ACPICA: hw: remove use_lock flag from acpi_hw_register_{read, write}
use_lock flag is used once for acpi_hw_register_read, and never for
acpi_hw_register_write. It will greatly simplify understanding of
locking if we just drop this use_lock altogether, and wrap the only call
to ..._read in lock/unlock.
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
Linus Torvalds [Tue, 9 Oct 2007 19:38:44 +0000 (12:38 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Au1000: set the PCI controller IO base
[MIPS] Alchemy: Fix USB initialization.
[MIPS] IP32: Fix fatal typo in address computation.
Trond Myklebust [Tue, 9 Oct 2007 15:04:57 +0000 (11:04 -0400)]
NLM: Fix a memory leak in nlmsvc_testlock
The recent fix for a circular lock dependency unfortunately introduced a
potential memory leak in the event where the call to nlmsvc_lookup_host
fails for some reason.
Jeff Garzik [Tue, 9 Oct 2007 17:51:57 +0000 (13:51 -0400)]
sata_mv: correct S/G table limits
The recent mv_fill_sg() rewrite, to fix a data corruption problem
related to IOMMU virtual merging, forgot to account for the
potentially-increased size of the scatter/gather table after its run.
Additionally, the DMA boundary is reduced from 0xffffffff to 0xffff
to more closely match the needs of mv_fill_sg().
Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch fixes a wrong ifdef in the board setup code, leading to the GPIO
pin not being pulled high, and thus the USB switch not being powered at all.
This finishes the rename of CONFIG_USB_OHCI to CONFIG_USB_OHCI_HCD, which
started in 2005 (before 2.6.12-rc2), then probably because things were
working anyway for most people got forgotten.
[Ralf: Paolo's original patch didn't fix the module case, Florian's patch
only fixed MTX1 etc. so this is a combined patch plus some cleanups.]
Cc: Giuseppe Patanè <giuseppe.patane@tvblob.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John Crispin <blogic@openwrt.org> Signed-off-by: Florian Fainelli <florian.fainelli@telecomint.eu> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Correct Makefile rule for generating custom keymap
When building a custom keymap, after setting GENERATE_KEYMAP := 1 in
drivers/char/Makefile, the kernel build fails like this:
CC drivers/char/vt.o
make[2]: *** No rule to make target `drivers/char/%.map', needed by `drivers/char/defkeymap.c'. Stop.
make[1]: *** [drivers/char] Error 2
make: *** [drivers] Error 2
This was caused by commit af8b128719f5248e542036ea994610a29d0642a6, which
deleted a necessary colon from the Makefile rule that generates the keymap,
since that rule contains both a target and a target-pattern. The following
patch puts the colon back:
Yan Zheng [Mon, 8 Oct 2007 19:16:20 +0000 (12:16 -0700)]
AIO: fix cleanup in io_submit_one(...)
When IOCB_FLAG_RESFD flag is set and iocb->aio_resfd is incorrect,
statement 'goto out_put_req' is executed. At label 'out_put_req',
aio_put_req(..) is called, which requires 'req->ki_filp' set.
Signed-off-by: Yan Zheng<yanzheng@21cn.com> Cc: Zach Brown <zach.brown@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yan Zheng [Mon, 8 Oct 2007 17:08:37 +0000 (10:08 -0700)]
fix page release issue in filemap_fault
find_lock_page increases page's usage count, we should decrease it
before return VM_FAULT_SIGBUS
Signed-off-by: Yan Zheng<yanzheng@21cn.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Zijlstra [Mon, 8 Oct 2007 16:54:37 +0000 (18:54 +0200)]
mm: set_page_dirty_balance() vs ->page_mkwrite()
All the current page_mkwrite() implementations also set the page dirty. Which
results in the set_page_dirty_balance() call to _not_ call balance, because the
page is already found dirty.
This allows us to dirty a _lot_ of pages without ever hitting
balance_dirty_pages(). Not good (tm).
Force a balance call if ->page_mkwrite() was successful.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Brian Haley [Mon, 8 Oct 2007 07:12:05 +0000 (00:12 -0700)]
[IPv6]: Fix ICMPv6 redirect handling with target multicast address
When the ICMPv6 Target address is multicast, Linux processes the
redirect instead of dropping it. The problem is in this code in
ndisc_redirect_rcv():
if (ipv6_addr_equal(dest, target)) {
on_link = 1;
} else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
ND_PRINTK2(KERN_WARNING
"ICMPv6 Redirect: target address is not
link-local.\n");
return;
}
This second check will succeed if the Target address is, for example,
FF02::1 because it has link-local scope. Instead, it should be checking
if it's a unicast link-local address, as stated in RFC 2461/4861 Section
8.1:
- The ICMP Target Address is either a link-local address (when
redirected to a router) or the same as the ICMP Destination
Address (when redirected to the on-link destination).
I know this doesn't explicitly say unicast link-local address, but it's
implied.
This bug is preventing Linux kernels from achieving IPv6 Logo Phase II
certification because of a recent error that was found in the TAHI test
suite - Neighbor Disovery suite test 206 (v6LC.2.3.6_G) had the
multicast address in the Destination field instead of Target field, so
we were passing the test. This won't be the case anymore.
The patch below fixes this problem, and also fixes ndisc_send_redirect()
to not send an invalid redirect with a multicast address in the Target
field. I re-ran the TAHI Neighbor Discovery section to make sure Linux
passes all 245 tests now.
Signed-off-by: Brian Haley <brian.haley@hp.com> Acked-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Alexey Dobriyan [Mon, 8 Oct 2007 06:44:17 +0000 (23:44 -0700)]
[ROSE]: Fix rose.ko oops on unload
Commit a3d384029aa304f8f3f5355d35f0ae274454f7cd aka
"[AX.25]: Fix unchecked rose_add_loopback_neigh uses"
transformed rose_loopback_neigh var into statically allocated one.
However, on unload it will be kfree's which can't work.
Ilpo Järvinen [Mon, 8 Oct 2007 06:43:10 +0000 (23:43 -0700)]
[TCP]: Fix fastpath_cnt_hint when GSO skb is partially ACKed
When only GSO skb was partially ACKed, no hints are reset,
therefore fastpath_cnt_hint must be tweaked too or else it can
corrupt fackets_out. The corruption to occur, one must have
non-trivial ACK/SACK sequence, so this bug is not very often
that harmful. There's a fackets_out state reset in TCP because
fackets_out is known to be inaccurate and that fixes the issue
eventually anyway.
In case there was also at least one skb that got fully ACKed,
the fastpath_skb_hint is set to NULL which causes a recount for
fastpath_cnt_hint (the old value won't be accessed anymore),
thus it can safely be decremented without additional checking.
Reported by Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Torokhov [Sun, 7 Oct 2007 16:22:21 +0000 (12:22 -0400)]
Driver core: fix SYSF_DEPRECATED breakage for nested classdevs
We should only reparent to a class former class devices that
form the base of class hierarchy. Nested devices should still
grow from their real parents.
Al Viro [Sun, 7 Oct 2007 07:24:36 +0000 (00:24 -0700)]
fix bogus reporting of signals by audit
Async signals should not be reported as sent by current in audit log. As
it is, we call audit_signal_info() too early in check_kill_permission().
Note that check_kill_permission() has that test already - it needs to know
if it should apply current-based permission checks. So the solution is to
move the call of audit_signal_info() between those.
Bogosity in question is easily reproduced - add a rule watching for e.g.
kill(2) from specific process (so that audit_signal_info() would not
short-circuit to nothing), say load_policy, watch the bogus OBJ_PID entry
in audit logs claiming that write(2) on selinuxfs file issued by
load_policy(8) had somehow managed to send a signal to syslogd...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Steve Grubb <sgrubb@redhat.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rafal Bilski [Sun, 7 Oct 2007 07:24:32 +0000 (00:24 -0700)]
Longhaul: add auto enabled "revid_errata" option
VIA C3 Ezra-T has RevisionID equal to 1, but it needs RevisionKey to be 0
or CPU will ignore new frequency and will continue to work at old
frequency. New "revid_errata" option will force RevisionKey to be set to
0, whatever RevisionID is.
Additionaly "Longhaul" will not silently ignore unsuccessful transition.
It will try to check if "revid_errata" or "disable_acpi_c3" options need to
be enabled for this processor/system.
Same for Longhaul ver. 2 support. It will be disabled if none of above
options will work.
Best case scenario (with patch apllied and v2 enabled):
longhaul: VIA C3 'Ezra' [C5C] CPU detected. Longhaul v2 supported.
longhaul: Using northbridge support.
longhaul: VRM 8.5
longhaul: Max VID=1.350 Min VID=1.050, 13 possible voltage scales
longhaul: f: 300000 kHz, index: 0, vid: 1050 mV
[...]
longhaul: Voltage scaling enabled.
Worst case scenario:
longhaul: VIA C3 'Ezra-T' [C5M] CPU detected. Powersaver supported.
longhaul: Using northbridge support.
longhaul: Using ACPI support.
longhaul: VRM 8.5
longhaul: Claims to support voltage scaling but min & max are both 1.250. Voltage scaling disabled
longhaul: Failed to set requested frequency!
longhaul: Enabling "Ignore Revision ID" option.
longhaul: Failed to set requested frequency!
longhaul: Disabling ACPI C3 support.
longhaul: Disabling "Ignore Revision ID" option.
longhaul: Failed to set requested frequency!
longhaul: Enabling "Ignore Revision ID" option.
[akpm@linux-foundation.org: coding-style cleanups] Signed-off-by: Rafal Bilski <rafalbilski@interia.pl> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Anton Blanchard [Sun, 7 Oct 2007 07:24:31 +0000 (00:24 -0700)]
Fix timer_stats printout of events/sec
When using /proc/timer_stats on ppc64 I noticed the events/sec field wasnt
accurate. Sometimes the integer part was incorrect due to rounding (we
werent taking the fractional seconds into consideration).
The fraction part is also wrong, we need to pad the printf statement and
take the bottom three digits of 1000 times the value.
Signed-off-by: Anton Blanchard <anton@samba.org> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 7 Oct 2007 23:17:38 +0000 (16:17 -0700)]
Don't do load-average calculations at even 5-second intervals
It turns out that there are a few other five-second timers in the
kernel, and if the timers get in sync, the load-average can get
artificially inflated by events that just happen to coincide.
So just offset the load average calculation it by a timer tick.
Noticed by Anders Boström, for whom the coincidence started triggering
on one of his machines with the JBD jiffies rounding code (JBD is one of
the subsystems that also end up using a 5-second timer by default).
Tested-by: Anders Boström <anders@bostrom.dyndns.org> Cc: Chuck Ebbert <cebbert@redhat.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 7 Oct 2007 23:02:55 +0000 (16:02 -0700)]
VT_WAITACTIVE: Avoid returning EINTR when not necessary
We should generally prefer to return ERESTARTNOHAND rather than EINTR,
so that processes with unhandled signals that get ignored don't return
EINTR.
This can help with X startup issues:
Fatal server error:
xf86OpenConsole: VT_WAITACTIVE failed: Interrupted system call
although the real fix is having the X server always retry EINTR
regardless (since EINTR does happen for signals that have handlers
installed). Keithp has a patch for that.
Regardless, ERESTARTNOHAND is the correct thing to use.
Fix non-terminated PCI match table in PowerMac IDE
The PCI device table in the powermac IDE driver isn't properly
terminated. Depending on how your kernel is linked and other random
factors, you can end up with this driver matched against any other PCI
device in your system, possibly crashing at boot.
Thanks to Heikki for tracking this down with me, the bug have been there
for some time, though it rarely hurts due to luck. In this case, the
switch from .22 to .23-rc9 is causing it to show up due to differences
in the resulting layout of .data I suppose.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <pmac@au1.ibm.com> Cc: Bartlomiej Zolnierkiewicz <B.Zolnierkiewicz@elka.pw.edu.pl> Cc: Heikki Lindholm <holindho@cs.helsinki.fi> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When pinning and unpinning pagetables, we must protect them against
being used by other CPUs, lest they see the pagetable in an
intermediate read-only-but-not-pinned state.
When using split pte locks, doing this properly would require taking
all the pte locks for the pagetable while pinning, but this may overflow
the PREEMPT_BITS part of the preempt counter if the process has mapped
more than about 512M of memory.
However, failing to take the pte locks causes write-protect faults when
the pageout code is trying to clear the Access bit on a pte which is part
of a freshy created and still being pinned process after fork.
This is a short-term fix until the problem is solved properly.
Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com> Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Hugh Dickins <hugh@veritas.com> Cc: David Rientjes <rientjes@google.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andi Kleen <ak@suse.de> Cc: Keir Fraser <keir@xensource.com> Cc: Jan Beulich <jbeulich@novell.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 5 Oct 2007 21:09:10 +0000 (14:09 -0700)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 4598/2: OSIRIS: Ensure we do not get nRSTOUT during suspend
[ARM] 4597/2: OSIRIS: ensure CPLD0 is preserved after suspend
Ben Dooks [Thu, 4 Oct 2007 22:16:42 +0000 (23:16 +0100)]
[ARM] 4597/2: OSIRIS: ensure CPLD0 is preserved after suspend
Ensure that CPLD is restored to the original state
on resume, and that before going into suspend we
select the NAND bank we booted from for restarting.
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The 8169/8110SC currently announces itself as:
[...]
eth0: RTL8169sc/8110sc at 0x........, ..:..:..:..:..:.., XID 18000000 IRQ ..
^^^^^^^^
It uses RTL_GIGA_MAC_VER_05 and this part of the changeset can cut
its performance by a factor of 2~2.5 as reported by Timo.
(the driver includes code just before the hunk to write the ChipCmd
register when mac_version == RTL_GIGA_MAC_VER_0[1-4])
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Cc: Timo Jantunen <jeti@welho.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Linus Torvalds [Fri, 5 Oct 2007 15:08:08 +0000 (08:08 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix 'niu' complex IRQ probing.
[SPARC64]: check fork_idle() error
[SPARC64]: Temporary workaround for PCI-E slot on T1000.
[SPARC64]: VIO device addition log message level is too high.
[SPARC64]: Fix domain-services port probing.
[SPARC64]: Don't use in/local regs for ldx/stx data in N1 memcpy.
Serge Belyshev [Thu, 4 Oct 2007 21:10:04 +0000 (23:10 +0200)]
Remove unnecessary cast in prefetch()
It is ok to call prefetch() function with NULL argument, as specifically
commented in include/linux/prefetch.h. But in standard C, it is invalid
to dereference NULL pointer (see C99 standard 6.5.3.2 paragraph 4 and
note #84).
prefetch() has a memory reference for its argument.
Newer gcc versions (4.3 and above) will use that to conclude that "x"
argument is non-null and thus wreaking havok everywhere prefetch() was
inlined.
Fixed by removing cast and changing asm constraint.
[ It seems in theory gcc 4.2 could miscompile this too; although no
cases known. In 2.6.24 we should probably switch to
__builtin_prefetch() instead, but this is a simpler fix for now.
-- AK ]
Giuseppe Sacco [Thu, 4 Oct 2007 21:09:12 +0000 (23:09 +0200)]
[MIPS] IP32: Enable PCI bridges
Fixe MACE PCI addressing by adding the bus number parameter.
Remove check of the used slot since every slot should be valid.
Converted mkaddr from #define to inline function.
Signed-off-by: Giuseppe Sacco <eppesuig@debian.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Hugh Dickins [Thu, 4 Oct 2007 15:56:06 +0000 (16:56 +0100)]
Fix sys_remap_file_pages BUG at highmem.c:15!
Gurudas Pai reports kernel BUG at arch/i386/mm/highmem.c:15! below
sys_remap_file_pages, while running Oracle database test on x86 in 6GB
RAM: kunmap thinks we're in_interrupt because the preempt count has
wrapped.
That's because __do_fault expected to unmap page_table, but one of its
two callers do_nonlinear_fault already unmapped it: let do_linear_fault
unmap it first too, and then there's no need to pass the page_table arg
down.
Why have we been so slow to notice this? Probably through forgetting
that the mapping_cap_account_dirty test means that sys_remap_file_pages
nowadays only goes the full nonlinear vma route on a few memory-backed
filesystems like ramfs, tmpfs and hugetlbfs.
[ It also depends on CONFIG_HIGHPTE, so it becomes even harder to
trigger in practice. Many who have need of large memory have probably
migrated to x86-64..
FUJITA Tomonori [Wed, 3 Oct 2007 00:00:58 +0000 (09:00 +0900)]
[SCSI] megaraid_old: fix READ_CAPACITY
The bulk transfer mode got eleminated by 3f6270ef76f2ce5c134615a470685d6c2a66c07e. Unfortunately, this mode is
required for READ_CAPACITY commands on certain cards, so put it back
again. This fixes a boot failure regression reported by Burton
Windle.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
David S. Miller [Thu, 4 Oct 2007 04:37:57 +0000 (21:37 -0700)]
[SPARC64]: Temporary workaround for PCI-E slot on T1000.
The PCI-E slot on T1000 connects directly to the Fire PCI chip with no
intervening bridges visible in the OBP tree.
Unfortunately the bus numbering of the device in that slot is
different (2) from the PCI host controller (0), and thus the
pci_bus_{read,write}_config_*() calls don't work out.
Complicating things further the Fire PCI controller has no config
space it responds to either.
For now treat this case specially so that devices in the slot work.
Longer term we need to perhaps cons up a dummy bridge between the Fire
and the PCI-E slot so that the bus hierarchy is complete inside of the
kernel and thus the bus numbering all works out right.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 3 Oct 2007 22:43:17 +0000 (15:43 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Terminally fix local_{dec,sub}_if_positive
[MIPS] Type proof reimplementation of cmpxchg.
[MIPS] pg-r4k.c: Fix a typo in an R4600 v2 erratum workaround
Linus Torvalds [Wed, 3 Oct 2007 22:34:07 +0000 (15:34 -0700)]
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/cooloney/blackfin-2.6
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/cooloney/blackfin-2.6:
Blackfin arch: fix PORT_J BUG for BF537/6 EMAC driver reported by Kalle Pokki <kalle.pokki@iki.fi>
Blackfin arch: gpio pinmux and resource allocation API required by BF537 on chip ethernet mac driver
Blackfin arch: add some missing syscall
binfmt_flat: checkpatch fixing minimum support for the blackfin relocations
Binfmt_flat: Add minimum support for the Blackfin relocations
Olof Johansson [Wed, 3 Oct 2007 01:45:27 +0000 (20:45 -0500)]
libata: fix for sata_mv >64KB DMA segments
Fix bug in sata_mv for cases where the IOMMU layer has merged SG entries
to larger than 64KB. They need to be split up before being sent to
the driver.
Just for simplicity's sake, split up at 64K boundary instead of 64K size,
since that's what the common code does anyway.
Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Remove unneeded check that caused problems with jumbo frame sizes.
The check was recently added and is wrong.
When using jumbo frames the sky2 driver does fragmentation, so
rx_data_size is less than mtu.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ralf Baechle [Wed, 3 Oct 2007 13:29:19 +0000 (14:29 +0100)]
[MIPS] Terminally fix local_{dec,sub}_if_positive
They contain 64-bit instructions so wouldn't work on 32-bit kernels or
32-bit hardware. Since there are no users, blow them away. They
probably were only ever created because there are atomic_sub_if_positive
and atomic_dec_if_positive which exist only for sake of semaphores.
CC net/ieee80211/softmac/ieee80211softmac_wx.o
/home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c: In function â\80\98ieee80211softmac_wx_set_essidâ\80\99:
/home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c:117: warning: label â\80\98outâ\80\99 defined but not used
David S. Miller [Tue, 2 Oct 2007 23:17:17 +0000 (16:17 -0700)]
[SPARC64]: Don't use in/local regs for ldx/stx data in N1 memcpy.
It doesn't matter for use in 64-bit objects, but when used in
32-bit environments the top 32-bits of the local and in
registers will get chopped off on the next register window
spill/restore which leads to difficult to track down and
subtle bugs.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 2 Oct 2007 17:35:28 +0000 (10:35 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix missing load-twin usage in Niagara-1 memcpy.
[SPARC64]: Fix put_user() calls in binfmt_aout32.c
[SPARC]: Fix EBUS use of uninitialized variable.
Linus Torvalds [Tue, 2 Oct 2007 17:34:49 +0000 (10:34 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IEEE80211]: avoid integer underflow for runt rx frames
[TCP]: secure_tcp_sequence_number() should not use a too fast clock
[SFQ]: Remove artificial limitation for queue limit.
Dale Farnsworth [Mon, 1 Oct 2007 23:02:18 +0000 (16:02 -0700)]
mv643xx_eth: Do not modify struct netdev tx_queue_len
This driver erroneously zeros dev->tx_queue_len, since
mp->tx_ring_size has not yet been initialized. Actually,
the driver shouldn't modify tx_queue_len at all and should
leave the value set by alloc_etherdev(), currently 1000.
Signed-off-by: Dale Farnsworth <dale@farnsworth.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
David S. Miller [Tue, 2 Oct 2007 08:03:09 +0000 (01:03 -0700)]
[SPARC64]: Fix missing load-twin usage in Niagara-1 memcpy.
For the case where the source is not aligned modulo 8
we don't use load-twins to suck the data in and this
kills performance since normal loads allocate in the
L1 cache (unlike load-twin) and thus big memcpys swipe
the entire L1 D-cache.
We need to allocate a register window to implement this
properly, but that actually simplifies a lot of things
as a nice side-effect.
Signed-off-by: David S. Miller <davem@davemloft.net>
[IEEE80211]: avoid integer underflow for runt rx frames
Reported by Chris Evans <scarybeasts@gmail.com>:
> The summary is that an evil 80211 frame can crash out a victim's
> machine. It only applies to drivers using the 80211 wireless code, and
> only then to certain drivers (and even then depends on a card's
> firmware not dropping a dubious packet). I must confess I'm not
> keeping track of Linux wireless support, and the different protocol
> stacks etc.
>
> Details are as follows:
>
> ieee80211_rx() does not explicitly check that "skb->len >= hdrlen".
> There are other skb->len checks, but not enough to prevent a subtle
> off-by-two error if the frame has the IEEE80211_STYPE_QOS_DATA flag
> set.
>
> This leads to integer underflow and crash here:
>
> if (frag != 0)
> flen -= hdrlen;
>
> (flen is subsequently used as a memcpy length parameter).
How about this?
Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 1 Oct 2007 20:58:36 +0000 (13:58 -0700)]
[TCP]: secure_tcp_sequence_number() should not use a too fast clock
TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock.
In order to follow network speed increase, we can use a faster clock, but
we should limit this clock so that the delay between two rollovers is
greater than MSL (TCP Maximum Segment Lifetime : 2 minutes)
Choosing a 64 nsec clock should be OK, since the rollovers occur every
274 seconds.
[SFQ]: Remove artificial limitation for queue limit.
This is followup to Patrick's patch. A little optimization to enqueue
routine allows to remove artificial limitation on queue length.
Plus, testing showed that hash function used by SFQ is too bad or even worse.
It does not even sweep the whole range of hash values.
Switched to Jenkins' hash.
Signed-off-by: Alexey Kuznetsov <kaber@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Andi Kleen [Mon, 1 Oct 2007 08:20:08 +0000 (01:20 -0700)]
x86_64: increase VDSO_TEXT_OFFSET for ancient binutils
For some reason old binutils genertate larger headers so increase the text
offset of the vdso to avoid linker errors.
Roland McGrath explains:
"There are extra symbols in the '.dynsym' section that are responsible
for the size difference (They also cause corresponding inflation in
'.gnu.version')
Older ld's wrongly generated these unneeded symbols in .dynsym. This
was fixed not all that long ago (2006); binutils-2.17.50.0.6 might be
the first fixed version, but I have not verified for sure where the
cutoff was.
The unneeded symbols et al from old ld add almost 700 bytes excess.
This limits fairly tightly the amount by which the actual text and
data in the vDSO can grow in the future without pushing the whole
file over 4kb. If it does grow later on, we should consider changing
the layout with a config option or something to pack it better
without that padding, when building the kernel with newer binutils."
Signed-off-by: Andi Kleen <ak@suse.de> Cc: Roland McGrath <roland@redhat.com> Cc: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In a desperate attempt to get a changelog entry in 2.6.23, I took a look
into it.
It turns out we are passing a real and not a virtual irq into
get_irq_server. This works for the case where hwirq < NR_IRQS and we
set virq = hwirq. In my case however hwirq = 590082 and we try and
access irq_desc[590082], slightly past the end at 512 entries.
Lucky we ship lots of memory with our machines.
Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Linus Torvalds [Mon, 1 Oct 2007 20:17:28 +0000 (13:17 -0700)]
Fix possible splice() mmap_sem deadlock
Nick Piggin points out that splice isn't being good about the mmap
semaphore: while two readers can nest inside each others, it does leave
a possible deadlock if a writer (ie a new mmap()) comes in during that
nesting.
Original "just move the locking" patch by Nick, replaced by one by me
based on an optimistic pagefault_disable(). And then Jens tested and
updated that patch.
Reported-by: Nick Piggin <npiggin@suse.de> Tested-by: Jens Axboe <jens.axboe@oracle.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Lachlan McIlroy says:
It tried to fix an issue where log replay is replaying an inode cluster
initialisation transaction that should not be replayed because the inode
cluster on disk is more up to date. Since we don't log file sizes (we
rely on inode flushing to get them to disk) then we can't just replay
all the transations in the log and expect the inode to be completely
restored. We lose file size updates. Unfortunately this fix is causing
more (serious) problems than it is fixing.
Calling handle_futex_death in exit_robust_list for the different robust
mutexes of a thread basically frees the mutex. Another thread might grab
the lock immediately which updates the next pointer of the mutex.
fetch_robust_entry over the next pointer might therefore branch into the
robust mutex list of a different thread. This can cause two problems: 1)
some mutexes held by the dead thread are not getting freed and 2) some
mutexs held by a different thread are freed.
The next point need to be read before calling handle_futex_death.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Acked-by: Ingo Molnar <mingo@elte.hu> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samuel Ortiz [Mon, 1 Oct 2007 08:20:12 +0000 (01:20 -0700)]
VT ioctl race fix
When calling the RELDISP VT ioctl, we are reading vt_newvt while the
console workqueue could be messing with it (through change_console()). We
fix this race by taking the console semaphore before reading vt_newvt.
Signed-off-by: Samuel Ortiz <sameo@openedhand.com> Acked-by: Antonino Daplas <adaplas@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mark Lord [Mon, 1 Oct 2007 08:20:10 +0000 (01:20 -0700)]
Fix SMP poweroff hangs
We need to disable all CPUs other than the boot CPU (usually 0) before
attempting to power-off modern SMP machines. This fixes the
hang-on-poweroff issue on my MythTV SMP box, and also on Thomas Gleixner's
new toybox.
Signed-off-by: Mark Lord <mlord@pobox.com> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ralf Baechle [Mon, 1 Oct 2007 08:20:10 +0000 (01:20 -0700)]
hugetlb: fix clear_user_highpage arguments
The virtual address space argument of clear_user_highpage is supposed to be
the virtual address where the page being cleared will eventually be mapped.
This allows architectures with virtually indexed caches a few clever
tricks. That sort of trick falls over in painful ways if the virtual
address argument is wrong.