o
WARNING: vmlinux.o(.text+0x1ce128): Section mismatch: reference to .init.text:pci_read_bridge_bases (between 'pcibios_fixup_bus' and 'pcibios_enable_device')
On MIPS I have the call chains pci_scan_child_bus -> pcibios_fixup_bus ->
pci_read_bridge_bases. pci_scan_child_bus can't be __devinit because it
it is an exported symbol, thus pcibios_fixup_bus and pci_read_bridge_bases
can't be either.
For some reason I don't see this issue on x86; I blame compiler differences.
Randy Dunlap [Thu, 23 Aug 2007 17:37:53 +0000 (10:37 -0700)]
PCI AER: fix warnings when PCIEAER=n
Fix warnings when CONFIG_PCIEAER=n:
drivers/pci/pcie/portdrv_pci.c:105: warning: statement with no effect
drivers/pci/pcie/portdrv_pci.c:226: warning: statement with no effect
drivers/scsi/arcmsr/arcmsr_hba.c:352: warning: statement with no effect
Patrick McHardy [Tue, 11 Sep 2007 09:33:28 +0000 (11:33 +0200)]
[INET_DIAG]: Fix oops in netlink_rcv_skb
netlink_run_queue() doesn't handle multiple processes processing the
queue concurrently. Serialize queue processing in inet_diag to fix
a oops in netlink_rcv_skb caused by netlink_run_queue passing a
NULL for the skb.
[IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames
Some of skbs in sk->write_queue do not have skb->dst because
we do not fill skb->dst when we allocate new skb in append_data().
BTW, I think we may not need to (or we should not) increment some stats
when using corking; if 100 sendmsg() (with MSG_MORE) result in 2 packets,
how many should we increment?
If 100, we should set skb->dst for every queued skbs.
If 1 (or 2 (*)), we increment the stats for the first queued skb and
we should just skip incrementing OutDiscards for the rest of queued skbs,
adn we should also impelement this semantics in other places;
e.g., we should increment other stats just once, not 100 times.
*: depends on the place we are discarding the datagram.
I guess should just increment by 1 (or 2).
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Horman [Tue, 11 Sep 2007 09:28:26 +0000 (11:28 +0200)]
[NETFILTER]: Fix/improve deadlock condition on module removal netfilter
So I've had a deadlock reported to me. I've found that the sequence of
events goes like this:
1) process A (modprobe) runs to remove ip_tables.ko
2) process B (iptables-restore) runs and calls setsockopt on a netfilter socket,
increasing the ip_tables socket_ops use count
3) process A acquires a file lock on the file ip_tables.ko, calls remove_module
in the kernel, which in turn executes the ip_tables module cleanup routine,
which calls nf_unregister_sockopt
4) nf_unregister_sockopt, seeing that the use count is non-zero, puts the
calling process into uninterruptible sleep, expecting the process using the
socket option code to wake it up when it exits the kernel
4) the user of the socket option code (process B) in do_ipt_get_ctl, calls
ipt_find_table_lock, which in this case calls request_module to load
ip_tables_nat.ko
5) request_module forks a copy of modprobe (process C) to load the module and
blocks until modprobe exits.
6) Process C. forked by request_module process the dependencies of
ip_tables_nat.ko, of which ip_tables.ko is one.
7) Process C attempts to lock the request module and all its dependencies, it
blocks when it attempts to lock ip_tables.ko (which was previously locked in
step 3)
Theres not really any great permanent solution to this that I can see, but I've
developed a two part solution that corrects the problem
Part 1) Modifies the nf_sockopt registration code so that, instead of using a
use counter internal to the nf_sockopt_ops structure, we instead use a pointer
to the registering modules owner to do module reference counting when nf_sockopt
calls a modules set/get routine. This prevents the deadlock by preventing set 4
from happening.
Part 2) Enhances the modprobe utilty so that by default it preforms non-blocking
remove operations (the same way rmmod does), and add an option to explicity
request blocking operation. So if you select blocking operation in modprobe you
can still cause the above deadlock, but only if you explicity try (and since
root can do any old stupid thing it would like.... :) ).
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 11 Sep 2007 09:27:01 +0000 (11:27 +0200)]
[NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages
Since we're now using a generic tuple decoding function in ICMP
connection tracking, ipv4_get_l4proto() might get called with a
fragmented packet from within an ICMP error. Remove the error
message we used to print when this happens.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
addrconf_dad_failure calls addrconf_dad_stop which takes referenced address
and drops the count. So, in6_ifa_put perrformed at out: is extra. This
results in message: "Freeing alive inet6 address" and not released dst entries.
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Not all ips are shown by "ip addr show" command when IPs number assigned to an
interface is more than 60-80 (in fact it depends on broadcast/label etc
presence on each address).
Steps to reproduce:
It's terribly simple to reproduce:
# for i in $(seq 1 100); do ip ad add 10.0.$i.1/24 dev eth10 ; done
# ip addr show
this will _not_ show all IPs.
Looks like the problem is in netlink/ipv4 message processing.
This is fix from bug submitter, it looks correct.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 6 Sep 2007 13:06:35 +0000 (14:06 +0100)]
[NET]: Do not dereference iov if length is zero
When msg_iovlen is zero we shouldn't try to dereference
msg_iov. Right now the only thing that tries to do so
is skb_copy_and_csum_datagram_iovec. Since the total
length should also be zero if msg_iovlen is zero, it's
sufficient to check the total length there and simply
return if it's zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Thu, 6 Sep 2007 11:04:29 +0000 (12:04 +0100)]
[TG3]: Workaround MSI bug on 5714/5780.
A hardware bug was revealed after a recent PCI MSI patch was made to
always disable legacy INTX when enabling MSI. The 5714/5780 chips
will not generate MSI when INTX is disabled, causing MSI failure
messages to be reported, and another patch was made to workaround the
problem by disabling MSI on ServerWorks HT1000 bridge chips commonly
found with the 5714.
We workaround this chip bug by enabling INTX after we enable MSI and
after we resume from suspend.
Update version to 3.81.
This problem was discovered by David Miller.
Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Andy Gospodarek <andy@greyhouse.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata clear horkage on ata_dev_init()
[libata, IDE] add new VIA bridge to VIA PATA drivers
pata_it821x: fix lost interrupt with atapi devices
Fix broken pata_via cable detection
Jeff Dike [Mon, 10 Sep 2007 15:55:46 +0000 (11:55 -0400)]
UML: Fix ELF_CORE_COPY_REGS build botch
The earlier crash dump fix on x86_64 depended on patches in -mm which
are intended for post-2.6.23. Without those, it broke the build when
it went into 2.6.23-rc5.
This changes the field references in ELF_CORE_COPY_REGS back to those
still used in mainline.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Walker [Thu, 6 Sep 2007 14:59:54 +0000 (16:59 +0200)]
i386: fix a hang on stuck nmi watchdog
In the case when an nmi gets stucks the endflag stays equal to zero.
This causes the busy looping on other cpus to continue, even though the
nmi test is done.
On my machine with out the change below the system would hang right
after check_nmi_watchdog(). The change below just sets endflag prior to
checking if the test was successful or not.
The CLFLUSH for the modified code line in text_poke was supposed
to speed up CPU recovery. Unfortunately it seems to cause hangs
on some VIA C3s (at least on VIA Esther Model 10 Stepping 9)
Remove it.
Fix the NMI watchdog on Intel CoreDuo processor where the kernel would
get stuck during boot. The issue is related to errata AE49, where the
PERFEVTSEL1 counter does not have a working enable bit. Thus it is not
possible to use it for NMI.
The patch creates a dedicated wd_ops for CoreDuo which falls back to
using PERFEVTSEL0. The other Intel processors supporting the
architectural PMU will keep on using PERFEVTSEL1 as this allows other
subsystems, such as perfmon, to use PERFEVTSEL0 for PEBS monitoring in
particular. Bug initially reported by Daniel Walker.
Neil Brown [Wed, 5 Sep 2007 21:22:13 +0000 (17:22 -0400)]
knfsd: Validate filehandle type in fsid_source
fsid_source decided where to get the 'fsid' number to
return for a GETATTR based on the type of filehandle.
It can be from the device, from the fsid, or from the
UUID.
It is possible for the filehandle to be inconsistent
with the export information, so make sure the export information
actually has the info implied by the value returned by
fsid_source.
Signed-off-by: Neil Brown <neilb@suse.de> Cc: "Luiz Fernando N. Capitulino" <lcapitulino@gmail.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Neil Brown [Wed, 5 Sep 2007 21:22:12 +0000 (17:22 -0400)]
knfsd: Fixed problem with NFS exporting directories which are mounted on.
Recent changes in NFSd cause a directory which is mounted-on
to not appear properly when the filesystem containing it is exported.
*exp_get* now returns -ENOENT rather than NULL and when
commit 5d3dbbeaf56d0365ac6b5c0a0da0bd31cc4781e1
removed the NULL checks, it didn't add a check for -ENOENT.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Roland McGrath [Wed, 5 Sep 2007 10:05:56 +0000 (03:05 -0700)]
Fix spurious syscall tracing after PTRACE_DETACH + PTRACE_ATTACH
When PTRACE_SYSCALL was used and then PTRACE_DETACH is used, the
TIF_SYSCALL_TRACE flag is left set on the formerly-traced task. This
means that when a new tracer comes along and does PTRACE_ATTACH, it's
possible he gets a syscall tracing stop even though he's never used
PTRACE_SYSCALL. This happens if the task was in the middle of a system
call when the second PTRACE_ATTACH was done. The symptom is an
unexpected SIGTRAP when the tracer thinks that only SIGSTOP should have
been provoked by his ptrace calls so far.
A few machines already fixed this in ptrace_disable (i386, ia64, m68k).
But all other machines do not, and still have this bug. On x86_64, this
constitutes a regression in IA32 compatibility support.
Since all machines now use TIF_SYSCALL_TRACE for this, I put the
clearing of TIF_SYSCALL_TRACE in the generic ptrace_detach code rather
than adding it to every other machine's ptrace_disable.
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>