Anand Gadiyar [Mon, 1 Oct 2007 17:41:36 +0000 (10:41 -0700)]
ARM: OMAP: DMA fix bug in omap_get_dma_dst_pos
omap_get_dma_dst_pos() should return the current destination address.
The CDSA register contains the destination start address.
CDAC register should be used instead.
Signed-off-by: Anand Gadiyar <gadiyar@ti.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
Lachlan McIlroy says:
It tried to fix an issue where log replay is replaying an inode cluster
initialisation transaction that should not be replayed because the inode
cluster on disk is more up to date. Since we don't log file sizes (we
rely on inode flushing to get them to disk) then we can't just replay
all the transations in the log and expect the inode to be completely
restored. We lose file size updates. Unfortunately this fix is causing
more (serious) problems than it is fixing.
Calling handle_futex_death in exit_robust_list for the different robust
mutexes of a thread basically frees the mutex. Another thread might grab
the lock immediately which updates the next pointer of the mutex.
fetch_robust_entry over the next pointer might therefore branch into the
robust mutex list of a different thread. This can cause two problems: 1)
some mutexes held by the dead thread are not getting freed and 2) some
mutexs held by a different thread are freed.
The next point need to be read before calling handle_futex_death.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Acked-by: Ingo Molnar <mingo@elte.hu> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samuel Ortiz [Mon, 1 Oct 2007 08:20:12 +0000 (01:20 -0700)]
VT ioctl race fix
When calling the RELDISP VT ioctl, we are reading vt_newvt while the
console workqueue could be messing with it (through change_console()). We
fix this race by taking the console semaphore before reading vt_newvt.
Signed-off-by: Samuel Ortiz <sameo@openedhand.com> Acked-by: Antonino Daplas <adaplas@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mark Lord [Mon, 1 Oct 2007 08:20:10 +0000 (01:20 -0700)]
Fix SMP poweroff hangs
We need to disable all CPUs other than the boot CPU (usually 0) before
attempting to power-off modern SMP machines. This fixes the
hang-on-poweroff issue on my MythTV SMP box, and also on Thomas Gleixner's
new toybox.
Signed-off-by: Mark Lord <mlord@pobox.com> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ralf Baechle [Mon, 1 Oct 2007 08:20:10 +0000 (01:20 -0700)]
hugetlb: fix clear_user_highpage arguments
The virtual address space argument of clear_user_highpage is supposed to be
the virtual address where the page being cleared will eventually be mapped.
This allows architectures with virtually indexed caches a few clever
tricks. That sort of trick falls over in painful ways if the virtual
address argument is wrong.
Dave Jones [Mon, 1 Oct 2007 08:20:09 +0000 (01:20 -0700)]
Add /dev/oldmem to devices.txt documentation
Signed-off-by: Dave Jones <davej@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: <device@lanana.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ian Armstrong [Sat, 18 Aug 2007 18:58:51 +0000 (15:58 -0300)]
V4L/DVB (6052): ivtv: fix udma yuv bug
Using udma yuv causes the driver becomes locked into that mode. This prevents
use of the mpeg decoder & non-udma yuv output. This patch clears the
operating mode when the device is closed.
Signed-off-by: Ian Armstrong <ian@iarmst.demon.co.uk> Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Jan Lübbe [Sat, 29 Sep 2007 16:47:51 +0000 (18:47 +0200)]
fix console change race exposed by CFS
The new behaviour of CFS exposes a race which occurs if a switch is
requested when vt_mode.mode is VT_PROCESS.
The process with vc->vt_pid is signaled before vc->vt_newvt is set.
This causes the switch to fail when triggered by the monitoing process
because the target is still -1.
[ If the signal sending fails, the subsequent "reset_vc(vc)" will then
reset vt_newvt to -1, so this works for that case too. - Linus ]
Signed-off-by: Jan Lübbe <jluebbe@lasnet.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Piggin [Sat, 29 Sep 2007 13:28:48 +0000 (15:28 +0200)]
i386: remove bogus comment about memory barrier
The comment being removed by this patch is incorrect and misleading.
In the following situation:
1. load ...
2. store 1 -> X
3. wmb
4. rmb
5. load a <- Y
6. store ...
4 will only ensure ordering of 1 with 5.
3 will only ensure ordering of 2 with 6.
Further, a CPU with strictly in-order stores will still only provide that
2 and 6 are ordered (effectively, it is the same as a weakly ordered CPU
with wmb after every store).
In all cases, 5 may still be executed before 2 is visible to other CPUs!
The additional piece of the puzzle that mb() provides is the store/load
ordering, which fundamentally cannot be achieved with any combination of
rmb()s and wmb()s.
This can be an unexpected result if one expected any sort of global ordering
guarantee to barriers (eg. that the barriers themselves are sequentially
consistent with other types of barriers). However sfence or lfence barriers
need only provide an ordering partial ordering of memory operations -- Consider
that wmb may be implemented as nothing more than inserting a special barrier
entry in the store queue, or, in the case of x86, it can be a noop as the store
queue is in order. And an rmb may be implemented as a directive to prevent
subsequent loads only so long as their are no previous outstanding loads (while
there could be stores still in store queues).
I can actually see the occasional load/store being reordered around lfence on
my core2. That doesn't prove my above assertions, but it does show the comment
is wrong (unless my program is -- can send it out by request).
So:
mb() and smp_mb() always have and always will require a full mfence
or lock prefixed instruction on x86. And we should remove this comment.
Signed-off-by: Nick Piggin <npiggin@suse.de> Cc: Paul McKenney <paulmck@us.ibm.com> Cc: David Howells <dhowells@redhat.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 468d09f8946d40228c56de26fe4874b2f98067ed masked the "state"
interrupt (bit 20 of the cause register). This results in Radstone's
PPC7D repeatedly re-entering the interrupt routine, locking up the
board. The following patch returns the required handling for this
interrupt.
Linas reported me that some machines were crashing at boot in
quirk_e100_interrupt. It appears that this quirk is doing an ioremap
directly on a PCI BAR value, which isn't legal and will cause all sorts
of bad things to happen on architectures where PCI BARs don't directly
match processor bus addresses.
This fixes it by using the proper PCI resources instead which is possible
since the quirk has been moved by a previous commit to happen late enough
for that.
Define the clock tree, and add basic supporting clock code, for the
OMAP34xx chips. The definitions and code go into two new files,
clock34xx.[ch].
The 34xx clock tree and code is written to reuse as much of the
existing OMAP clock infrastructure as is reasonable, and to introduce
the minimum amount possible of special-case code. One notable
addition is the expansion of the dpll_params structure to include the
additional DPLL control registers used on OMAP34XX; most of these
extra registers are used in subsequent patches.
The patches seek to follow the TRM closely. One implication of this
is that several intermediary clocks are defined that are not
software-controllable, and could normally be removed. Some examples
include omap_96m_fck, core_l3_ick, corex2_fck. I included these
clocks for several reasons. Any further changes in pre-production
OMAP34xx silicon revisions may cause one of these clocks to become
software-controllable; the extra clocks make it easier to double-check
this patch against the TRM, if anyone wishes to do so; and ultimately,
it is easier to remove these clocks than to add them back in. I
anticipate that we will remove these intermediary clocks once the 3430
silicon and clock definitions mature.
There are some notable divergences between the TRM and the patch.
They include:
* Clock suffixes end in "ck" rather than "clk"; this follows OMAP2
clock naming style to minimize driver changes in the rest of the tree.
* The dpll*_alwon_fck clocks have been removed (they are not software
controllable, and are unlikely to change)
* Some documentation in the TRM is inconsistent; I sought to apply
the most likely resolution in the code.
Signed-off-by: Paul Walmsley <paul@pwsan.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
Paul Walmsley [Thu, 27 Sep 2007 06:11:22 +0000 (00:11 -0600)]
omap2 clock: add support for inverted enable bits
On 3430ES2 (and presumably beyond), some clock tree branches from
DPLL3 & 4 can be powered down by setting 'PWRDN' bits in CM_CLKEN_PLL.
It appears that an easy way to power these branches down in our
existing clock framework is to use the PWRDN bits as clock enable bits
for the specific DPLL branches they affect. The problem with this is
that the meaning of a set PWRDN bit is 'disable,' not 'enable.' So,
introduce a new clock flag, INVERT_ENABLE, that clears the bit on
'clock enable,' and sets the bit on 'clock disable.' This flag is used
on all PWRDN clock branches in the 3430 clock framework.
Signed-off-by: Paul Walmsley <paul@pwsan.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
Paul Walmsley [Thu, 27 Sep 2007 06:11:21 +0000 (00:11 -0600)]
omap2 clock: split out OMAP2/3 common defines, clksel rates
This patch is a collection of minor clock code changes in preparation for
the OMAP3 clock merge. Specifically:
* Since general-purpose timer and GFX module L3 clksel rates are common to
OMAP2/3, hoist those into asm/arch/clock.h.
* Since the CM_FCLKEN define is common to OMAP2/3, remove the OMAP24XX_
prefix.
* Designate the clock transaction code in clock.c as being OMAP2-specific.
* Fix a potential null pointer dereference that could occur when debugging
is enabled in omap2_init_clksel_parent(). Clocks with no initially-defined
parent (as is possible for clksel clocks) will trigger an oops due to a
buggy conditional.
Paul Walmsley [Thu, 27 Sep 2007 06:11:20 +0000 (00:11 -0600)]
omap2 arch: fix CONTROL_DEVCONF addresses for OMAP3430
OMAP3430 has two CONTROL_DEVCONF addresses, CONTROL_DEVCONF0 and
CONTROL_DEVCONF1; define them both. Also, the existing address for
CONTROL_DEVCONF0 was incorrect; fix it.
Signed-off-by: Paul Walmsley <paul@pwsan.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[TCP]: Fix MD5 signature handling on big-endian.
[NET]: Zero length write() on socket should not simply return 0.
It doesn't look as if the NFS file name limit is being initialised correctly
in the struct nfs_server. Make sure that we limit whatever is being set in
nfs_probe_fsinfo() and nfs_init_server().
Also ensure that readdirplus and nfs4_path_walk respect our file name
limits.
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
e1000: Add device IDs of blade version of the 82571 quad port
sky2: fix transmit state on resume
sky2: FE+ vlan workaround
sky2: sky2 FE+ receive status workaround
David S. Miller [Fri, 28 Sep 2007 22:18:35 +0000 (15:18 -0700)]
[TCP]: Fix MD5 signature handling on big-endian.
Based upon a report and initial patch by Peter Lieven.
tcp4_md5sig_key and tcp6_md5sig_key need to start with
the exact same members as tcp_md5sig_key. Because they
are both cast to that type by tcp_v{4,6}_md5_do_lookup().
Unfortunately tcp{4,6}_md5sig_key use a u16 for the key
length instead of a u8, which is what tcp_md5sig_key
uses. This just so happens to work by accident on
little-endian, but on big-endian it doesn't.
Instead of casting, just place tcp_md5sig_key as the first member of
the address-family specific structures, adjust the access sites, and
kill off the ugly casts.
Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix fallocate on o32 binary compat ABI
[MIPS] Fix CONFIG_BUILD_ELF64 kernels with symbols in CKSEG0.
[MIPS] IP32: Fix initialization of UART base addresses.
H. Peter Anvin [Fri, 28 Sep 2007 00:17:12 +0000 (17:17 -0700)]
[x86 setup] Correct the SMAP check for INT 0x15, AX=0xe820
The e820 probe code was checking %edx, not %eax, for the SMAP
signature on return. This worked on *almost* all systems, since %edx
still contained SMAP from the call on entry, but on a handful of
systems it failed -- plus, we would have missed real mismatches.
The error output is "=d" to make sure gcc knows %edx is clobbered
here.
mpc834x USB-MPH configuration got broken by commit 6f442560021aecf08658e26ed9a37e6928ef0fa1. The selection bits in SICRL
should be cleared rather than set to configure the USB MUXes for the MPH.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Jochen Friedrich [Mon, 24 Sep 2007 17:15:43 +0000 (19:15 +0200)]
[POWERPC] Fix cpm_uart driver for cpm1 machines
in cpm_uart_cpm1.h, DPRAM_BASE is assigned an address derived from cpmp.
On ARC=ppc, this is a physical address with 1:1 DMA mapping which can't
be used for arithmetric compare operations with virtual addresses
returned by cpm_dpram_addr. This patch changes the assignment to use
cpm_dpram_addr as well, like in cpm_uart_cpm2.h.
Signed-off-by: Jochen Friedrich <jochen@scram.de> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Jochen Friedrich [Mon, 24 Sep 2007 17:14:57 +0000 (19:14 +0200)]
[PPC] Fix cpm_dpram_addr returning phys mem instead of virt mem
cpm_dpram_addr returns physical memory of the DP RAM instead of
iomapped virtual memory. As there usually is a 1:1 MMU map of
the IMMR area, this is often not noticed. However, cpm_dpram_phys
assumes this iomapped virtual memory and returns garbage on the
1:1 mapped memory causing CPM1 uart console to fail.
This patch fixes the problem (copied from the powerpc tree).
Signed-off-by: Jochen Friedrich <jochen@scram.de> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Jochen Friedrich [Mon, 24 Sep 2007 17:13:46 +0000 (19:13 +0200)]
[POWERPC] Fix copy'n'paste typo in commproc.c
The powerpc version of commproc.c exports cpm_dpram_addr twice
and cpm_dpram_phys not at all due to a typo. This patch fixes this
problem.
CC arch/powerpc/sysdev/commproc.o
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__kcrctab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__kcrctab_cpm_dpram_addr' was here
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__kstrtab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__kstrtab_cpm_dpram_addr' was here
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__ksymtab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__ksymtab_cpm_dpram_addr' was here
make[1]: *** [arch/powerpc/sysdev/commproc.o] Error 1
make: *** [arch/powerpc/sysdev] Error 2
Signed-off-by: Jochen Friedrich <jochen@scram.de> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
The FE+ workaround means the driver can no longer trust the status register
to indicate VLAN tagged frames. The fix for this is to just disable VLAN
acceleration for that chip version. Tested and works fine.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
The Yukon FE+ chip appears to have a hardware glitch that causes bogus
receive status values to be posted. The data in the packet is good, but
the status value is random garbage. As a temporary workaround until the
problem is better understood, implement the workaround the vendor driver
used of ignoring the status value on this chip.
Since this means trusting dodgy hardware values; add additional checking
of the receive packet length.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix CONFIG_BUILD_ELF64 kernels with symbols in CKSEG0.
[MIPS] IP32: Fix initialization of UART base addresses.
Dave Airlie [Fri, 28 Sep 2007 01:46:28 +0000 (11:46 +1000)]
i915: make vbl interrupts work properly on i965g/gm hw.
This code is ported from the DRM git tree and allows the vblank interrupts
to function on the i965 hw. It also requires a change in Mesa's 965 driver
to actually use them.
[ Without this patch, my 965GM drops vblank interrupts - Jesse ]
David S. Miller [Thu, 27 Sep 2007 20:52:00 +0000 (13:52 -0700)]
[NET]: Zero length write() on socket should not simply return 0.
This fixes kernel bugzilla #5731
It should generate an empty packet for datagram protocols when the
socket is connected, for one.
The check is doubly-wrong because all that a write() can be is a
sendmsg() call with a NULL msg_control and a single entry iovec. No
special semantics should be assigned to it, therefore the zero length
check should be removed entirely.
This matches the behavior of BSD and several other systems.
Alan Cox notes that SuSv3 says the behavior of a zero length write on
non-files is "unspecified", but that's kind of useless since BSD has
defined this behavior for a quarter century and BSD is essentially
what application folks code to.
Based upon a patch from Stephen Hemminger.
Signed-off-by: David S. Miller <davem@davemloft.net>
As noted by Dave Jones:
"Linus, please revert the above cset. It doesn't seem to be
necessary (it was added to fix a miscompile in 'make allnoconfig'
which doesn't seem to be repeatable with it reverted) and actively
breaks the ARM SA1100 framebuffer driver."
Requested-by: Dave Jones <davej@redhat.com> Cc: Russell King <rmk+lkml@arm.linux.org.uk> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Revert "x86-64: Disable local APIC timer use on AMD systems with C1E"
This reverts commit e66485d747505e9d960b864fc6c37f8b2afafaf0, since
Rafael Wysocki noticed that the change only works for his in -mm, not in
mainline (and that both "noapictimer" _and_ "apicmaintimer" are broken
on his hardware, but that's apparently not a regression, just a symptom
of the same issue that causes the automatic apic timer disable to not
work).
It turns out that it really doesn't work correctly on x86-64, since
x86-64 doesn't use the generic clock events for timers yet.
Thanks to Rafal for testing, and here's the ugly details on x86-64 as
per Thomas:
"I just looked into the code and the logic vs. noapictimer on SMP is
completely broken.
On i386 the noapictimer option not only disables the local APIC
timer, it also registers the CPUs for broadcasting via IPI on SMP
systems.
The x86-64 code uses the broadcast only when the local apic timer is
active, i.e. "noapictimer" is not on the command line. This defeats
the whole purpose of "noapictimer". It should be there to make boxen
work, where the local APIC timer actually has a hardware problem,
e.g. the nx6325.
The current implementation of x86_64 only fixes the ACPI c-states
related problem where the APIC timer stops in C3(2), nothing else.
On nx6325 and other AMD X2 equipped systems which have the C1E
enabled we run into the following:
PIT keeps jiffies (and the system) running, but the local APIC timer
interrupts can get out of sync due to this C1E effect.
I don't think this is a critical problem, but it is wrong
nevertheless.
I think it's safe to revert the C1E patch and postpone the fix to the
clock events conversion."
On further reflection, Thomas noted:
"It's even worse than I thought on the first check:
"noapictimer" on the command line of an SMP box prevents _ONLY_ the
boot CPU apic timer from being used. But the secondary CPU is still
unconditionally setting up the APIC timer and uses the non
calibrated variable calibration_result, which is of course 0, to
setup the APIC timer. Wreckage guaranteed."
so we'll just have to wait for the x86 merge to hopefully fix this up
for x86-64.
Tested-and-requested-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
H. Peter Anvin [Wed, 26 Sep 2007 21:11:43 +0000 (14:11 -0700)]
[x86 setup] Handle case of improperly terminated E820 chain
At least one system (a Geode system with a Digital Logic BIOS) has
been found which suddenly stops reporting the SMAP signature when
reading the E820 memory chain. We can't know what, exactly, broke in
the BIOS, so if we detect this situation, declare the E820 data
unusable and fall back to E801.
Also, revert to original behavior of always probing all memory
methods; that way all the memory information is available to the
kernel.
Signed-off-by: H. Peter Anvin <hpa@zytor.com> Cc: Jordan Crouse <jordan.crouse@amd.com> Cc: Joerg Pommnitz <pommnitz@yahoo.com>
xen: execve's error paths don't pin the mm before unpinning
execve's error paths don't activate (and therefore pin) the mm before
calling exit_mmap to free it up, so don't try to unpin unless it is
actually pinned. This prevents a BUG_ON from triggering.
Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com> Cc: Christian Ostheimer <osth@freesurf.ch> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[PATCH] x86-64: Disable local APIC timer use on AMD systems with C1E
solves a problem with AMD dual core laptops e.g. HP nx6325 (Turion 64
X2) with C1E enabled:
When both cores go into idle at the same time, then the system switches
into C1E state, which is basically the same as C3. This stops the local
apic timer.
This was debugged right after the dyntick merge on i386 and despite the
patch title it fixes only the 32 bit path.
x86_64 is still missing this fix. It seems that mainline is not really
affected by this issue, as the PIT is running and keeps jiffies
incrementing, but that's just waiting for trouble.
-mm suffers from this problem due to the x86_64 high resolution timer
patches.
This is a quick and dirty port of the i386 code to x86_64.
I spent quite a time with Rafael to debug the -mm / hrt wreckage until
someone pointed us to this. I really had forgotten that we debugged this
half a year ago already.
Sigh, is it just me or is there something yelling arch/x86 into my ear?
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
...
drivers/char/hpet.c:72: warning: 'clocksource_hpet' defined but not used
drivers/char/hpet.c:81: warning: 'hpet_clocksource' defined but not used
...
The problem is that the garbage collector for the 'host' structures
nlm_gc_hosts(), holds nlm_host_mutex while calling down to
nlmsvc_mark_resources, which, eventually takes the file->f_mutex.
We cannot therefore call nlmsvc_lookup_host() from within
nlmsvc_create_block, since the caller will already hold file->f_mutex, so
the attempt to grab nlm_host_mutex may deadlock.
Fix the problem by calling nlmsvc_lookup_host() outside the file->f_mutex.
Add explicit zeroing to "envp" array in device 'show' method
As Stephen Hemminger says, this is a "belt and suspenders" patch that
zeroes the envp array at allocation time, even though all the users
should NULL-terminate it anyway (and we've hopefully fixed everybody
that doesn't do that).
And we'll apparently clean the whole envp thing up for 2.6.24 anyway.
But let's just be robust, and do both this *and* make sure that all
users are doing the right thing.
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] spufs: fix mismerge, making context signal{1,2} files readable again
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
pata_sis: add missing UDMA5 timing value in sis_66_set_dmamode()
sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: hpet: ACPI Error (utglobal-0126): Unknown exception code: 0xFFFFFFF0
ACPI: CONFIG_ACPI_SLEEP=n power off regression in 2.6.23-rc8 (NOT in rc7)
ACPI: suspend: build-fix for CONFIG_SUSPEND=n and CONFIG_HIBERNATION=y
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
[PATCH] WE : Add missing auth compat-ioctl
[PATCH] softmac: Fix inability to associate with WEP networks
SCTP : Add paramters validity check for ASCONF chunk
If ADDIP is enabled, when an ASCONF chunk is received with ASCONF
paramter length set to zero, this will cause infinite loop.
By the way, if an malformed ASCONF chunk is received, will cause
processing to access memory without verifying.
This is because of not check the validity of parameters in ASCONF chunk.
This patch fixed this.
SCTP: Discard OOTB packetes with bundled INIT early.
RFC 4460 and future RFC 4960 (2960-bis) specify that packets
with bundled INIT chunks need to be dropped. We currenlty do
that only after processing any leading chunks. For OOTB chunks,
since we already walk the entire packet, we should discard packets
with bundled INITs.
There are other chunks chunks that MUST NOT be bundled, but the spec
is silent on theire treatment. Thus, we'll leave their teatment
alone for the moment.
SCTP: Clean up OOTB handling and fix infinite loop processing
While processing OOTB chunks as well as chunks with an invalid
length of 0, it was possible to SCTP to get wedged inside an
infinite loop because we didn't catch the condition correctly,
or didn't mark the packet for discard correctly.
This work is based on original findings and work by
Wei Yongjun <yjwei@cn.fujitsu.com>
Explicitely discard OOTB chunks, whether the result is a
SHUTDOWN COMPLETE or an ABORT. We need to discard the OOTB
SHUTDOWN ACK to prevent bombing attackes since responsed
MUST NOT be bundled. We also explicietely discard in the
ABORT case since that function is widely used internally.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Neil Horman <nhorman@tuxdriver.com>
Wei Yongjun [Fri, 31 Aug 2007 02:03:58 +0000 (10:03 +0800)]
SCTP: Send ABORT chunk with correct tag in response to INIT ACK
When SCTP client received an INIT ACK chunk with missing mandatory
parameter such as "cookie parameter", it will send back a ABORT
with T-bit not set and verification tag is set to 0.
This is because before we accept this INIT ACK chunk, we do not know
the peer's tag. This patch change to reflect vtag when responding to
INIT ACK with missing mandatory parameter.
SCTP: Validate buffer room when processing sequential chunks
When we process bundled chunks, we need to make sure that
the skb has the buffer for each header since we assume it's
always there. Some malicious node can send us something like
DATA + 2 bytes and we'll try to walk off the end refrencing
potentially uninitialized memory.
Johannes Berg [Tue, 11 Sep 2007 10:50:32 +0000 (12:50 +0200)]
[PATCH] mac80211: fix initialisation when built-in
When mac80211 is built into the kernel it needs to init earlier
so that device registrations are run after it has initialised.
The same applies to rate control algorithms.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>