development kernel tree: Changes to 'zecke'
git at git.openmoko.org
git at git.openmoko.org
Sun Jul 27 21:58:34 CEST 2008
Documentation/video4linux/CARDLIST.cx23885 | 2 +-
Makefile | 6 +-
arch/arm/mach-pxa/clock.c | 23 ++-
arch/mips/kernel/i8259.c | 4 +-
arch/mips/kernel/irq.c | 5 +
arch/parisc/kernel/firmware.c | 27 ++-
arch/parisc/kernel/pdc_cons.c | 19 ++-
arch/parisc/kernel/signal.c | 3 +-
arch/powerpc/platforms/chrp/pci.c | 4 +-
arch/powerpc/platforms/powermac/feature.c | 11 +-
arch/s390/lib/uaccess_pt.c | 2 +
arch/s390/lib/uaccess_std.c | 8 +-
arch/sparc/kernel/Makefile | 5 +-
arch/sparc/kernel/una_asm.S | 153 ++++++++++++++++
arch/sparc/kernel/unaligned.c | 252 +++++----------------------
arch/sparc/lib/rwsem.S | 2 +-
arch/sparc64/kernel/ptrace.c | 4 +
arch/sparc64/kernel/signal.c | 2 +-
arch/sparc64/lib/rwsem.S | 2 +-
arch/sparc64/mm/fault.c | 14 +--
arch/sparc64/mm/tlb.c | 3 +-
arch/x86/ia32/ia32_signal.c | 4 +-
arch/x86/kernel/Makefile_32 | 3 +-
arch/x86/kernel/apic_32.c | 2 +-
arch/x86/kernel/apic_64.c | 2 +-
arch/x86/kernel/io_apic_32.c | 5 +-
arch/x86/kernel/io_apic_64.c | 6 +-
arch/x86/kernel/machine_kexec_64.c | 1 +
arch/x86/kernel/process_64.c | 3 +-
arch/x86/kernel/signal_32.c | 4 +-
arch/x86/kernel/signal_64.c | 2 +-
arch/x86/kernel/smpboot_32.c | 2 +-
arch/x86/kernel/smpboot_64.c | 2 +-
arch/x86/mm/pageattr_64.c | 2 +-
arch/x86/pci/mmconfig-shared.c | 35 ----
arch/x86/pci/mmconfig_32.c | 22 +--
arch/x86/pci/mmconfig_64.c | 22 +--
arch/x86/pci/pci.h | 7 -
arch/x86/xen/enlighten.c | 42 +++--
arch/x86/xen/xen-asm.S | 9 +-
crypto/async_tx/async_xor.c | 2 +-
crypto/xcbc.c | 21 ++-
crypto/xts.c | 13 +-
drivers/acorn/char/defkeymap-l7200.c | 68 ++++----
drivers/acpi/blacklist.c | 23 ++-
drivers/acpi/bus.c | 7 +-
drivers/acpi/osl.c | 16 +-
drivers/acpi/processor_core.c | 2 +-
drivers/ata/libata-core.c | 38 +++--
drivers/ata/pata_hpt366.c | 6 +-
drivers/ata/pata_hpt37x.c | 6 +-
drivers/ata/pata_serverworks.c | 2 +-
drivers/base/firmware_class.c | 3 +-
drivers/base/platform.c | 2 +-
drivers/block/ub.c | 2 +-
drivers/char/defkeymap.c_shipped | 68 ++++----
drivers/char/drm/drm_stub.c | 1 +
drivers/char/drm/drm_vm.c | 2 +
drivers/char/mspec.c | 2 +-
drivers/char/vt.c | 1 +
drivers/dma/ioat_dma.c | 2 +
drivers/firmware/dmi_scan.c | 11 +-
drivers/hwmon/w83781d.c | 21 ++-
drivers/isdn/capi/capidrv.c | 9 +-
drivers/isdn/i4l/isdn_net.c | 1 +
drivers/macintosh/smu.c | 25 +++-
drivers/macintosh/via-pmu.c | 2 +-
drivers/md/md.c | 12 --
drivers/md/raid5.c | 51 +++---
drivers/media/dvb/dvb-usb/ttusb2.c | 1 +
drivers/media/dvb/frontends/tda10086.c | 28 +++-
drivers/media/dvb/frontends/tda10086.h | 3 +
drivers/media/dvb/ttpci/budget.c | 1 +
drivers/media/video/cx23885/cx23885-cards.c | 4 +
drivers/media/video/cx88/cx88-cards.c | 4 +
drivers/media/video/ivtv/ivtv-driver.c | 3 +
drivers/media/video/ivtv/ivtv-ioctl.c | 3 +-
drivers/media/video/saa7134/saa7134-dvb.c | 1 +
drivers/message/fusion/mptsas.c | 5 +
drivers/mtd/chips/cfi_cmdset_0001.c | 10 +-
drivers/mtd/devices/block2mtd.c | 1 -
drivers/net/bonding/bond_main.c | 16 +-
drivers/net/dl2k.h | 4 +-
drivers/net/e1000e/netdev.c | 6 +-
drivers/net/forcedeth.c | 16 +-
drivers/net/macb.c | 4 +-
drivers/net/niu.c | 20 ++-
drivers/net/niu.h | 2 +-
drivers/net/pcmcia/smc91c92_cs.c | 12 +-
drivers/net/plip.c | 7 +-
drivers/net/pppol2tp.c | 69 ++++----
drivers/net/sis190.c | 15 +-
drivers/net/sky2.c | 14 +-
drivers/net/sungem.c | 2 +-
drivers/net/tehuti.c | 15 ++
drivers/net/wireless/b43/dma.c | 60 +++++--
drivers/net/wireless/b43/main.c | 24 +++-
drivers/net/wireless/b43/xmit.c | 20 ++-
drivers/net/wireless/b43/xmit.h | 2 +-
drivers/net/wireless/b43legacy/dma.c | 23 +++-
drivers/net/wireless/b43legacy/main.c | 9 +-
drivers/net/wireless/b43legacy/pio.c | 21 ++-
drivers/net/wireless/b43legacy/xmit.c | 15 ++-
drivers/net/wireless/b43legacy/xmit.h | 2 +-
drivers/pci/hotplug/fakephp.c | 39 ++++-
drivers/pci/quirks.c | 11 +-
drivers/pnp/pnpacpi/rsparser.c | 8 +-
drivers/s390/char/defkeymap.c | 4 +-
drivers/scsi/advansys.c | 15 ++-
drivers/scsi/aic94xx/aic94xx_scb.c | 14 +-
drivers/scsi/arcmsr/arcmsr_hba.c | 20 +--
drivers/scsi/gdth.c | 121 +++++--------
drivers/scsi/gdth.h | 1 +
drivers/scsi/gdth_proc.c | 6 +-
drivers/scsi/ips.c | 20 ++-
drivers/scsi/scsi_lib.c | 1 -
drivers/scsi/sd.c | 34 ++--
drivers/spi/atmel_spi.c | 10 +
drivers/spi/pxa2xx_spi.c | 41 +++--
drivers/uio/uio.c | 2 +
drivers/usb/class/usblp.c | 1 +
drivers/usb/core/driver.c | 4 +-
drivers/usb/core/hub.c | 2 +-
drivers/usb/core/message.c | 5 +-
drivers/usb/core/quirks.c | 3 +
drivers/usb/gadget/fsl_usb2_udc.c | 2 +-
drivers/usb/host/ehci-q.c | 2 +-
drivers/usb/misc/usbtest.c | 1 +
drivers/usb/serial/cp2101.c | 6 +
drivers/usb/serial/ftdi_sio.c | 71 +++++---
drivers/usb/serial/ftdi_sio.h | 11 ++
drivers/usb/serial/keyspan.c | 2 +-
drivers/usb/serial/keyspan.h | 4 +
drivers/usb/serial/kobil_sct.c | 1 +
drivers/usb/serial/option.c | 1 +
drivers/usb/serial/pl2303.c | 4 +-
drivers/usb/serial/pl2303.h | 13 +-
drivers/usb/serial/sierra.c | 13 ++
drivers/usb/serial/ti_usb_3410_5052.c | 4 +-
drivers/usb/serial/usb-serial.c | 2 +
drivers/usb/serial/visor.c | 2 +-
drivers/usb/storage/protocol.c | 5 +-
drivers/usb/storage/transport.c | 3 +-
drivers/usb/storage/unusual_devs.h | 19 ++
drivers/video/fbmem.c | 1 +
fs/aio.c | 8 +
fs/buffer.c | 13 +-
fs/dcache.c | 3 -
fs/dnotify.c | 11 ++
fs/ecryptfs/mmap.c | 102 ++++++++---
fs/eventpoll.c | 2 +-
fs/fuse/dir.c | 2 +-
fs/hfsplus/dir.c | 23 ++-
fs/inotify.c | 30 ++--
fs/inotify_user.c | 2 +-
fs/isofs/compress.c | 11 ++
fs/jbd/recovery.c | 2 +-
fs/jbd2/recovery.c | 2 +-
fs/jffs2/erase.c | 18 +-
fs/locks.c | 65 +++++---
fs/ncpfs/mmap.c | 4 -
fs/nfs/write.c | 20 ++-
fs/nfsd/nfsfh.c | 4 +-
fs/signalfd.c | 7 +-
fs/splice.c | 12 +-
fs/ufs/util.h | 2 +-
fs/xfs/linux-2.6/xfs_file.c | 3 +-
include/asm-arm/arch-pxa/pxa-regs.h | 1 +
include/asm-parisc/futex.h | 10 +-
include/asm-parisc/pdc.h | 3 +-
include/asm-powerpc/pmac_feature.h | 8 +
include/asm-sparc64/backoff.h | 3 +-
include/asm-x86/apic_32.h | 2 +-
include/asm-x86/futex_32.h | 6 +-
include/asm-x86/futex_64.h | 6 +-
include/asm-x86/io_apic_64.h | 2 +-
include/asm-x86/processor_32.h | 5 +-
include/linux/dmi.h | 2 -
include/linux/ethtool.h | 1 +
include/linux/futex.h | 1 +
include/linux/hrtimer.h | 2 +-
include/linux/hugetlb.h | 1 +
include/linux/irq.h | 3 +
include/linux/ktime.h | 2 +
include/linux/moduleparam.h | 12 ++-
include/linux/percpu.h | 2 +-
include/linux/sched.h | 6 +
include/linux/security.h | 3 +-
include/linux/time.h | 4 +
include/linux/usb/quirks.h | 3 +
include/linux/usb_usual.h | 4 +-
include/linux/wait.h | 16 ++
include/net/inet_sock.h | 3 +-
include/net/tcp.h | 7 +-
kernel/audit.c | 10 +-
kernel/compat.c | 44 +++++-
kernel/futex.c | 52 +++++-
kernel/futex_compat.c | 11 +-
kernel/hrtimer.c | 100 +++++++-----
kernel/irq/chip.c | 56 ++++++-
kernel/posix-timers.c | 25 +--
kernel/relay.c | 6 +-
kernel/sched.c | 79 +++++++--
kernel/sched_fair.c | 8 +-
kernel/sysctl.c | 4 +-
kernel/timer.c | 10 +-
mm/allocpercpu.c | 15 ++-
mm/filemap.c | 26 ++--
mm/fremap.c | 5 +-
mm/hugetlb.c | 12 ++-
mm/memory.c | 2 +
mm/mmap.c | 2 +-
mm/slab.c | 53 +++---
mm/slub.c | 3 +-
net/8021q/vlan.c | 2 +-
net/ax25/ax25_out.c | 13 ++-
net/bluetooth/hci_core.c | 4 +-
net/bluetooth/hci_sysfs.c | 52 +++++--
net/bridge/netfilter/ebt_dnat.c | 4 +-
net/bridge/netfilter/ebt_redirect.c | 4 +-
net/bridge/netfilter/ebt_snat.c | 4 +-
net/core/dev.c | 10 +-
net/core/netpoll.c | 6 +-
net/ipv4/fib_hash.c | 47 ++++--
net/ipv4/fib_trie.c | 57 ++++---
net/ipv4/inet_diag.c | 11 +-
net/ipv4/ip_output.c | 4 +-
net/ipv4/ip_sockglue.c | 5 -
net/ipv4/ipcomp.c | 10 +-
net/ipv4/ipconfig.c | 4 +-
net/ipv4/netfilter/arpt_mangle.c | 2 +-
net/ipv4/netfilter/ip_queue.c | 12 +-
net/ipv4/sysctl_net_ipv4.c | 2 +-
net/ipv4/tcp.c | 4 +-
net/ipv4/tcp_output.c | 2 +-
net/ipv4/xfrm4_tunnel.c | 2 +-
net/ipv6/ip6_output.c | 10 +-
net/ipv6/ip6_tunnel.c | 1 +
net/ipv6/ipcomp6.c | 7 +-
net/ipv6/netfilter/ip6_queue.c | 10 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +
net/ipv6/xfrm6_output.c | 2 +-
net/llc/af_llc.c | 3 +
net/netfilter/nf_conntrack_proto_tcp.c | 35 +++-
net/netfilter/nfnetlink_log.c | 2 +-
net/netfilter/nfnetlink_queue.c | 12 +-
net/netfilter/xt_time.c | 7 +-
net/sched/em_meta.c | 10 +-
net/sched/ematch.c | 5 +-
net/sched/sch_generic.c | 18 ++-
net/sched/sch_htb.c | 13 +-
net/sctp/bind_addr.c | 4 +-
net/sctp/ipv6.c | 4 +-
net/sctp/protocol.c | 4 +-
scripts/Makefile.modpost | 6 +-
scripts/mod/file2alias.c | 6 +-
scripts/mod/modpost.c | 5 +-
scripts/mod/modpost.h | 1 +
security/capability.c | 1 -
security/commoncap.c | 39 ----
security/selinux/ss/services.c | 4 +-
sound/oss/via82cxxx_audio.c | 14 +-
sound/usb/usx2y/usX2Yhwdep.c | 2 +-
sound/usb/usx2y/usx2yhwdeppcm.c | 2 +-
264 files changed, 2264 insertions(+), 1329 deletions(-)
New commits:
commit 0e33c5c45f362288c38f37175395266b4e882825
Merge: ffebf2f8e5af956749d7bff4d1ba48dc24b2d406 928bb8c418b5f9e96dbccc8d7eafb6635ae81548
Author: Holger Freyther <zecke at openmoko.org>
Date: Sun Jul 27 20:51:18 2008 +0200
Merge commit 'v2.6.24.7' into zecke
commit 928bb8c418b5f9e96dbccc8d7eafb6635ae81548
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Tue May 6 16:22:34 2008 -0700
Linux 2.6.24.7
commit 0bbbae3bfd732f6c4d6b2a67121d77bf6b1c7f70
Author: Al Viro <viro at zeniv.linux.org.uk>
Date: Tue May 6 13:58:34 2008 -0400
fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
commit 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9 upstream.
fcntl_setlk()/close() race prevention has a subtle hole - we need to
make sure that if we *do* have an fcntl/close race on SMP box, the
access to descriptor table and inode->i_flock won't get reordered.
As it is, we get STORE inode->i_flock, LOAD descriptor table entry vs.
STORE descriptor table entry, LOAD inode->i_flock with not a single
lock in common on both sides. We do have BKL around the first STORE,
but check in locks_remove_posix() is outside of BKL and for a good
reason - we don't want BKL on common path of close(2).
Solution is to hold ->file_lock around fcheck() in there; that orders
us wrt removal from descriptor table that preceded locks_remove_posix()
on close path and we either come first (in which case eviction will be
handled by the close side) or we'll see the effect of close and do
eviction ourselves. Note that even though it's read-only access,
we do need ->file_lock here - rcu_read_lock() won't be enough to
order the things.
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 430adffc974f48193d84419c46c4791ac55ae079
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Thu May 1 14:50:00 2008 -0700
Linux 2.6.24.6
commit 344fb8a49535f2392811eadd6f942303f48694ea
Author: Al Viro <viro at ZenIV.linux.org.uk>
Date: Thu May 1 03:52:22 2008 +0100
Fix dnotify/close race (CVE-2008-1375)
commit 214b7049a7929f03bbd2786aaef04b8b79db34e2 upstream.
We have a race between fcntl() and close() that can lead to
dnotify_struct inserted into inode's list *after* the last descriptor
had been gone from current->files.
Since that's the only point where dnotify_struct gets evicted, we are
screwed - it will stick around indefinitely. Even after struct file in
question is gone and freed. Worse, we can trigger send_sigio() on it at
any later point, which allows to send an arbitrary signal to arbitrary
process if we manage to apply enough memory pressure to get the page
that used to host that struct file and fill it with the right pattern...
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ce5fb29181362dbb2d0506f6f0150b6643d7f5e1
Author: Paul Bolle <pebolle at tiscali.nl>
Date: Sun Apr 13 22:44:20 2008 -0700
ISDN: Do not validate ISDN net device address prior to interface-up
Commit bada339 (Validate device addr prior to interface-up) caused a regression
in the ISDN network code, see: http://bugzilla.kernel.org/show_bug.cgi?id=9923
The trivial fix is to remove the pointer to eth_validate_addr() in the
net_device struct in isdn_net_init().
Signed-off-by: Paul Bolle <pebolle at tiscali.nl>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit dcd8f5bca3782f180c028446710edc16ebce73f6
Author: Steven Toth <stoth at hauppauge.com>
Date: Thu Apr 24 20:52:42 2008 -0400
V4L: cx88: enable radio GPIO correctly
This patch fixes an issue on the HVR1300, where GPIO is blown away due to
the radio input being undefined, breaking the functionality of the DVB
demodulator and MPEG2 encoder used on the cx8802 mpeg TS port.
This is a minimal patch for 2.6.26 and the -stable series. This must be
fixed a better way for 2.6.27.
Signed-off-by: Steven Toth <stoth at hauppauge.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab at infradead.org>
Signed-off-by: Michael Krufky <mkrufky at linuxtv.org>
(cherry picked from commit 6b92b3bd7ac91b7e255541f4be9bfd55b12dae41)
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ef4fe7f473ba8edf4fb6931fab80fec45fbfbf01
Author: Alan Cox <alan at lxorguk.ukuu.org.uk>
Date: Thu Apr 24 20:52:26 2008 -0400
V4L: Fix VIDIOCGAP corruption in ivtv
Frank Bennett reported that ivtv was causing skype to crash. With help
from one of their developers he showed it was a kernel problem.
VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
that are too long and does not truncate them so corrupts a few bytes of
the app data area.
Possibly the names also want trimming but for now this should fix the
corruption case.
Signed-off-by: Alan Cox <alan at redhat.com>
Signed-off-by: Hans Verkuil <hverkuil at xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab at infradead.org>
Signed-off-by: Michael Krufky <mkrufky at linuxtv.org>
(cherry picked from commit d2b213f7b76f187c4391079c7581d3a08b940133)
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 31ae1b20f94c8628b1db1eb417bf87ad44c92fc9
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Thu Apr 17 03:05:15 2008 +0000
USB: remove broken usb-serial num_endpoints check
commit: 07c3b1a1001614442c665570942a3107a722c314
The num_interrupt_in, num_bulk_in, and other checks in the usb-serial
code are just wrong, there are too many different devices out there with
different numbers of endpoints. We need to just be sticking with the
device ids instead of trying to catch this kind of thing. It broke too
many different devices.
This fixes a large number of usb-serial devices to get them working
properly again.
Cc: Oliver Neukum <oliver at neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 085b9f23e255e984b771660eca2aa737f72dbc00
Author: John Heffner <jheffner at napa.none>
Date: Fri Apr 25 01:43:57 2008 -0700
Increase the max_burst threshold from 3 to tp->reordering.
[ Upstream commit: dd9e0dda66ba38a2ddd1405ac279894260dc5c36 ]
This change is necessary to allow cwnd to grow during persistent
reordering. Cwnd moderation is applied when in the disorder state
and an ack that fills the hole comes in. If the hole was greater
than 3 packets, but less than tp->reordering, cwnd will shrink when
it should not have.
Signed-off-by: John Heffner <jheffner at napa.none>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c3648f834964ad96b9f567776088ebb28f241172
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Wed Apr 23 11:15:35 2008 +0100
JFFS2: Fix free space leak with in-band cleanmarkers
We were accounting for the cleanmarker by calling jffs2_link_node_ref()
(without locking!), which adjusted both superblock and per-eraseblock
accounting, subtracting the size of the cleanmarker from {jeb,c}->free_size
and adding it to {jeb,c}->used_size.
But only _then_ were we adding the size of the newly-erased block back
to the superblock counts, and we were adding each of jeb->{free,used}_size
to the corresponding superblock counts. Thus, the size of the cleanmarker
was effectively subtracted from the superblock's free_size _twice_.
Fix this, by always adding a full eraseblock size to c->free_size when
we've erased a block. And call jffs2_link_node_ref() under the proper
lock, while we're at it.
Thanks to Alexander Yurchenko and/or Damir Shayhutdinov for (almost)
pinpointing the problem.
[Backport of commit 014b164e1392a166fe96e003d2f0e7ad2e2a0bb7]
Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a086bcfa9947a04075f446fe4ee435070ced9bb9
Author: Jan Altenberg <jan.altenberg at linutronix.de>
Date: Tue Feb 19 01:44:50 2008 +0100
USB: gadget: queue usb USB_CDC_GET_ENCAPSULATED_RESPONSE message
backport of 41566bcf35a8b23ce4715dadb5acfd1098c1d3e4
commit 0cf4f2de0a0f4100795f38ef894d4910678c74f8 introduced a bug, which
prevents sending an USB_CDC_GET_ENCAPSULATED_RESPONSE message. This
breaks the RNDIS initialization (especially / only Windoze machines
dislike this behavior...).
Signed-off-by: Benedikt Spranger <b.spranger at linutronix.de>
Signed-off-by: Jan Altenberg <jan.altenberg at linutronix.de>
Acked-by: David Brownell <dbrownell at users.sourceforge.net>
Cc: Vernon Sauder <vernoninhand at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f1b6098616f329d26199f278f228a7b27d36558d
Author: Jeff Garzik <jeff at garzik.org>
Date: Fri Apr 25 03:11:31 2008 -0400
tehuti: move ioctl perm check closer to function start (CVE-2008-1675)
Commit f946dffed6334f08da065a89ed65026ebf8b33b4 upstream
Noticed by davem.
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a30678eb8ce99a7b4c716ad41c8c10a04d731127
Author: Francois Romieu <romieu at fr.zoreil.com>
Date: Sun Apr 20 19:32:34 2008 +0200
tehuti: check register size (CVE-2008-1675)
Signed-off-by: Francois Romieu <romieu at fr.zoreil.com>
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 2d66f3a83fa0894cfa51669aa262dcbf1d4101ee
Author: PJ Waskiewicz <peter.p.waskiewicz.jr at intel.com>
Date: Mon Apr 28 11:56:03 2008 -0700
x86: Fix 32-bit x86 MSI-X allocation leakage
commit 9d9ad4b51d2b29b5bbeb4011f5e76f7538119cf9 upstream
This bug was introduced in the 2.6.24 lguest tree merge, where
MSI-X vector allocation will eventually fail. The cause is the new
bit array tracking used vectors is not getting cleared properly on
IRQ destruction on the 32-bit APIC code.
This can be seen easily using the ixgbe 10 GbE driver on multi-core
systems by simply loading and unloading the driver a few times.
Depending on the number of available vectors on the host system, the
MSI-X allocation will eventually fail, and the driver will only be
able to use legacy interrupts.
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr at intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d86fc5ca7bb6b952151e7e671349d312060f20d7
Author: Karsten Keil <kkeil at suse.de>
Date: Fri Jan 25 11:55:28 2008 +0100
fix oops on rmmod capidrv
commit eb36f4fc019835cecf0788907f6cab774508087b upstream.
Fix overwriting the stack with the version string
(it is currently 10 bytes + zero) when unloading the
capidrv module. Safeguard against overwriting it
should the version string grow in the future.
Should fix Kernel Bug Tracker Bug 9696.
Signed-off-by: Gerd v. Egidy <gerd.von.egidy at intra2net.com>
Acked-by: Karsten Keil <kkeil at suse.de>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 1a825fd5424d59bdd791491a952ede2f99dae24c
Author: Hugh Dickins <hugh at veritas.com>
Date: Thu Apr 3 23:35:22 2008 +0100
splice: use mapping_gfp_mask
upstream commit: 4cd13504652d28e16bf186c6bb2bbb3725369383
The loop block driver is careful to mask __GFP_IO|__GFP_FS out of its
mapping_gfp_mask, to avoid hangs under memory pressure. But nowadays
it uses splice, usually going through __generic_file_splice_read. That
must use mapping_gfp_mask instead of GFP_KERNEL to avoid those hangs.
Signed-off-by: Hugh Dickins <hugh at veritas.com>
Cc: Jens Axboe <jens.axboe at oracle.com>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 03282b1023560a81675ac7505b270c43f095e14b
Author: Chris Wright <chrisw at sous-sol.org>
Date: Fri Apr 18 18:53:39 2008 -0700
Linux 2.6.24.5
commit fa4bf970097e80c3ba50467a8b99c8f97a6391f0
Author: J. Bruce Fields <bfields at citi.umich.edu>
Date: Mon Apr 14 15:03:02 2008 -0400
locks: fix possible infinite loop in fcntl(F_SETLKW) over nfs
upstream commit: 19e729a928172103e101ffd0829fd13e68c13f78
Miklos Szeredi found the bug:
"Basically what happens is that on the server nlm_fopen() calls
nfsd_open() which returns -EACCES, to which nlm_fopen() returns
NLM_LCK_DENIED.
"On the client this will turn into a -EAGAIN (nlm_stat_to_errno()),
which in will cause fcntl_setlk() to retry forever."
So, for example, opening a file on an nfs filesystem, changing
permissions to forbid further access, then trying to lock the file,
could result in an infinite loop.
And Trond Myklebust identified the culprit, from Marc Eshel and I:
7723ec9777d9832849b76475b1a21a2872a40d20 "locks: factor out
generic/filesystem switch from setlock code"
That commit claimed to just be reshuffling code, but actually introduced
a behavioral change by calling the lock method repeatedly as long as it
returned -EAGAIN.
We assumed this would be safe, since we assumed a lock of type SETLKW
would only return with either success or an error other than -EAGAIN.
However, nfs does can in fact return -EAGAIN in this situation, and
independently of whether that behavior is correct or not, we don't
actually need this change, and it seems far safer not to depend on such
assumptions about the filesystem's ->lock method.
Therefore, revert the problematic part of the original commit. This
leaves vfs_lock_file() and its other callers unchanged, while returning
fcntl_setlk and fcntl_setlk64 to their former behavior.
Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
Tested-by: Miklos Szeredi <mszeredi at suse.cz>
Cc: Trond Myklebust <trond.myklebust at fys.uio.no>
Cc: Marc Eshel <eshel at almaden.ibm.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 44996dccd89ce86c7c38e37e0635d30c66279772
Author: Serge Hallyn <serge at hallyn.com>
Date: Fri Feb 29 15:14:57 2008 +0000
file capabilities: remove cap_task_kill()
upstream commit: aedb60a67c10a0861af179725d060765262ba0fb
The original justification for cap_task_kill() was as follows:
check_kill_permission() does appropriate uid equivalence checks.
However with file capabilities it becomes possible for an
unprivileged user to execute a file with file capabilities
resulting in a more privileged task with the same uid.
However now that cap_task_kill() always returns 0 (permission
granted) when p->uid==current->uid, the whole hook is worthless,
and only likely to create more subtle problems in the corner cases
where it might still be called but return -EPERM. Those cases
are basically when uids are different but euid/suid is equivalent
as per the check in check_kill_permission().
One example of a still-broken application is 'at' for non-root users.
This patch removes cap_task_kill().
Signed-off-by: Serge Hallyn <serge at hallyn.com>
Acked-by: Andrew G. Morgan <morgan at kernel.org>
Earlier-version-tested-by: Luiz Fernando N. Capitulino <lcapitulino at mandriva.com.br>
Acked-by: Casey Schaufler <casey at schaufler-ca.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
[chrisw at sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d7d835ba45a0a2b30ed47887275e271e9ddddbdb
Author: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Date: Thu Apr 10 23:30:07 2008 +0900
macb: Call phy_disconnect on removing
upstream commit: 84b7901f8d5a17536ef2df7fd628ab865df8fe3a
Call phy_disconnect() on remove routine. Otherwise the phy timer
causes a kernel crash when unloading.
Signed-off-by: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Cc: Haavard Skinnemoen <hskinnemoen at atmel.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit acba01a4a72096cd60de7dad570acea3ec7f46ab
Author: Alexey Dobriyan <adobriyan at gmail.com>
Date: Wed Apr 16 02:45:07 2008 +0000
fbdev: fix /proc/fb oops after module removal
upstream commit: c43f89c2084f46e3ec59ddcbc52ecf4b1e9b015a
/proc/fb is not removed during rmmod.
Steps to reproduce:
modprobe fb
rmmod fb
ls /proc
BUG: unable to handle kernel paging request at ffffffffa0094370
IP: [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
PGD 203067 PUD 207063 PMD 17e758067 PTE 0
Oops: 0000 [1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.0/resource
CPU 1
Modules linked in: nf_conntrack_irc xt_state iptable_filter ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables vfat fat usbhid ehci_hcd uhci_hcd usbcore sr_mod cdrom [last unloaded: fb]
Pid: 21205, comm: ls Not tainted 2.6.25-rc8-mm2 #14
RIP: 0010:[<ffffffff802b92a1>] [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
RSP: 0018:ffff81017c4bfc78 EFLAGS: 00010246
RAX: 0000000000008000 RBX: ffff8101787f5470 RCX: 0000000048011ccc
RDX: ffffffffa0094320 RSI: ffff810006ad43b0 RDI: ffff81017fc2cc00
RBP: ffff81017e450300 R08: 0000000000000002 R09: ffff81017c5d1000
R10: 0000000000000000 R11: 0000000000000246 R12: ffff81016b903a28
R13: ffff81017f822020 R14: ffff81017c4bfd58 R15: ffff81017f822020
FS: 00007f08e71696f0(0000) GS:ffff81017fc06480(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffffa0094370 CR3: 000000017e54a000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process ls (pid: 21205, threadinfo ffff81017c4be000, task ffff81017de48770)
Stack: ffff81017c5d1000 00000000ffffffea ffff81017e450300 ffffffff802bdd1e
ffff81017f802258 ffff81017c4bfe48 ffff81016b903a28 ffff81017f822020
ffff81017c4bfd48 ffffffff802b9ba0 ffff81016b903a28 ffff81017f802258
Call Trace:
[<ffffffff802bdd1e>] ? proc_lookup_de+0x8e/0x100
[<ffffffff802b9ba0>] ? proc_root_lookup+0x20/0x60
[<ffffffff802882a7>] ? do_lookup+0x1b7/0x210
[<ffffffff8028883d>] ? __link_path_walk+0x53d/0x7f0
[<ffffffff80295eb8>] ? mntput_no_expire+0x28/0x130
[<ffffffff80288b4a>] ? path_walk+0x5a/0xc0
[<ffffffff80288dd3>] ? do_path_lookup+0x83/0x1c0
[<ffffffff80287785>] ? getname+0xe5/0x210
[<ffffffff80289adb>] ? __user_walk_fd+0x4b/0x80
[<ffffffff8028236c>] ? vfs_lstat_fd+0x2c/0x70
[<ffffffff8028bf1e>] ? filldir+0xae/0xf0
[<ffffffff802b92e9>] ? de_put+0x9/0x50
[<ffffffff8029633d>] ? mnt_want_write+0x2d/0x80
[<ffffffff8029339f>] ? touch_atime+0x1f/0x170
[<ffffffff802b9b1d>] ? proc_root_readdir+0x7d/0xa0
[<ffffffff802825e7>] ? sys_newlstat+0x27/0x50
[<ffffffff8028bffb>] ? vfs_readdir+0x9b/0xd0
[<ffffffff8028c0fe>] ? sys_getdents+0xce/0xe0
[<ffffffff8020b39b>] ? system_call_after_swapgs+0x7b/0x80
Code: b7 83 b2 00 00 00 25 00 f0 00 00 3d 00 80 00 00 74 19 48 89 93 f0 00 00 00 48 89 df e8 39 9a fd ff 48 89 d8 48 83 c4 08 5b 5d c3 <48> 83 7a 50 00 48 c7 c0 60 16 45 80 48 c7 c2 40 17 45 80 48 0f
RIP [<ffffffff802b92a1>] proc_get_inode+0x101/0x130
RSP <ffff81017c4bfc78>
CR2: ffffffffa0094370
---[ end trace c71hiarjan8ab739 ]---
Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
"Antonino A. Daplas" <adaplas at pol.net>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit bcf7b3914e9cd04e09685a1460da8b90e46a8001
Author: Chuck Ebbert <cebbert at redhat.com>
Date: Wed Apr 16 02:45:05 2008 +0000
acpi: bus: check once more for an empty list after locking it
upstream commit: f0a37e008750ead1751b7d5e89d220a260a46147
List could have become empty after the unlocked check that was made earlier,
so check again inside the lock.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=427765
Signed-off-by: Chuck Ebbert <cebbert at redhat.com>
Cc: <stable at kernel.org>
Cc: Len Brown <lenb at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d51b295acd90c52a01b0afb316833c2783e1fb14
Author: Kyle McMartin <kyle at mcmartin.ca>
Date: Tue Apr 15 18:36:38 2008 -0400
PARISC fix signal trampoline cache flushing
upstream commit: cf39cc3b56bc4a562db6242d3069f65034ec7549
The signal trampolines were accidently flushing the kernel I$ instead of
the users. Fix that up, and also add a missing user D$ flush while
we're at it.
Signed-off-by: Kyle McMartin <kyle at mcmartin.ca>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 24319896af06b84f965bcefa0f2d926b726ed05b
Author: Kyle McMartin <kyle at shortfin.cabal.ca>
Date: Tue Apr 15 11:46:03 2008 -0500
PARISC pdc_console: fix bizarre panic on boot
upstream commit ef1afd4d79f0479960ff36bb5fe6ec6eba1ebff2
commit 721fdf34167580ff98263c74cead8871d76936e6
Author: Kyle McMartin <kyle at shortfin.cabal.ca>
Date: Thu Dec 6 09:32:15 2007 -0800
[PARISC] print more than one character at a time for pdc console
introduced a subtle bug by accidentally removing the "static" from
iodc_dbuf. This resulted in, what appeared to be, a trap without
*current set to a task. Probably the result of a trap in real mode
while calling firmware.
Also do other misc clean ups. Since the only input from firmware is non
blocking, share iodc_dbuf between input and output, and spinlock the
only callers.
[jejb: fixed up rejections against the stable tree]
Signed-off-by: Kyle McMartin <kyle at parisc-linux.org>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit fe23b328b6fd02f23a30690baf45a4092162d760
Author: Kyle McMartin <kyle at shortfin.cabal.ca>
Date: Tue Apr 15 10:45:11 2008 -0500
PARISC futex: special case cmpxchg NULL in kernel space
upstream commit: c20a84c91048c76c1379011c96b1a5cee5c7d9a0
commit f9e77acd4060fefbb60a351cdb8d30fca27fe194
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Sun Feb 24 02:10:05 2008 +0000
futex: runtime enable pi and robust functionality
which was backported to stable based on mainline Commit
a0c1e9073ef7428a14309cba010633a6cd6719ea added code to futex.c
to detect whether futex_atomic_cmpxchg_inatomic was implemented at run
time:
+ curval = cmpxchg_futex_value_locked(NULL, 0, 0);
+ if (curval == -EFAULT)
+ futex_cmpxchg_enabled = 1;
This is bogus on parisc, since page zero in kernel virtual space is the
gateway page for syscall entry, and should not be read from the kernel.
(That, and we really don't like the kernel faulting on its own address
space...)
Signed-off-by: Kyle McMartin <kyle at mcmartin.ca>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit e9a3ef655c451a9dd1b4df795f6eac253eed6af0
Author: Len Brown <len.brown at intel.com>
Date: Tue Apr 15 03:16:56 2008 -0400
pnpacpi: reduce printk severity for "pnpacpi: exceeded the max number of ..."
upstream commit 33fd7afd66ffdc6addf1b085fe6403b6af532f8e
We have been printing these messages at KERN_ERR since 2.6.24,
per http://bugzilla.kernel.org/show_bug.cgi?id=9535
But KERN_ERR pops up on a console booted with "quiet"
and causes users to get alarmed and file bugs
about the message itself:
https://bugzilla.redhat.com/show_bug.cgi?id=436589
So reduce the severity of these messages to
KERN_WARNING, which is not printed by "quiet".
This message will still be seen without "quiet",
but a lot of messages are printed in that mode
and it will be less likely to cause undue alarm.
We could go all the way to KERN_DEBUG, but this
is a real warning after all, so it seems prudent
not to require "debug" to see it.
Signed-off-by: Len Brown <len.brown at intel.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 5cd82d4dd65bc2a7206352c7dcb0c1beea28136e
Author: Guido Guenther <agx at sigxcpu.org>
Date: Tue Apr 15 13:45:51 2008 +0000
POWERPC: Fix build of modular drivers/macintosh/apm_emu.c
upstream commit: 620a245978d007279bc5c7c64e15f5f63af9af98
Currently, if drivers/macintosh/apm_emu is a module and the config
doesn't have CONFIG_SUSPEND we get:
ERROR: "pmu_batteries" [drivers/macintosh/apm_emu.ko] undefined!
ERROR: "pmu_battery_count" [drivers/macintosh/apm_emu.ko] undefined!
ERROR: "pmu_power_flags" [drivers/macintosh/apm_emu.ko] undefined!
on PPC32. The variables aren't wrapped in '#if defined(CONFIG_SUSPEND)'
so we probably shouldn't wrap the exports either. This removes the
CONFIG_SUSPEND part of the export, which fixes compilation on ppc32.
Signed-off-by: Guido Guenther <agx at sigxcpu.org>
Signed-off-by: Paul Mackerras <paulus at samba.org>
mpagano at gentoo.org notes:
The details can be found at http://bugs.gentoo.org/show_bug.cgi?id=217629.
Cc: Mike Pagano <mpagano at gentoo.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit f1e310c26a37a98efba28f6ea65f1f33f353786d
Author: Dan Williams <dan.j.williams at intel.com>
Date: Fri Apr 11 16:55:06 2008 +0000
md: close a livelock window in handle_parity_checks5
upstream commit: bd2ab67030e9116f1e4aae1289220255412b37fd
If a failure is detected after a parity check operation has been initiated,
but before it completes handle_parity_checks5 will never quiesce operations on
the stripe.
Explicitly handle this case by "canceling" the parity check, i.e. clear the
STRIPE_OP_CHECK flags and queue the stripe on the handle list again to refresh
any non-uptodate blocks.
Kernel versions >= 2.6.23 are susceptible.
Cc: <stable at kernel.org>
Cc: NeilBrown <neilb at suse.de>
Signed-off-by: Dan Williams <dan.j.williams at intel.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit c9c5091171cbf780bb293e6406dd8632b678bae8
Author: Davide Libenzi <davidel at xmailserver.org>
Date: Fri Apr 11 16:55:04 2008 +0000
signalfd: fix for incorrect SI_QUEUE user data reporting
upstream commit: 0859ab59a8a48d2a96b9d2b7100889bcb6bb5818
Michael Kerrisk found out that signalfd was not reporting back user data
pushed using sigqueue:
http://groups.google.com/group/linux.kernel/msg/9397cab8551e3123
The following patch makes signalfd report back the ssi_ptr and ssi_int members
of the signalfd_siginfo structure.
Signed-off-by: Davide Libenzi <davidel at xmailserver.org>
Acked-by: Michael Kerrisk <mtk.manpages at googlemail.com>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit b895b7886c143e446b8b222a19f10cb0890faae6
Author: Mikulas Patocka <mikulas at artax.karlin.mff.cuni.cz>
Date: Tue Apr 1 01:22:45 2008 +0200
plip: replace spin_lock_irq with spin_lock_irqsave in irq context
upstream commit: cabce28ec0a0ae3d0ddfa4461f0e8be94ade9e46
Plip uses spin_lock_irq/spin_unlock_irq in its IRQ handler (called from
parport IRQ handler), the latter enables interrupts without parport
subsystem IRQ handler expecting it.
The bug can be seen if you compile kernel with lock dependency checking
and use plip --- it produces a warning.
This patch changes it to spin_lock_irqsave/spin_lock_irqrestore, so that
it doesn't enable interrupts when already disabled.
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 53def1fec24f8216778a0492e62370141c5c15a4
Author: Alok Kataria <akataria at vmware.com>
Date: Thu Apr 10 01:50:05 2008 +0000
acpi: fix "buggy BIOS check" when CPUs are hot removed
upstream commit: ba62b077871a5255e271f4fdae57167651839277
Fixes a BUG in ACPI hotplugging.
processor_device_array[pr->id] needs to be set to NULL when removing a CPU.
Else the "buggy BIOS check" in acpi_processor_start mistakenly fires when a
CPU is removed from the system and then later re-added.
Signed-off-by: Alok N Kataria <akataria at vmware.com>
Signed-off-by: Dan Arai <arai at vmware.com>
Cc: Len Brown <lenb at kernel.org>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit b1c9cdea40bcedd6ab88de759162ef01d7b50789
Author: Roman Zippel <zippel at linux-m68k.org>
Date: Wed Apr 9 17:44:07 2008 +0200
HFS+: fix unlink of links
upstream commit: 76b0c26af2736b7e5b87e6ed7ab63901483d5736
Some time ago while attempting to handle invalid link counts, I botched
the unlink of links itself, so this patch fixes this now correctly, so
that only the link count of nodes that don't point to links is ignored.
Thanks to Vlado Plaga <rechner at vlado-do.de> to notify me of this
problem.
Signed-off-by: Roman Zippel <zippel at linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit aff170c0b3f765ef8909b5ab1a89c54d7037c2f9
Author: Hartmut Hackmann <hartmut.hackmann at t-online.de>
Date: Tue Apr 8 21:12:41 2008 -0400
DVB: tda10086: make the 22kHz tone for DISEQC a config option
(backported from commit ea75baf4b0f117564bd50827a49c4b14d61d24e9)
Some cards need the diseqc signal modulated, while some just need
the envelope to control the LNB supply.
This fixes Bug 9887
Signed-off-by: Hartmut Hackmann <hartmut.hackmann at t-online.de>
Acked-by: Oliver Endriss <o.endriss at gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab at infradead.org>
Cc: Hermann Pitton <hermann-pitton at arcor.de>
Signed-off-by: Michael Krufky <mkrufky at linuxtv.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 1ff9e6f47768a807d8c283290e5a4f8b66376e46
Author: David S. Miller <davem at davemloft.net>
Date: Mon Apr 7 22:24:24 2008 -0700
SPARC64: Fix FPU saving in 64-bit signal handling.
Upstream commit: 7c3cce978e4f933ac13758ec5d2554fc8d0927d2
The calculation of the FPU reg save area pointer
was wrong.
Based upon an OOPS report from Tom Callaway.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d5a425ea8e29fc0c17fb72a6fd2aed68df8e9cfe
Author: Dave Young <hidave.darkstar at gmail.com>
Date: Wed Mar 5 18:45:59 2008 -0800
bluetooth: hci_core: defer hci_unregister_sysfs()
upstream commit: 147e2d59833e994cc99341806a88b9e59be41391
Alon Bar-Lev reports:
Feb 16 23:41:33 alon1 usb 3-1: configuration #1 chosen from 1 choice
Feb 16 23:41:33 alon1 BUG: unable to handle kernel NULL pointer
dereference at virtual address 00000008
Feb 16 23:41:33 alon1 printing eip: c01b2db6 *pde = 00000000
Feb 16 23:41:33 alon1 Oops: 0000 [#1] PREEMPT
Feb 16 23:41:33 alon1 Modules linked in: ppp_deflate zlib_deflate
zlib_inflate bsd_comp ppp_async rfcomm l2cap hci_usb vmnet(P)
vmmon(P) tun radeon drm autofs4 ipv6 aes_generic crypto_algapi
ieee80211_crypt_ccmp nf_nat_irc nf_nat_ftp nf_conntrack_irc
nf_conntrack_ftp ipt_MASQUERADE iptable_nat nf_nat ipt_REJECT
xt_tcpudp ipt_LOG xt_limit xt_state nf_conntrack_ipv4 nf_conntrack
iptable_filter ip_tables x_tables snd_pcm_oss snd_mixer_oss
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
bluetooth ppp_generic slhc ioatdma dca cfq_iosched cpufreq_powersave
cpufreq_ondemand cpufreq_conservative acpi_cpufreq freq_table uinput
fan af_packet nls_cp1255 nls_iso8859_1 nls_utf8 nls_base pcmcia
snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm nsc_ircc snd_timer
ipw2200 thinkpad_acpi irda snd ehci_hcd yenta_socket uhci_hcd
psmouse ieee80211 soundcore intel_agp hwmon rsrc_nonstatic pcspkr
e1000 crc_ccitt snd_page_alloc i2c_i801 ieee80211_crypt pcmcia_core
agpgart thermal bat!
tery nvram rtc sr_mod ac sg firmware_class button processor cdrom
unix usbcore evdev ext3 jbd ext2 mbcache loop ata_piix libata sd_mod
scsi_mod
Feb 16 23:41:33 alon1
Feb 16 23:41:33 alon1 Pid: 4, comm: events/0 Tainted: P
(2.6.24-gentoo-r2 #1)
Feb 16 23:41:33 alon1 EIP: 0060:[<c01b2db6>] EFLAGS: 00010282 CPU: 0
Feb 16 23:41:33 alon1 EIP is at sysfs_get_dentry+0x26/0x80
Feb 16 23:41:33 alon1 EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX:
f48a2210
Feb 16 23:41:33 alon1 ESI: f72eb900 EDI: f4803ae0 EBP: f4803ae0 ESP:
f7c49efc
Feb 16 23:41:33 alon1 hcid[7004]: HCI dev 0 registered
Feb 16 23:41:33 alon1 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Feb 16 23:41:33 alon1 Process events/0 (pid: 4, ti=f7c48000
task=f7c3efc0 task.ti=f7c48000)
Feb 16 23:41:33 alon1 Stack: f7cb6140 f4822668 f7e71e10 c01b304d
ffffffff ffffffff fffffffe c030ba9c
Feb 16 23:41:33 alon1 f7cb6140 f4822668 f6da6720 f7cb6140 f4822668
f6da6720 c030ba8e c01ce20b
Feb 16 23:41:33 alon1 f6e9dd00 c030ba8e f6da6720 f6e9dd00 f6e9dd00
00000000 f4822600 00000000
Feb 16 23:41:33 alon1 Call Trace:
Feb 16 23:41:33 alon1 [<c01b304d>] sysfs_move_dir+0x3d/0x1f0
Feb 16 23:41:33 alon1 [<c01ce20b>] kobject_move+0x9b/0x120
Feb 16 23:41:33 alon1 [<c0241711>] device_move+0x51/0x110
Feb 16 23:41:33 alon1 [<f9aaed80>] del_conn+0x0/0x70 [bluetooth]
Feb 16 23:41:33 alon1 [<f9aaed99>] del_conn+0x19/0x70 [bluetooth]
Feb 16 23:41:33 alon1 [<c012c1a1>] run_workqueue+0x81/0x140
Feb 16 23:41:33 alon1 [<c02c0c88>] schedule+0x168/0x2e0
Feb 16 23:41:33 alon1 [<c012fc70>] autoremove_wake_function+0x0/0x50
Feb 16 23:41:33 alon1 [<c012c9cb>] worker_thread+0x9b/0xf0
Feb 16 23:41:33 alon1 [<c012fc70>] autoremove_wake_function+0x0/0x50
Feb 16 23:41:33 alon1 [<c012c930>] worker_thread+0x0/0xf0
Feb 16 23:41:33 alon1 [<c012f962>] kthread+0x42/0x70
Feb 16 23:41:33 alon1 [<c012f920>] kthread+0x0/0x70
Feb 16 23:41:33 alon1 [<c0104c2f>] kernel_thread_helper+0x7/0x18
Feb 16 23:41:33 alon1 =======================
Feb 16 23:41:33 alon1 Code: 26 00 00 00 00 57 89 c7 a1 50 1b 3a c0
56 53 8b 70 38 85 f6 74 08 8b 0e 85 c9 74 58 ff 06 8b 56 50 39 fa 74
47 89 fb eb 02 89 c3 <8b> 43 08 39 c2 75 f7 8b 46 08 83 c0 68 e8 98
e7 10 00 8b 43 10
Feb 16 23:41:33 alon1 EIP: [<c01b2db6>] sysfs_get_dentry+0x26/0x80
SS:ESP 0068:f7c49efc
Feb 16 23:41:33 alon1 ---[ end trace aae864e9592acc1d ]---
Defer hci_unregister_sysfs because hci device could be destructed
while hci conn devices still there.
Signed-off-by: Dave Young <hidave.darkstar at gmail.com>
Tested-by: Stefan Seyfried <seife at suse.de>
Acked-by: Alon Bar-Lev <alon.barlev at gmail.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Acked-by: Marcel Holtmann <marcel at holtmann.org>
dsd at gentoo.org notes:
This patch fixes http://bugs.gentoo.org/211179
Cc: Daniel Drake <dsd at gentoo.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 93ea6ab18c1b1a511e168f9207d8c855822f90ff
Author: Francois Romieu <romieu at fr.zoreil.com>
Date: Mon Feb 18 21:20:32 2008 +0100
sis190: read the mac address from the eeprom first
upstream commit: 563e0ae06ff18f0b280f11cf706ba0172255ce52
Reading a serie of zero from the cmos sram area do not work
well with is_valid_ether_addr(). Let's read the mac address
from the eeprom first as it seems more reliable.
Fix for http://bugzilla.kernel.org/show_bug.cgi?id=9831
Signed-off-by: Francois Romieu <romieu at fr.zoreil.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
dsd at gentoo.org notes:
This patch fixes http://bugs.gentoo.org/207706
Cc: Daniel Drake <dsd at gentoo.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 6cee5037c7c0950a80bd82f1c8c7dd6a22cd5422
Author: Tejun Heo <htejun at gmail.com>
Date: Sun Mar 23 15:16:53 2008 +0900
libata: assume no device is attached if both IDENTIFYs are aborted
upstream commit: 1ffc151fcddf524d0c76709d7e7a2af0255acb6b
This is to fix bugzilla #10254. QSI cdrom attached to pata_sis as
secondary master appears as phantom device for the slave.
Interestingly, instead of not setting DRQ after IDENTIFY which
triggers NODEV_HINT, it aborts both IDENTIFY and IDENTIFY PACKET which
makes EH retry.
Modify EH such that it assumes no device is attached if both flavors
of IDENTIFY are aborted by the device. There really isn't much point
in retrying when the device actively aborts the commands.
While at it, convert NODEV detection message to ata_dev_printk() to
help debugging obscure detection problems.
This problem was reported by Jan Bücken.
Signed-off-by: Tejun Heo <htejun at gmail.com>
Cc: Jan Bücken <jb.faq at gmx.de>
Acked-by: Alan Cox <alan at redhat.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
dsd at gentoo.org notes:
This patch fixes http://bugs.gentoo.org/211369
Cc: Daniel Drake <dsd at gentoo.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 3923d91d2ade70e9fcfe22aa965710ff8a2ae535
Author: David S. Miller <davem at davemloft.net>
Date: Mon Apr 7 00:26:11 2008 -0700
SPARC64: flush_ptrace_access() needs preemption disable.
Upstream commit: f6a843d939ade435e060d580f5c56d958464f8a5
Based upon a report by Mariusz Kozlowski.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 8b337d60a526f4461d681cd537d6b0f2d176f0ad
Author: David S. Miller <davem at davemloft.net>
Date: Mon Apr 7 00:25:35 2008 -0700
SPARC64: Fix __get_cpu_var in preemption-enabled area.
Upstream commit: 69072f6e8e4bd4799d2a54e4ff8771d0657512c1
Reported by Mariusz Kozlowski.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d08242303cea836fd2587d776e5c743b3e02ae2a
Author: David S. Miller <davem at davemloft.net>
Date: Mon Apr 7 00:25:20 2008 -0700
SPARC64: Fix atomic backoff limit.
Upstream commit: 4cfea5a7dfcc2766251e50ca30271a782d5004ad
4096 will not fit into the immediate field of a compare instruction,
in fact it will end up being -4096 causing the check to fail every
time and thus disabling backoff.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 1814e31332384ae44b9ed55f0393faacfa52f02a
Author: Patrick McHardy <kaber at trash.net>
Date: Sun Apr 6 23:46:45 2008 -0700
VLAN: Don't copy ALLMULTI/PROMISC flags from underlying device
Upstream commit: 0ed21b321a13421e2dfeaa70a6c324e05e3e91e6
Changing these flags requires to use dev_set_allmulti/dev_set_promiscuity
or dev_change_flags. Setting it directly causes two unwanted effects:
- the next dev_change_flags call will notice a difference between
dev->gflags and the actual flags, enable promisc/allmulti
mode and incorrectly update dev->gflags
- this keeps the underlying device in promisc/allmulti mode until
the VLAN device is deleted
[ Ported back to 2.6.24 VLAN code. -DaveM ]
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 276be82fbc8970d7dac375493d699f8bea015e7f
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Sun Apr 6 23:43:38 2008 -0700
TCP: Let skbs grow over a page on fast peers
Upstream commit: 69d1506731168d6845a76a303b2c45f7c05f3f2c
While testing the virtio-net driver on KVM with TSO I noticed
that TSO performance with a 1500 MTU is significantly worse
compared to the performance of non-TSO with a 16436 MTU. The
packet dump shows that most of the packets sent are smaller
than a page.
Looking at the code this actually is quite obvious as it always
stop extending the packet if it's the first packet yet to be
sent and if it's larger than the MSS. Since each extension is
bound by the page size, this means that (given a 1500 MTU) we're
very unlikely to construct packets greater than a page, provided
that the receiver and the path is fast enough so that packets can
always be sent immediately.
The fix is also quite obvious. The push calls inside the loop
is just an optimisation so that we don't end up doing all the
sending at the end of the loop. Therefore there is no specific
reason why it has to do so at MSS boundaries. For TSO, the
most natural extension of this optimisation is to do the pushing
once the skb exceeds the TSO size goal.
This is what the patch does and testing with KVM shows that the
TSO performance with a 1500 MTU easily surpasses that of a 16436
MTU and indeed the packet sizes sent are generally larger than
16436.
I don't see any obvious downsides for slower peers or connections,
but it would be prudent to test this extensively to ensure that
those cases don't regress.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit af5ee471275ea3b943b3aa98e675eeee062aa83c
Author: Patrick McHardy <kaber at trash.net>
Date: Sun Apr 6 23:43:18 2008 -0700
TCP: Fix shrinking windows with window scaling
Upstream commit: 607bfbf2d55dd1cfe5368b41c2a81a8c9ccf4723
When selecting a new window, tcp_select_window() tries not to shrink
the offered window by using the maximum of the remaining offered window
size and the newly calculated window size. The newly calculated window
size is always a multiple of the window scaling factor, the remaining
window size however might not be since it depends on rcv_wup/rcv_nxt.
This means we're effectively shrinking the window when scaling it down.
The dump below shows the problem (scaling factor 2^7):
- Window size of 557 (71296) is advertised, up to 3111907257:
IP 172.2.2.3.33000 > 172.2.2.2.33000: . ack 3111835961 win 557 <...>
- New window size of 514 (65792) is advertised, up to 3111907217, 40 bytes
below the last end:
IP 172.2.2.3.33000 > 172.2.2.2.33000: . 3113575668:3113577116(1448) ack 3111841425 win 514 <...>
The number 40 results from downscaling the remaining window:
3111907257 - 3111841425 = 65832
65832 / 2^7 = 514
65832 % 2^7 = 40
If the sender uses up the entire window before it is shrunk, this can have
chaotic effects on the connection. When sending ACKs, tcp_acceptable_seq()
will notice that the window has been shrunk since tcp_wnd_end() is before
tp->snd_nxt, which makes it choose tcp_wnd_end() as sequence number.
This will fail the receivers checks in tcp_sequence() however since it
is before it's tp->rcv_wup, making it respond with a dupack.
If both sides are in this condition, this leads to a constant flood of
ACKs until the connection times out.
Make sure the window is never shrunk by aligning the remaining window to
the window scaling factor.
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 1bb175b624fe8cf8b6acb5abb45810727a98ad80
Author: Patrick McHardy <kaber at trash.net>
Date: Sun Apr 6 23:42:55 2008 -0700
NET: Fix multicast device ioctl checks
Upstream commit: 61ee6bd487b9cc160e533034eb338f2085dc7922
SIOCADDMULTI/SIOCDELMULTI check whether the driver has a set_multicast_list
method to determine whether it supports multicast. Drivers implementing
secondary unicast support use set_rx_mode however.
Check for both dev->set_multicast_mode and dev->set_rx_mode to determine
multicast capabilities.
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 746b23e44e933a993777eb054ab6b44724a43d6e
Author: Chidambar 'ilLogict' Zinnoury <illogict at online.fr>
Date: Sun Apr 6 23:42:35 2008 -0700
SCTP: Fix local_addr deletions during list traversals.
Upstream commit: 22626216c46f2ec86287e75ea86dd9ac3df54265
Since the lists are circular, we need to explicitely tag
the address to be deleted since we might end up freeing
the list head instead. This fixes some interesting SCTP
crashes.
Signed-off-by: Chidambar 'ilLogict' Zinnoury <illogict at online.fr>
Signed-off-by: Vlad Yasevich <vladislav.yasevich at hp.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit ed03865a4621b60f8c1b4c3932db85303c3ec349
Author: Martin Devera <devik at cdi.cz>
Date: Sun Apr 6 23:42:10 2008 -0700
sch_htb: fix "too many events" situation
Upstream commit: 8f3ea33a5078a09eba12bfe57424507809367756
HTB is event driven algorithm and part of its work is to apply
scheduled events at proper times. It tried to defend itself from
livelock by processing only limited number of events per dequeue.
Because of faster computers some users already hit this hardcoded
limit.
This patch limits processing up to 2 jiffies (why not 1 jiffie ?
because it might stop prematurely when only fraction of jiffie
remains).
Signed-off-by: Martin Devera <devik at cdi.cz>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d55db74d5dbb56eb8f4fc874a97af7294a3b3008
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Sun Apr 6 23:41:50 2008 -0700
NET: Add preemption point in qdisc_run
Upstream commit: 2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
The qdisc_run loop is currently unbounded and runs entirely in a
softirq. This is bad as it may create an unbounded softirq run.
This patch fixes this by calling need_resched and breaking out if
necessary.
It also adds a break out if the jiffies value changes since that would
indicate we've been transmitting for too long which starves other
softirqs.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 43bee598bd747dc6849d3c4f32a3a912200073c0
Author: James Chapman <jchapman at katalix.com>
Date: Sun Apr 6 23:41:29 2008 -0700
PPPOL2TP: Fix SMP issues in skb reorder queue handling
Upstream commit: e653181dd6b3ad38ce14904351b03a5388f4b0f7
When walking a session's packet reorder queue, use
skb_queue_walk_safe() since the list could be modified inside the
loop.
Rearrange the unlinking skbs from the reorder queue such that it is
done while the queue lock is held in pppol2tp_recv_dequeue() when
walking the skb list.
A version of this patch was suggested by Jarek Poplawski.
Signed-off-by: James Chapman <jchapman at katalix.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 5998533a1a9aa7480329cca82bab577eec396679
Author: James Chapman <jchapman at katalix.com>
Date: Sun Apr 6 23:41:18 2008 -0700
PPPOL2TP: Make locking calls softirq-safe
Upstream commit: cf3752e2d203bbbfc88d29e362e6938cef4339b3
Fix locking issues in the pppol2tp driver which can cause a kernel
crash on SMP boxes. There were two problems:-
1. The driver was violating read_lock() and write_lock() scheduling
rules because it wasn't using softirq-safe locks in softirq
contexts. So we now consistently use the _bh variants of the lock
functions.
2. The driver was calling sk_dst_get() in pppol2tp_xmit() which was
taking sk_dst_lock in softirq context. We now call __sk_dst_get().
Signed-off-by: James Chapman <jchapman at katalix.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 08fb454fcf51b9133bb6d88e009d89127238e24c
Author: Jarek Poplawski <jarkao2 at gmail.com>
Date: Sun Apr 6 23:40:53 2008 -0700
netpoll: zap_completion_queue: adjust skb->users counter
Upstream commit: 8a455b087c9629b3ae3b521b4f1ed16672f978cc
zap_completion_queue() retrieves skbs from completion_queue where they have
zero skb->users counter. Before dev_kfree_skb_any() it should be non-zero
yet, so it's increased now.
Reported-and-tested-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Jarek Poplawski <jarkao2 at gmail.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit e982cc89839374bb1a504448401dfafaf772bdbf
Author: Patrick McHardy <kaber at trash.net>
Date: Sun Apr 6 23:40:33 2008 -0700
LLC: Restrict LLC sockets to root
Upstream commit: 3480c63bdf008e9289aab94418f43b9592978fff
LLC currently allows users to inject raw frames, including IP packets
encapsulated in SNAP. While Linux doesn't handle IP over SNAP, other
systems do. Restrict LLC sockets to root similar to packet sockets.
[ Modified Patrick's patch to use CAP_NEW_RAW --DaveM ]
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit c6724ce3027b11151d39b4d19b85b9401462eebd
Author: David S. Miller <davem at davemloft.net>
Date: Sun Apr 6 23:40:06 2008 -0700
INET: inet_frag_evictor() must run with BH disabled
Part of upstream commit: e8e16b706e8406f1ab3bccab16932ebc513896d8
Based upon a lockdep trace from Dave Jones.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d94e90a23b5f20d4aadf592d049a6de3c3260f07
Author: David S. Miller <davem at davemloft.net>
Date: Sun Apr 6 23:37:08 2008 -0700
SUNGEM: Fix NAPI assertion failure.
Upstream commit: da990a2402aeaee84837f29054c4628eb02f7493
As reported by Johannes Berg:
I started getting this warning with recent kernels:
[ 773.908927] ------------[ cut here ]------------
[ 773.908954] Badness at net/core/dev.c:2204
...
If we loop more than once in gem_poll(), we'll
use more than the real budget in our gem_rx()
calls, thus eventually trigger the caller's
assertions in net_rx_action().
Subtract "work_done" from "budget" for the second
arg to gem_rx() to fix the bug.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit c4e67d75cd6944616acef4a079967d1d23c6a3bd
Author: Kirill A. Shutemov <k.shutemov at gmail.com>
Date: Sun Apr 6 23:35:53 2008 -0700
NET: include <linux/types.h> into linux/ethtool.h for __u* typedef
Upstream commit: e621e69137b24fdbbe7ad28214e8d81e614c25b7
Signed-off-by: Kirill A. Shutemov <k.shutemov at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 0003f278998a59e72784048d7484e4a998ceab3d
Author: Jarek Poplawski <jarkao2 at gmail.com>
Date: Sun Apr 6 23:35:31 2008 -0700
AX25 ax25_out: check skb for NULL in ax25_kick()
Upstream commit: f47b7257c7368698eabff6fd7b340071932af640
According to some OOPS reports ax25_kick tries to clone NULL skbs
sometimes. It looks like a race with ax25_clear_queues(). Probably
there is no need to add more than a simple check for this yet.
Another report suggested there are probably also cases where ax25
->paclen == 0 can happen in ax25_output(); this wasn't confirmed
during testing but let's leave this debugging check for some time.
Reported-and-tested-by: Jann Traschewski <jann at gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2 at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit b245c3b43439c715e33b57ca9b663123812dd208
Author: Carol Hebert <cah at us.ibm.com>
Date: Fri Apr 4 14:30:03 2008 -0700
ipmi: change device node ordering to reflect probe order
upstream commit: abd24df828f1a72971db29d1b74fefae104ea9e2
In 2.6.14 a patch was merged which switching the order of the ipmi device
naming from in-order-of-discovery over to reverse-order-of-discovery.
So on systems with multiple BMC interfaces, the ipmi device names are being
created in reverse order relative to how they are discovered on the system
(e.g. on an IBM x3950 multinode server with N nodes, the device name for the
BMC in the first node is /dev/ipmiN-1 and the device name for the BMC in the
last node is /dev/ipmi0, etc.).
The problem is caused by the list handling routines chosen in dmi_scan.c.
Using list_add() causes the multiple ipmi devices to be added to the device
list using a stack-paradigm and so the ipmi driver subsequently pulls them off
during initialization in LIFO order. This patch changes the
dmi_save_ipmi_device() list handling paradigm to a queue, thereby allowing the
ipmi driver to build the ipmi device names in the order in which they are
found on the system.
Signed-off-by: Carol Hebert <cah at us.ibm.com>
Signed-off-by: Corey Minyard <cminyard at mvista.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 81f368b55356732412d1737b7da90c4a7d7d11a2
Author: Alexey Korolev <akorolev at infradead.org>
Date: Fri Apr 4 22:15:06 2008 +0000
mtd: fix broken state in CFI driver caused by FL_SHUTDOWN
upstream commit: fb6d080c6f75dfd7e23d5a3575334785aa8738eb
THe CFI driver in 2.6.24 kernel is broken. Not so intensive read/write
operations cause incomplete writes which lead to kernel panics in JFFS2.
We investigated the issue - it is caused by bug in FL_SHUTDOWN parsing code.
Sometimes chip returns -EIO as if it is in FL_SHUTDOWN state when it should
wait in FL_PONT (error in order of conditions).
The following patch fixes the bug in state parsing code of CFI. Also I've
added comments to notify developers if they want to add new case in future.
Signed-off-by: Alexey Korolev <akorolev at infradead.org>
Reviewed-by: Joern Engel <joern at logfs.org>
Cc: David Woodhouse <dwmw2 at infradead.org>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit c116e98be7180bdac3aea5c0a428718e14785315
Author: Joy Latten <latten at austin.ibm.com>
Date: Fri Apr 4 20:05:02 2008 +0800
CRYPTO xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk
upstream commit: 1edcf2e1ee2babb011cfca80ad9d202e9c491669
The kernel crashes when ipsec passes a udp packet of about 14XX bytes
of data to aes-xcbc-mac.
It seems the first xxxx bytes of the data are in first sg entry,
and remaining xx bytes are in next sg entry. But we don't
check next sg entry to see if we need to go look the page up.
I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
and possible lookup, thus xcbc.c needs to use this routine too.
A 15-hour run of an ipsec stress test sending streams of tcp and
udp packets of various sizes, using this patch and
aes-xcbc-mac completed successfully, so hopefully this fixes the
problem.
Signed-off-by: Joy Latten <latten at austin.ibm.com>
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
[chrisw at sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit f1920b5f097b15dace2d84fedb82121cb09c86b4
Author: Robert Spanton <rspanton at zepler.net>
Date: Wed Apr 2 23:15:15 2008 +0000
USB: serial: ti_usb_3410_5052: Correct TUSB3410 endpoint requirements.
upstream commit: 1bfd6693cd66f1e79abce62d3e8c3647e1f59a55
The changes introduced in commit
063a2da8f01806906f7d7b1a1424b9afddebc443 changed the semantics of the
num_interrupt_in, num_interrupt_out, num_bulk_in and num_bulk_out
entries of the usb_serial_driver struct to be the number of endpoints
the device has when probed.
This patch changes the ti_1port_device usb_serial_driver struct to
reflect this change. The single port devices only have 1
bulk_out endpoint in their initial configuration, and so this patch
changes the number of other types to NUM_DONT_CARE.
The same change probably needs doing to the ti_2port_device struct,
but I don't have a two port device at hand.
Signed-off-by: Robert Spanton <rspanton at zepler.net>
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit e114af2792992c4e2206dbfb28d52d3bbea2c2ef
Author: Brad Sawatzky <brad+kernel at swatter.net>
Date: Wed Apr 2 23:15:13 2008 +0000
USB: serial: fix regression in Visor/Palm OS module for kernels >= 2.6.24
upstream commit: d04863e9e65767feff7807c8f693ac2719dd1944
Fixes a bug/inconsistency revealed by the additional sanity checking in
commit 063a2da8f01806906f7d7b1a1424b9afddebc443
introduced in the original 2.6.24 branch.
The Handspring Visor / PalmOS 4 device structure defines .num_bulk_out=2
but the usb-serial probe returns num_bulk_out=3, triggering the check in
the above commit and forcing a bail out when the device (a Garmin iQue in
my case) attempts to connect. The patch bumps the expected number of
endpoints to 3.
FWIW, this patch will probably solve the following kernel bug report for
Treo users (identical symptoms, different model PalmOS units):
<http://bugzilla.kernel.org/show_bug.cgi?id=10118>
Signed-off-by: Brad Sawatzky <brad+kernel at swatter.net>
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit ff66974a0f9a9f938f182c49f1464ba54a31e553
Author: Clark Rawlins <clark.rawlins at escient.com>
Date: Wed Apr 2 23:15:09 2008 +0000
USB: Allow initialization of broken keyspan serial adapters.
upstream commit: 822470537d0fc1dee38a2a9c8b8c398bfbb332bb
Fixes the keyspan driver after the addition of additional
checking of driver requirements introduced in usb-serial.c
commit 063a2da8f01806906f7d7b1a1424b9afddebc443. The initialization
of the keyspan usb_serial_driver structs were not initializing the
num_interrupt_out field and the additional checking was rejecting
the end point so the driver wouldn't finish initializing.
This commit initializes the fields to NUM_DONT_CARE.
It works for the keyspan USA-49WG and doesn't break the USA-19HS
which are the two keyspan devices I have to test with.
Signed-off-by: Clark Rawlins <clark.rawlins at escient.com>
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit a5b76cbbbe0fb76270f7babce48bda9b8806f9ea
Author: Ken'ichi Ohmichi <oomichi at mxs.nes.nec.co.jp>
Date: Wed Apr 2 23:15:03 2008 +0000
vmcoreinfo: add the symbol "phys_base"
upstream commit: 629c8b4cdb354518308663aff2f719e02f69ffbe
Fix the problem that makedumpfile sometimes fails on x86_64 machine.
This patch adds the symbol "phys_base" to a vmcoreinfo data. The
vmcoreinfo data has the minimum debugging information only for dump
filtering. makedumpfile (dump filtering command) gets it to distinguish
unnecessary pages, and makedumpfile creates a small dumpfile.
On x86_64 kernel which compiled with CONFIG_PHYSICAL_START=0x0 and
CONFIG_RELOCATABLE=y, makedumpfile fails like the following:
# makedumpfile -d31 /proc/vmcore dumpfile
The kernel version is not supported.
The created dumpfile may be incomplete.
_exclude_free_page: Can't get next online node.
makedumpfile Failed.
#
The cause is the lack of the symbol "phys_base" in a vmcoreinfo data.
If the symbol "phys_base" does not exist, makedumpfile considers an
x86_64 kernel as non relocatable. As the result, makedumpfile
misunderstands the physical address where the kernel is loaded, and it
cannot translate a kernel virtual address to physical address correctly.
To fix this problem, this patch adds the symbol "phys_base" to a
vmcoreinfo data.
Signed-off-by: Ken'ichi Ohmichi <oomichi at mxs.nes.nec.co.jp>
Cc: "Eric W. Biederman" <ebiederm at xmission.com>
Cc: <stable at kernel.org>
Acked-by: Vivek Goyal <vgoyal at redhat.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 9b3a3637bca1835825c5ec9b8a06207891cc8d24
Author: Jean Delvare <khali at linux-fr.org>
Date: Sun Mar 9 13:34:28 2008 +0100
hwmon: (w83781d) Fix I/O resource conflict with PNP
upstream commit: 2961cb22ef02850d90e7a12c28a14d74e327df8d
Only request I/O ports 0x295-0x296 instead of the full I/O address
range. This solves a conflict with PNP resources on a few motherboards.
Also request the I/O ports in two parts (4 low ports, 4 high ports)
during device detection, otherwise the PNP resource makes the request
(and thus the detection) fail.
This fixes lm-sensors ticket #2306:
http://www.lm-sensors.org/ticket/2306
Signed-off-by: Jean Delvare <khali at linux-fr.org>
Signed-off-by: Mark M. Hoffman <mhoffman at lightlink.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 96c132f39fc8514e2bd2d56b95442879c56308fe
Author: Jean Delvare <khali at linux-fr.org>
Date: Fri Mar 28 14:16:04 2008 -0700
pci: revert SMBus unhide on HP Compaq nx6110
upstream commit: a99acc832de1104afaba02d7c2576fd9b9fd6422
This reverts commit 3c0a654e390d00fef9d8faed758f5e1e8078adb5 and
fixes kernel bug #10245:
http://bugzilla.kernel.org/show_bug.cgi?id=10245
The HP Compaq nc6120 has the same PCI sub-device ID as the nx6110, and the
SMBus is used by ACPI for thermal management on the nc6120, so Linux should
not attach a native driver to it. This means that this quirk is unsafe and
has to be removed.
I also added a comment to help developers realize that adding new IDs to this
SMBus unhiding quirk table should be done only with great care, and in
particular only after checking that ACPI is not making use of the SMBus.
Signed-off-by: Jean Delvare <khali at linux-fr.org>
Cc: Tomasz Koprowski <tomek at koprowski.org>
Acked-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 6ed609bc70e1cce983650707b0b7c12265ab96f6
Author: Dmitri Monakhov <dmonakhov at openvz.org>
Date: Fri Mar 28 22:10:07 2008 +0000
vfs: fix data leak in nobh_write_end()
upstream commit: 5b41e74ad1b0bf7bc51765ae74e5dc564afc3e48
Current nobh_write_end() implementation ignore partial writes(copied < len)
case if page was fully mapped and simply mark page as Uptodate, which is
totally wrong because area [pos+copied, pos+len) wasn't updated explicitly in
previous write_begin call. It simply contains garbage from pagecache and
result in data leakage.
#TEST_CASE_BEGIN:
~~~~~~~~~~~~~~~~
In fact issue triggered by classical testcase
open("/mnt/test", O_RDWR|O_CREAT|O_TRUNC, 0666) = 3
ftruncate(3, 409600) = 0
writev(3, [{"a", 1}, {NULL, 4095}], 2) = 1
##TESTCASE_SOURCE:
~~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/uio.h>
#include <sys/mman.h>
#include <errno.h>
int main(int argc, char **argv)
{
int fd, ret;
void* p;
struct iovec iov[2];
fd = open(argv[1], O_RDWR|O_CREAT|O_TRUNC, 0666);
ftruncate(fd, 409600);
iov[0].iov_base="a";
iov[0].iov_len=1;
iov[1].iov_base=NULL;
iov[1].iov_len=4096;
ret = writev(fd, iov, sizeof(iov)/sizeof(struct iovec));
printf("writev = %d, err = %d\n", ret, errno);
return 0;
}
##TESTCASE RESULT:
~~~~~~~~~~~~~~~~~~
[root at ts63 ~]# mount | grep mnt2
/dev/mapper/test on /mnt2 type ext2 (rw,nobh)
[root at ts63 ~]# /tmp/writev /mnt2/test
writev = 1, err = 0
[root at ts63 ~]# hexdump -C /mnt2/test
00000000 61 65 62 6f 6f 74 00 00 f0 b9 b4 59 3a 00 00 00 |aeboot.....Y:...|
00000010 20 00 00 00 00 00 00 00 21 00 00 00 00 00 00 00 | .......!.......|
00000020 df df df df df df df df df df df df df df df df |................|
00000030 3a 00 00 00 2a 00 00 00 21 00 00 00 00 00 00 00 |:...*...!.......|
00000040 60 c0 8c 00 00 00 00 00 40 4a 8d 00 00 00 00 00 |`....... at J......|
00000050 00 00 00 00 00 00 00 00 41 00 00 00 00 00 00 00 |........A.......|
00000060 74 69 6d 65 20 64 64 20 69 66 3d 2f 64 65 76 2f |time dd if=/dev/|
00000070 6c 6f 6f 70 30 20 20 6f 66 3d 2f 64 65 76 2f 6e |loop0 of=/dev/n|
skip..
00000f50 00 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 |........1.......|
00000f60 6d 6b 66 73 2e 65 78 74 33 20 2f 64 65 76 2f 76 |mkfs.ext3 /dev/v|
00000f70 7a 76 67 2f 74 65 73 74 20 2d 62 34 30 39 36 00 |zvg/test -b4096.|
00000f80 a0 fe 8c 00 00 00 00 00 21 00 00 00 00 00 00 00 |........!.......|
00000f90 23 31 32 30 35 39 35 30 34 30 34 00 3a 00 00 00 |#1205950404.:...|
00000fa0 20 00 8d 00 00 00 00 00 21 00 00 00 00 00 00 00 | .......!.......|
00000fb0 d0 cf 8c 00 00 00 00 00 10 d0 8c 00 00 00 00 00 |................|
00000fc0 00 00 00 00 00 00 00 00 41 00 00 00 00 00 00 00 |........A.......|
00000fd0 6d 6f 75 6e 74 20 2f 64 65 76 2f 76 7a 76 67 2f |mount /dev/vzvg/|
00000fe0 74 65 73 74 20 20 2f 76 7a 20 2d 6f 20 64 61 74 |test /vz -o dat|
00000ff0 61 3d 77 72 69 74 65 62 61 63 6b 00 00 00 00 00 |a=writeback.....|
00001000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
As you can see file's page contains garbage from pagecache instead of zeros.
#TEST_CASE_END
Attached patch:
- Add sanity check BUG_ON in order to prevent incorrect usage by caller,
This is function invariant because page can has buffers and in no zero
*fadata pointer at the same time.
- Always attach buffers to page is it is partial write case.
- Always switch back to generic_write_end if page has buffers.
This is reasonable because if page already has buffer then generic_write_begin
was called previously.
Signed-off-by: Dmitri Monakhov <dmonakhov at openvz.org>
Reviewed-by: Nick Piggin <npiggin at suse.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 2f95fda842dd607e2d02f973b22a5aacf78bbd1b
Author: Eric Dumazet <dada1 at cosmosbay.com>
Date: Fri Mar 28 14:42:43 2008 -0400
alloc_percpu() fails to allocate percpu data
upstream commit: be852795e1c8d3829ddf3cb1ce806113611fa555
Some oprofile results obtained while using tbench on a 2x2 cpu machine were
very surprising.
For example, loopback_xmit() function was using high number of cpu cycles
to perform the statistic updates, supposed to be real cheap since they use
percpu data
pcpu_lstats = netdev_priv(dev);
lb_stats = per_cpu_ptr(pcpu_lstats, smp_processor_id());
lb_stats->packets++; /* HERE : serious contention */
lb_stats->bytes += skb->len;
struct pcpu_lstats is a small structure containing two longs. It appears
that on my 32bits platform, alloc_percpu(8) allocates a single cache line,
instead of giving to each cpu a separate cache line.
Using the following patch gave me impressive boost in various benchmarks
( 6 % in tbench)
(all percpu_counters hit this bug too)
Long term fix (ie >= 2.6.26) would be to let each CPU allocate their own
block of memory, so that we dont need to roudup sizes to L1_CACHE_BYTES, or
merging the SGI stuff of course...
Note : SLUB vs SLAB is important here to *show* the improvement, since they
dont have the same minimum allocation sizes (8 bytes vs 32 bytes). This
could very well explain regressions some guys reported when they switched
to SLUB.
Signed-off-by: Eric Dumazet <dada1 at cosmosbay.com>
Acked-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 28680bfb8269703def997e2269caf9bfe2de489c
Author: Eric Dumazet <dada1 at cosmosbay.com>
Date: Fri Mar 28 14:42:42 2008 -0400
PERCPU : __percpu_alloc_mask() can dynamically size percpu_data storage
upstream commit: b3242151906372f30f57feaa43b4cac96a23edb1
Instead of allocating a fix sized array of NR_CPUS pointers for percpu_data,
we can use nr_cpu_ids, which is generally < NR_CPUS.
Signed-off-by: Eric Dumazet <dada1 at cosmosbay.com>
Cc: Christoph Lameter <clameter at sgi.com>
Cc: "David S. Miller" <davem at davemloft.net>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit bcd817a3949cfc772b97f3f1428be35488e6266b
Author: Jeremy Fitzhardinge <jeremy at goop.org>
Date: Thu Mar 27 20:35:05 2008 +0000
xen: fix UP setup of shared_info
upstream commit: 2e8fe719b57bbdc9e313daed1204bb55fed3ed44
We need to set up the shared_info pointer once we've mapped the real
shared_info into its fixmap slot. That needs to happen once the general
pagetable setup has been done. Previously, the UP shared_info was set
up one in xen_start_kernel, but that was left pointing to the dummy
shared info. Unfortunately there's no really good place to do a later
setup of the shared_info in UP, so just do it once the pagetable setup
has been done.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
[chrisw at sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit cf0a0d639cb8feee43f455bdb31454742337225d
Author: Jeremy Fitzhardinge <jeremy at xensource.com>
Date: Fri Feb 29 18:55:43 2008 +0100
xen: mask out SEP from CPUID
upstream commit: d40e705903397445c6861a0a56c23e5b2e8f9b9a
Fix 32-on-64 pvops kernel:
we don't want userspace using syscall/sysenter, even if the hypervisor
supports it, so mask it out from CPUID.
Signed-off-by: Jeremy Fitzhardinge <jeremy at xensource.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 47faf947315d8abeaf5ec90a906e47a24e0657dd
Author: Jeremy Fitzhardinge <jeremy at goop.org>
Date: Thu Mar 27 20:35:06 2008 +0000
xen: fix RMW when unmasking events
upstream commit: 04c44a080d2f699a3042d4e743f7ad2ffae9d538
xen_irq_enable_direct and xen_sysexit were using "andw $0x00ff,
XEN_vcpu_info_pending(vcpu)" to unmask events and test for pending ones
in one instuction.
Unfortunately, the pending flag must be modified with a locked operation
since it can be set by another CPU, and the unlocked form of this
operation was causing the pending flag to get lost, allowing the processor
to return to usermode with pending events and ultimately deadlock.
The simple fix would be to make it a locked operation, but that's rather
costly and unnecessary. The fix here is to split the mask-clearing and
pending-testing into two instructions; the interrupt window between
them is of no concern because either way pending or new events will
be processed.
This should fix lingering bugs in using direct vcpu structure access too.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit ce4039e002eab66502cd7d2cbcc6fcbdcbf828ee
Author: Daniel Yeisley <dan.yeisley at unisys.com>
Date: Wed Mar 26 23:37:41 2008 +0200
slab: fix cache_cache bootstrap in kmem_cache_init()
upstream commit: ec1f5eeeb5a79a0d48036de649a3498da42db565
Commit 556a169dab38b5100df6f4a45b655dddd3db94c1 ("slab: fix bootstrap on
memoryless node") introduced bootstrap-time cache_cache list3s for all nodes
but forgot that initkmem_list3 needs to be accessed by [somevalue + node]. This
patch fixes list_add() corruption in mm/slab.c seen on the ES7000.
Cc: Mel Gorman <mel at csn.ul.ie>
Cc: Olaf Hering <olaf at aepfle.de>
Signed-off-by: Dan Yeisley <dan.yeisley at unisys.com>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
Signed-off-by: Christoph Lameter <clameter at sgi.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit e8f696e9daa00e52b9c7ad1822fcda354d0baabd
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Wed Mar 26 18:35:10 2008 +0000
NOHZ: reevaluate idle sleep length after add_timer_on()
upstream commit: 06d8308c61e54346585b2691c13ee3f90cb6fb2f
add_timer_on() can add a timer on a CPU which is currently in a long
idle sleep, but the timer wheel is not reevaluated by the nohz code on
that CPU. So a timer can be delayed for quite a long time. This
triggered a false positive in the clocksource watchdog code.
To avoid this we need to wake up the idle CPU and enforce the
reevaluation of the timer wheel for the next timer event.
Add a function, which checks a given CPU for idle state, marks the
idle task with NEED_RESCHED and sends a reschedule IPI to notify the
other CPU of the change in the timer wheel.
Call this function from add_timer_on().
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Acked-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Acked-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
--
include/linux/sched.h | 6 ++++++
kernel/sched.c | 43 +++++++++++++++++++++++++++++++++++++++++++
kernel/timer.c | 10 +++++++++-
3 files changed, 58 insertions(+), 1 deletion(-)
commit 3d6fec02c6a996f658bdaa6a1da381f9b72da032
Author: Nick Piggin <npiggin at suse.de>
Date: Tue Mar 25 13:48:18 2008 +0100
inotify: remove debug code
upstream commit: 0d71bd5993b630a989d15adc2562a9ffe41cd26d
The inotify debugging code is supposed to verify that the
DCACHE_INOTIFY_PARENT_WATCHED scalability optimisation does not result in
notifications getting lost nor extra needless locking generated.
Unfortunately there are also some races in the debugging code. And it isn't
very good at finding problems anyway. So remove it for now.
Signed-off-by: Nick Piggin <npiggin at suse.de>
Cc: Robert Love <rlove at google.com>
Cc: John McCutchan <ttb at tentacle.dhs.org>
Cc: Jan Kara <jack at ucw.cz>
Cc: Yan Zheng <yanzheng at 21cn.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Christian Lamparter <chunkeey at web.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 4193242f7ca7c2626b440fe4e9dda57f2bcf0baa
Author: Nick Piggin <npiggin at suse.de>
Date: Tue Mar 25 13:48:15 2008 +0100
inotify: fix race
upstream commit: d599e36a9ea85432587f4550acc113cd7549d12a
There is a race between setting an inode's children's "parent watched" flag
when placing the first watch on a parent, and instantiating new children of
that parent: a child could miss having its flags set by
set_dentry_child_flags, but then inotify_d_instantiate might still see
!inotify_inode_watched.
The solution is to set_dentry_child_flags after adding the watch. Locking is
taken care of, because both set_dentry_child_flags and inotify_d_instantiate
hold dcache_lock and child->d_locks.
Signed-off-by: Nick Piggin <npiggin at suse.de>
Cc: Robert Love <rlove at google.com>
Cc: John McCutchan <ttb at tentacle.dhs.org>
Cc: Jan Kara <jack at ucw.cz>
Cc: Yan Zheng <yanzheng at 21cn.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Christian Lamparter <chunkeey at web.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit d4fe2bbe7a065a8aee77612356d8057239a03b84
Author: Alan Stern <stern at rowland.harvard.edu>
Date: Tue Mar 25 06:35:12 2008 +0000
USB: new quirk flag to avoid Set-Interface
upstream commit: 392e1d9817d0024c96aae237c3c4349e47c976fd
This patch (as1057) fixes a problem with the X-Rite/Gretag-Macbeth
Eye-One Pro display colorimeter; the device crashes when it receives a
Set-Interface request. A new quirk (USB_QUIRK_NO_SET_INTF) is
introduced and a quirks entry is created for this device.
Signed-off-by: Alan Stern <stern at rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
[chrisw at sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 5010082c1fb8795638fe62076bb23f2ee08af9f3
Author: Constantin Baranov <const at tltsu.ru>
Date: Tue Mar 25 06:35:11 2008 +0000
USB: add support for Motorola ROKR Z6 cellphone in mass storage mode
upstream commit: cc36bdd47ae51b66780b317c1fa519221f894405
Motorola ROKR Z6 cellphone has bugs in its USB, so it is impossible to use
it as mass storage. Patch describes new "unusual" USB device for it with
FIX_INQUIRY and FIX_CAPACITY flags and new BULK_IGNORE_TAG flag.
Last flag relaxes check for equality of bcs->Tag and us->tag in
usb_stor_Bulk_transport routine.
Signed-off-by: Constantin Baranov <const at tltsu.ru>
Signed-off-by: Matthew Dharm <mdharm-usb at one-eyed-alien.net>
Signed-off-by: Daniel Drake <dsd at gentoo.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 2b003ee8211d1e78f257dd91a5a24b425d330a1d
Author: Jean-Samuel Chenard <jsamch at gmail.com>
Date: Tue Mar 25 06:35:08 2008 +0000
UIO: add pgprot_noncached() to UIO mmap code
upstream commit: c9698d6b1a90929e427a165bd8283f803f57d9bd
Mapping of physical memory in UIO needs pgprot_noncached() to ensure
that IO memory is not cached. Without pgprot_noncached(), it (accidentally)
works on x86 and arm, but fails on PPC.
Signed-off-by: Jean-Samuel Chenard <jsamch at gmail.com>
Signed-off-by: Hans J Koch <hjk at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 490b69825567385d30f20a1fa1e43dc9573bb815
Author: Ian Armstrong <ian at iarmst.demon.co.uk>
Date: Sat Mar 22 15:59:02 2008 -0400
V4L: ivtv: Add missing sg_init_table()
upstream commit: 165e1213e13b49761f8b3fd9314701f83cf3db3a
If a dma transfer is attempted for either yuv or framebuffer output, a
missing sg_init_table() call causes a kernel BUG in scatterlist.h if
CONFIG_DEBUG_SG is set.
Signed-off-by: Ian Armstrong <ian at iarmst.demon.co.uk>
Signed-off-by: Hans Verkuil <hverkuil at xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab at infradead.org>
Signed-off-by: Michael Krufky <mkrufky at linuxtv.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 3931f1aa4d1cd87a889235edc3eee7ceb5f73de4
Author: NeilBrown <neilb at suse.de>
Date: Mon Mar 24 21:21:26 2008 -0700
md: remove the 'super' sysfs attribute from devices in an 'md' array
upstream commit: 0e82989d95cc46cc58622381eafa54f7428ee679
Exposing the binary blob which is the md 'super-block' via sysfs doesn't
really fit with the whole sysfs model, and ever since commit
8118a859dc7abd873193986c77a8d9bdb877adc8 ("sysfs: fix off-by-one error
in fill_read_buffer()") it doesn't actually work at all (as the size of
the blob is often one page).
(akpm: as in, fs/sysfs/file.c:fill_read_buffer() goes BUG)
So just remove it altogether. It isn't really useful.
Signed-off-by: Neil Brown <neilb at suse.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit a98ac15765353742ddff62e5ee1e46874742e1f1
Author: Ingo van Lil <inguin at gmx.de>
Date: Tue Mar 25 02:40:04 2008 +0000
mtd: memory corruption in block2mtd.c
upstream commit: 2875fb65f8e40401c4b781ebc5002df10485f635
The block2mtd driver (drivers/mtd/devices/block2mtd.c) will kfree an on-stack
pointer when handling an invalid argument line (e.g.
block2mtd=/dev/loop0,xxx).
The kfree was added some time ago when "name" was dynamically allocated.
Signed-off-by: Ingo van Lil <inguin at gmx.de>
Acked-by: Joern Engel <joern at lazybastard.org>
Cc: David Woodhouse <dwmw2 at infradead.org>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 05c65923c9ca3052b110281099543bdd35d385af
Author: Sam Ravnborg <sam at uranus.ravnborg.org>
Date: Tue Mar 25 02:40:08 2008 +0000
kbuild: soften modpost checks when doing cross builds
upstream commit: 4ce6efed48d736e3384c39ff87bda723e1f8e041
The module alias support in the kernel have a consistency
check where it is checked that the size of a structure
in the kernel and on the build host are the same.
For cross builds this check does not make sense so detect
when we do cross builds and silently skip the check in these
situations.
This fixes a build bug for a wireless driver when cross building
for arm.
Acked-by: Michael Buesch <mb at bu3sch.de>
Tested-by: Gordon Farquharson <gordonfarquharson at gmail.com>
Signed-off-by: Sam Ravnborg <sam at ravnborg.org>
[chrisw at sous-sol.org: backport to 2.6.24.4]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 8512564b498417a1e6e9a4a228c20ffc667c3c0b
Author: Segher Boessenkool <segher at kernel.crashing.org>
Date: Tue Mar 4 14:59:54 2008 -0800
time: prevent the loop in timespec_add_ns() from being optimised away
upstream commit: 38332cb98772f5ea757e6486bed7ed0381cb5f98
Since some architectures don't support __udivdi3().
Signed-off-by: Segher Boessenkool <segher at kernel.crashing.org>
Cc: john stultz <johnstul at us.ibm.com>
Cc: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Cc: Sedat Dilek <sedat.dilek at googlemail.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 16c64cac7d9c6a503f49887219c4fe675e7d43d9
Author: Chris Wright <chrisw at sous-sol.org>
Date: Mon Mar 24 11:49:18 2008 -0700
Linux 2.6.24.4
commit 78d05881017eef1e9ea49571c52275dc2935e719
Author: Heiko Carstens <heiko.carstens at de.ibm.com>
Date: Thu Mar 20 17:33:38 2008 +0100
S390 futex: let futex_atomic_cmpxchg_pt survive early functional tests.
a0c1e9073ef7428a14309cba010633a6cd6719ea "futex: runtime enable pi and
robust functionality" introduces a test wether futex in atomic stuff
works or not.
It does that by writing to address 0 of the kernel address space. This
will crash on older machines where addressing mode switching is enabled
but where the mvcos instruction is not available. Page table walking is
done by hand and therefore the code tries to access current->mm which
is NULL.
Therefore add an extra check, so we survive the early test.
Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
Cc: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 0837aca7b42f1bc9cd8dc1cd4d10aa2aaddaf84d
Author: Joe Korty <joe.korty at ccur.com>
Date: Wed Mar 5 15:04:59 2008 -0800
slab: NUMA slab allocator migration bugfix
NUMA slab allocator cpu migration bugfix
The NUMA slab allocator (specifically, cache_alloc_refill)
is not refreshing its local copies of what cpu and what
numa node it is on, when it drops and reacquires the irq
block that it inherited from its caller. As a result
those values become invalid if an attempt to migrate the
process to another numa node occured while the irq block
had been dropped.
The solution is to make cache_alloc_refill reload these
variables whenever it drops and reacquires the irq block.
The error is very difficult to hit. When it does occur,
one gets the following oops + stack traceback bits in
check_spinlock_acquired:
kernel BUG at mm/slab.c:2417
cache_alloc_refill+0xe6
kmem_cache_alloc+0xd0
...
This patch was developed against 2.6.23, ported to and
compiled-tested only against 2.6.25-rc4.
Signed-off-by: Joe Korty <joe.korty at ccur.com>
Signed-off-by: Christoph Lameter <clameter at sgi.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit c0715b44c9330454e7f8a1b271f5f6e1ed849614
Author: Jens Axboe <jens.axboe at oracle.com>
Date: Mon Mar 17 09:04:59 2008 +0100
relay: fix subbuf_splice_actor() adding too many pages
If subbuf_pages was larger than the max number of pages the pipe
buffer will hold, subbuf_splice_actor() would happily go beyond
the array size.
Signed-off-by: Jens Axboe <jens.axboe at oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 981a64f60d0cb62846ae5a7d5cd27851dddfbed9
Author: Dave Young <hidave.darkstar at gmail.com>
Date: Thu Jan 31 18:33:10 2008 -0800
BLUETOOTH: Fix bugs in previous conn add/del workqueue changes.
Jens Axboe noticed that we were queueing &conn->work on both btaddconn
and keventd_wq.
Signed-off-by: Dave Young <hidave.darkstar at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 868145d87bd058f271921c69519d4e2311171d28
Author: Matthew Wilcox <matthew at wil.cx>
Date: Fri Mar 21 15:15:03 2008 +0000
SCSI advansys: Fix bug in AdvLoadMicrocode
commit: 951b62c11e86acf8c55d9828aa8c921575023c29
buf[i] can be up to 0xfd, so doubling it and assigning the result to an
unsigned char truncates the value. Just use an unsigned int instead;
it's only a temporary.
Signed-off-by: Matthew Wilcox <willy at linux.intel.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5d51c29a9ccf12c169c13d155a22b5e683280604
Author: Dan Williams <dan.j.williams at intel.com>
Date: Wed Mar 19 04:40:04 2008 +0000
async_tx: avoid the async xor_zero_sum path when src_cnt > device->max_xor
commit: 8d8002f642886ae256a3c5d70fe8aff4faf3631a
If the channel cannot perform the operation in one call to
->device_prep_dma_zero_sum, then fallback to the xor+page_is_zero path.
This only affects users with arrays larger than 16 devices on iop13xx or
32 devices on iop3xx.
Cc: <stable at kernel.org>
Cc: Neil Brown <neilb at suse.de>
Signed-off-by: Dan Williams <dan.j.williams at intel.com>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0db49fc729eee503836ea12745b55f7f802d2abb
Author: Quentin Barnes <qbarnes+linux at yahoo-inc.com>
Date: Thu Mar 20 02:45:07 2008 +0000
aio: bad AIO race in aio_complete() leads to process hang
commit: 6cb2a21049b8990df4576c5fce4d48d0206c22d5
My group ran into a AIO process hang on a 2.6.24 kernel with the process
sleeping indefinitely in io_getevents(2) waiting for the last wakeup to come
and it never would.
We ran the tests on x86_64 SMP. The hang only occurred on a Xeon box
("Clovertown") but not a Core2Duo ("Conroe"). On the Xeon, the L2 cache isn't
shared between all eight processors, but is L2 is shared between between all
two processors on the Core2Duo we use.
My analysis of the hang is if you go down to the second while-loop
in read_events(), what happens on processor #1:
1) add_wait_queue_exclusive() adds thread to ctx->wait
2) aio_read_evt() to check tail
3) if aio_read_evt() returned 0, call [io_]schedule() and sleep
In aio_complete() with processor #2:
A) info->tail = tail;
B) waitqueue_active(&ctx->wait)
C) if waitqueue_active() returned non-0, call wake_up()
The way the code is written, step 1 must be seen by all other processors
before processor 1 checks for pending events in step 2 (that were recorded by
step A) and step A by processor 2 must be seen by all other processors
(checked in step 2) before step B is done.
The race I believed I was seeing is that steps 1 and 2 were
effectively swapped due to the __list_add() being delayed by the L2
cache not shared by some of the other processors. Imagine:
proc 2: just before step A
proc 1, step 1: adds to ctx->wait, but is not visible by other processors yet
proc 1, step 2: checks tail and sees no pending events
proc 2, step A: updates tail
proc 1, step 3: calls [io_]schedule() and sleeps
proc 2, step B: checks ctx->wait, but sees no one waiting, skips wakeup
so proc 1 sleeps indefinitely
My patch adds a memory barrier between steps A and B. It ensures that the
update in step 1 gets seen on processor 2 before continuing. If processor 1
was just before step 1, the memory barrier makes sure that step A (update
tail) gets seen by the time processor 1 makes it to step 2 (check tail).
Before the patch our AIO process would hang virtually 100% of the time. After
the patch, we have yet to see the process ever hang.
Signed-off-by: Quentin Barnes <qbarnes+linux at yahoo-inc.com>
Reviewed-by: Zach Brown <zach.brown at oracle.com>
Cc: Benjamin LaHaise <bcrl at kvack.org>
Cc: <stable at kernel.org>
Cc: Nick Piggin <nickpiggin at yahoo.com.au>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
[ We should probably disallow that "if (waitqueue_active()) wake_up()"
coding pattern, because it's so often buggy wrt memory ordering ]
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d447e76ecaa4d4bb005eef4de5655a8418a4d60d
Author: Duane Griffin <duaneg at dghda.com>
Date: Thu Mar 20 02:45:06 2008 +0000
jbd: correctly unescape journal data blocks
commit: 439aeec639d7c57f3561054a6d315c40fd24bb74
Fix a long-standing typo (predating git) that will cause data corruption if a
journal data block needs unescaping. At the moment the wrong buffer head's
data is being unescaped.
To test this case mount a filesystem with data=journal, start creating and
deleting a bunch of files containing only JFS_MAGIC_NUMBER (0xc03b3998), then
pull the plug on the device. Without this patch the files will contain zeros
instead of the correct data after recovery.
Signed-off-by: Duane Griffin <duaneg at dghda.com>
Acked-by: Jan Kara <jack at suse.cz>
Cc: <linux-ext4 at vger.kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9ecfdfeaf6210f17b93f4130845a9349ab893196
Author: Duane Griffin <duaneg at dghda.com>
Date: Thu Mar 20 02:45:05 2008 +0000
jbd2: correctly unescape journal data blocks
commit: d00256766a0b4f1441931a7f569a13edf6c68200
Fix a long-standing typo (predating git) that will cause data corruption if a
journal data block needs unescaping. At the moment the wrong buffer head's
data is being unescaped.
To test this case mount a filesystem with data=journal, start creating and
deleting a bunch of files containing only JBD2_MAGIC_NUMBER (0xc03b3998), then
pull the plug on the device. Without this patch the files will contain zeros
instead of the correct data after recovery.
Signed-off-by: Duane Griffin <duaneg at dghda.com>
Acked-by: Jan Kara <jack at suse.cz>
Cc: <linux-ext4 at vger.kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 6eb36c282b77ba9f392e7bc332f7fda80c310db6
Author: Dave Young <hidave.darkstar at gmail.com>
Date: Thu Mar 20 02:45:04 2008 +0000
zisofs: fix readpage() outside i_size
commit: 08ca0db8aa2db4ddcf487d46d85dc8ffb22162cc
A read request outside i_size will be handled in do_generic_file_read(). So
we just return 0 to avoid getting -EIO as normal reading, let
do_generic_file_read do the rest.
At the same time we need unlock the page to avoid system stuck.
Fixes http://bugzilla.kernel.org/show_bug.cgi?id=10227
Signed-off-by: Dave Young <hidave.darkstar at gmail.com>
Acked-by: Jan Kara <jack at suse.cz>
Report-by: Christian Perle <chris at linuxinfotag.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 58392e3a38e2a7a3d4a8e70889be017346c94e90
Author: Eric Leblond <eric at inl.fr>
Date: Mon Mar 17 15:41:47 2008 +0100
NETFILTER: nfnetlink_log: fix computation of netlink skb size
Upstream commit 7000d38d:
This patch is similar to nfnetlink_queue fixes. It fixes the computation
of skb size by using NLMSG_SPACE instead of NLMSG_ALIGN.
Signed-off-by: Eric Leblond <eric at inl.fr>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c5251ae9027b9d2dcc413335bf834e896f769c30
Author: Eric Leblond <eric at inl.fr>
Date: Mon Mar 17 15:41:46 2008 +0100
NETFILTER: nfnetlink_queue: fix computation of allocated size for netlink skb
Upstream commit cabaa9bf:
Size of the netlink skb was wrongly computed because the formula was using
NLMSG_ALIGN instead of NLMSG_SPACE. NLMSG_ALIGN does not add the room for
netlink header as NLMSG_SPACE does. This was causing a failure of message
building in some cases.
On my test system, all messages for packets in range [8*k+41, 8*k+48] where k
is an integer were invalid and the corresponding packets were dropped.
Signed-off-by: Eric Leblond <eric at inl.fr>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 32b4faa2b264717b37114bdbf0f799ab9d8a850b
Author: Jan Engelhardt <jengelh at computergmbh.de>
Date: Mon Mar 17 15:41:44 2008 +0100
NETFILTER: xt_time: fix failure to match on Sundays
Upstream commit 4f4c9430:
xt_time_match() in net/netfilter/xt_time.c in kernel 2.6.24 never
matches on Sundays. On my host I have a rule like
iptables -A OUTPUT -m time --weekdays Sun -j REJECT
and it never matches. The problem is in localtime_2(), which uses
r->weekday = (4 + r->dse) % 7;
to map the epoch day onto a weekday in {0,...,6}. In particular this
gives 0 for Sundays. But 0 has to be wrong; a weekday of 0 can never
match. xt_time_match() has
if (!(info->weekdays_match & (1 << current_time.weekday)))
return false;
and when current_time.weekday = 0, the result of the & is always
zero, even when info->weekdays_match = XT_TIME_ALL_WEEKDAYS = 0xFE.
Signed-off-by: Jan Engelhardt <jengelh at computergmbh.de>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 38f469963d11172bf68ebcb8c056bf4145c40241
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Tue Mar 18 00:13:16 2008 +0100
sched_nr_migrate wrong mode bits
sched_nr_migrate has strange permission bits:
$ ls -l /proc/sys/kernel/sched_nr_migrate
--w----r-T 1 root root 0 2008-03-17 23:31 /proc/sys/kernel/sched_nr_migrate
The bug is an obvious decimal/octal confusion.
Fixed (collaterally) in Linus's tree by Peter Zijlstra with commit fa85ae241
"sched: rt time limit" (in 2.6.25-rc1).
Signed-off-by: Michal Schmidt <mschmidt at redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 7a2f56f3783496d860de6dfbce95154cc5adcabd
Author: J. Bruce Fields <bfields at citi.umich.edu>
Date: Fri Mar 14 19:37:11 2008 -0400
nfsd: fix oops on access from high-numbered ports
This bug was always here, but before my commit 6fa02839bf9412e18e77
("recheck for secure ports in fh_verify"), it could only be triggered by
failure of a kmalloc(). After that commit it could be triggered by a
client making a request from a non-reserved port for access to an export
marked "secure". (Exports are "secure" by default.)
The result is a struct svc_export with a reference count one too low,
resulting in likely oopses next time the export is accessed.
The reference counting here is not straightforward; a later patch will
clean up fh_verify().
Thanks to Lukas Hejtmanek for the bug report and followup.
Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
Cc: Lukas Hejtmanek <xhejtman at ics.muni.cz>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ccab3340fa6f495c1932fad84163e3fab40094e1
Author: Hiroshi Shimamoto <h-shimamoto at ct.jp.nec.com>
Date: Mon Mar 10 11:01:20 2008 -0700
sched: fix race in schedule()
Fix a hard to trigger crash seen in the -rt kernel that also affects
the vanilla scheduler.
There is a race condition between schedule() and some dequeue/enqueue
functions; rt_mutex_setprio(), __setscheduler() and sched_move_task().
When scheduling to idle, idle_balance() is called to pull tasks from
other busy processor. It might drop the rq lock. It means that those 3
functions encounter on_rq=0 and running=1. The current task should be
put when running.
Here is a possible scenario:
CPU0 CPU1
| schedule()
| ->deactivate_task()
| ->idle_balance()
| -->load_balance_newidle()
rt_mutex_setprio() |
| --->double_lock_balance()
*get lock *rel lock
* on_rq=0, ruuning=1 |
* sched_class is changed |
*rel lock *get lock
: |
:
->put_prev_task_rt()
->pick_next_task_fair()
=> panic
The current process of CPU1(P1) is scheduling. Deactivated P1, and the
scheduler looks for another process on other CPU's runqueue because CPU1
will be idle. idle_balance(), load_balance_newidle() and
double_lock_balance() are called and double_lock_balance() could drop
the rq lock. On the other hand, CPU0 is trying to boost the priority of
P1. The result of boosting only P1's prio and sched_class are changed to
RT. The sched entities of P1 and P1's group are never put. It makes
cfs_rq invalid, because the cfs_rq has curr and no leaf, but
pick_next_task_fair() is called, then the kernel panics.
Signed-off-by: Hiroshi Shimamoto <h-shimamoto at ct.jp.nec.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 282dac698e338351d3b9fb9db2739fe07e1c2ef9
Author: Krzysztof Oledzki <olel at ans.pl>
Date: Tue Mar 4 14:56:23 2008 -0800
SCSI: mpt fusion: don't oops if NumPhys==0
Don't oops if NumPhys==0, instead return -ENODEV.
This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=9909
Signed-off-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Acked-by: Eric Moore <Eric.Moore at lsi.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 94429518999e4e6b8f84807afa4bf089a63da0b4
Author: Boaz Harrosh <bharrosh at panasas.com>
Date: Thu Mar 6 02:10:13 2008 +0000
SCSI: gdth: fix to internal commands execution
commit: ee54cc6af95a7fa09da298493b853a9e64fa8abd
The recent patch named:
[SCSI] gdth: !use_sg cleanup and use of scsi accessors
has done a bad job in handling internal commands issued by gdth_execute().
Internal commands are issued with device gdth_cmd_str ready made directly
to the card, without any mapping or translations of scsi commands. So here
I added a gdth_cmd_str pointer to the gdth_cmndinfo private structure which
is then copied directly to host.
following this patch is a cleanup that removes the home cooked accessors
and reverts them to regular scsi_cmnd accessors. Since they are not used
anymore. After review maybe the 2 patches should be squashed together.
FIXME: There is still a problem with gdth_get_info(). as reported there
is a WARN_ON trigerd in dma_free_coherent() when doing:
$ cat /proc/sys/gdth/0
Signed-off-by: Boaz Harrosh <bharrosh at panasas.com>
Tested-by: Joerg Dorchain: <joerg at dorchain.net>
Tested-by: Stefan Priebe <s.priebe at allied-internet.ag>
Tested-by: Jon Chelton <jchelton at ffpglobal.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 14bbd0f8e4209f565c83b9e3df2fefbd77e0e961
Author: Boaz Harrosh <bharrosh at panasas.com>
Date: Thu Mar 6 02:10:15 2008 +0000
SCSI: gdth: bugfix for the at-exit problems
commit: b31ddd31c266c2ad1b708cad0d3d8e0aa7fa2737
gdth_exit would first remove all cards then stop the timer
and would not sync with the timer function. This caused a crash
in gdth_timer() when module was unloaded.
So del_timer_sync the timer before we delete the cards.
also the reboot notifier function would crash. So clean
that up and fix the crashes.
Signed-off-by: Boaz Harrosh <bharrosh at panasas.com>
Tested-by: Joerg Dorchain: <joerg at dorchain.net>
Tested-by: Stefan Priebe <s.priebe at allied-internet.ag>
Tested-by: Jon Chelton <jchelton at ffpglobal.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c0b53aa6d8f2298d6fbe3763ef164f0d8a13c71b
Author: Samuel Thibault <samuel.thibault at ens-lyon.org>
Date: Mon Mar 3 01:23:49 2008 +0000
Fix default compose table initialization
commit: 5ce2087ed0eb424e0889bdc9102727f65d2ecdde
Oddly enough, unsigned int c = '\300'; puts a "negative" value in c, not
0300... This fixes the default unicode compose table by using integers
instead of character constants.
Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Fold in upstream commit 10a7f3135ac4937a3dc8ed11614a2b70cbd44728 (Build
fix for drivers/s390/char/defkeymap.c) from Tony Breeds.
Commit 5ce2087ed0eb424e0889bdc9102727f65d2ecdde (Fix default compose
table initialization) left a trailing quote.
CC drivers/s390/char/defkeymap.o
drivers/s390/char/defkeymap.c:155: error: missing terminating ' character
drivers/s390/char/defkeymap.c:156: error: syntax error before ';' token
make[3]: *** [drivers/s390/char/defkeymap.o] Error 1
Fix that.
Signed-off-by: Tony Breeds <tony at bakeyournoodle.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a71fad255d2ab627ad9f16caf3681aaba84c2510
Author: H. Peter Anvin <hpa at zytor.com>
Date: Tue Mar 18 19:23:07 2008 -0400
x86: don't use P6_NOPs if compiling with CONFIG_X86_GENERIC
Commit: 959b3be64cab9160cd74532a49b89cdd918d38e9
x86: don't use P6_NOPs if compiling with CONFIG_X86_GENERIC
P6_NOPs are definitely not supported on some VIA CPUs, and possibly
(unverified) on AMD K7s. It is also the only thing that prevents a
686 kernel from running on Transmeta TM3x00/5x00 (Crusoe) series.
The performance benefit over generic NOPs is very small, so when
building for generic consumption, avoid using them.
Signed-off-by: H. Peter Anvin <hpa at zytor.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
[cebbert at redhat.com: backport take 2, with parens this time]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b9c98c2a4580b94021266bbf3f4a70b6ca030558
Author: Tony Battersby <tonyb at cybernetics.com>
Date: Wed Mar 5 10:23:26 2008 -0600
SCSI: fix BUG when sum(scatterlist) > bufflen
commit: 4d2de3a50ce19af2008a90636436a1bf5b3b697b
When sending a SCSI command to a tape drive via the SCSI Generic (sg)
driver, if the command has a data transfer length more than
scatter_elem_sz (32 KB default) and not a multiple of 512, then I either
hit BUG_ON(!valid_dma_direction(direction)) in dma_unmap_sg() or else
the command never completes (depending on the LLDD).
When constructing scatterlists, the sg driver rounds up the scatterlist
element sizes to be a multiple of 512. This can result in
sum(scatterlist lengths) > bufflen. In this case, scsi_req_map_sg()
incorrectly sets bio->bi_size to sum(scatterlist lengths) rather than to
bufflen. When the command completes, req_bio_endio() detects that
bio->bi_size != 0, and so it doesn't call bio_endio(). This causes the
command to be resubmitted, resulting in BUG_ON or the command never
completing.
This patch makes scsi_req_map_sg() set bio->bi_size to bufflen rather
than to sum(scatterlist lengths), which fixes the problem.
Signed-off-by: Tony Battersby <tonyb at cybernetics.com>
Acked-by: Mike Christie <michaelc at cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5475187c2752adcc6d789592b5f68c81c39e5a81
Author: Misha Zhilin <misha at epiphan.com>
Date: Wed Mar 5 00:50:27 2008 +0000
USB: ehci: handle large bulk URBs correctly (again)
commit: b5f7a0ec11694e60c99d682549dfaf8a03d7ad97
USB: ehci: Fixes completion for multi-qtd URB the short read case
When use of urb->status in the EHCI driver was reworked last August
(commit 14c04c0f88f228fee1f412be91d6edcb935c78aa), a bug was inserted
in the handling of early completion for bulk transactions that need
more than one qTD (e.g. more than 20KB in one URB).
This patch resolves that problem by ensuring that the early completion
status is preserved until the URB is handed back to its submitter,
instead of resetting it after each qTD.
Signed-off-by: Misha Zhilin <misha at epiphan.com>
Signed-off-by: David Brownell <dbrownell at users.sourceforge.net>
Acked-by: Alan Stern <stern at rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 1b52961e49f8b7293b52826c7e12a689d516fe18
Author: Sven Andersen <s.andersen at cryonet.de>
Date: Tue Mar 4 22:09:11 2008 +0100
USB: ftdi_sio - really enable EM1010PC
[upstream commit: 4ae897df]
Add EM1010PC to ftdi_sio.c
Signed-off-by: Sven Andersen <s.andersen at cryonet.de>
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 1ea057839fc9b6bc267e1da5d080c5c6ae6e75dd
Author: Kevin Vance <kvance at kvance.com>
Date: Wed Mar 5 00:50:26 2008 +0000
USB: ftdi_sio: Workaround for broken Matrix Orbital serial port
commit: 546d7eec389a3df3173b3131d92829c14e614601
Workaround for the FT232RL-based, Matrix Orbital VK204-25-USB serial port
added to the ftdi_sio driver.
The device has an invalid endpoint descriptor, which must be modified
before it can be used.
Signed-off-by: Kevin Vance <kvance at kvance.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
[chrisw at sous-sol.org: backport to 2.6.24.3 w/out ftdi_jtag_probe]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit e39ebfc41dcef0ec42a51342e8603045b1a626da
Author: Samuel Thibault <samuel.thibault at ens-lyon.org>
Date: Wed Mar 5 00:50:23 2008 +0000
VT notifier fix for VT switch
commit: 8182ec49a73729334f5a6c65a607ba7009ebd6d6
VT notifier callbacks need to be aware of console switches. This is already
partially done from console_callback(), but at that time fg_console, cursor
positions, etc. are not yet updated and hence screen readers fetch the old
values.
This adds an update notify after all of the values are updated in
redraw_screen(vc, 1).
Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d458a7c853ced17ff79a2a213f0c4e59e5715c1b
Author: Michael Halcrow <mhalcrow at us.ibm.com>
Date: Wed Mar 5 00:50:13 2008 +0000
eCryptfs: make ecryptfs_prepare_write decrypt the page
commit: e4465fdaeb3f7b5ef47f389d3eac76db79ff20d8
When the page is not up to date, ecryptfs_prepare_write() should be
acting much like ecryptfs_readpage(). This includes the painfully
obvious step of actually decrypting the page contents read from the
lower encrypted file.
Note that this patch resolves a bug in eCryptfs in 2.6.24 that one can
produce with these steps:
# mount -t ecryptfs /secret /secret
# echo "abc" > /secret/file.txt
# umount /secret
# mount -t ecryptfs /secret /secret
# echo "def" >> /secret/file.txt
# cat /secret/file.txt
Without this patch, the resulting data returned from cat is likely to
be something other than "abc\ndef\n".
(Thanks to Benedikt Driessen for reporting this.)
Signed-off-by: Michael Halcrow <mhalcrow at us.ibm.com>
Cc: Benedikt Driessen <bdriessen at escrypt.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f2336eeb199d3ed113e6d01c8020ea8919dd85c9
Author: Dan Williams <dan.j.williams at intel.com>
Date: Tue Mar 4 19:40:09 2008 +0000
ioat: fix 'ack' handling, driver must ensure that 'ack' is zero
commit: 6497dcffe07b7c3d863f9899280c4f6eae999161
Initialize 'ack' to zero in case the descriptor has been recycled.
Prevents "kernel BUG at crypto/async_tx/async_xor.c:185!"
Signed-off-by: Dan Williams <dan.j.williams at intel.com>
Acked-by: Shannon Nelson <shannon.nelson at intel.com>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 40f3601686b66ffa7c2cab2bbdff5ec0fc52aa43
Author: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Date: Mon Mar 3 16:51:48 2008 +0100
macb: Fix speed setting
commit: 179956f498bd8cc55fb803c4ee0cf18be59c8b01
Fix NCFGR.SPD setting on 10Mbps. This bug was introduced by
conversion to generic PHY layer in kernel 2.6.23.
Signed-off-by: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Signed-off-by: Haavard Skinnemoen <hskinnemoen at atmel.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a542b46db3536a4009b618609058a44edad9d22d
Author: Hiroshi Shimamoto <h-shimamoto at ct.jp.nec.com>
Date: Wed Jan 30 13:33:00 2008 +0100
x86: move out tick_nohz_stop_sched_tick() call from the loop
[upstream commit: 3d97775a]
Move out tick_nohz_stop_sched_tick() call from the loop in cpu_idle
same as 32-bit version.
Signed-off-by: Hiroshi Shimamoto <h-shimamoto at ct.jp.nec.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Cc: Ed Tomlinson <edt at aei.ca>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 495b375c8798fd9bd7d084bacad100d249a0ddf2
Author: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Date: Fri Feb 29 15:16:16 2008 +0100
atmel_spi: fix clock polarity
commit: f6febccd7f86fbe94858a4a32d9384cc014c9f40
The atmel_spi driver does not initialize clock polarity correctly (except for
at91rm9200 CS0 channel) in some case.
The atmel_spi driver uses gpio-controlled chipselect. OTOH spi clock signal
is controlled by CSRn.CPOL bit, but this register controls clock signal
correctly only in 'real transfer' duration. At the time of cs_activate()
call, CSRn.CPOL will be initialized correctly, but the controller do not know
which channel is to be used next, so clock signal will stay at the inactive
state of last transfer. If clock polarity of new transfer and last transfer
was differ, new transfer will start with wrong clock signal state.
For example, if you started SPI MODE 2 or 3 transfer after SPI MODE 0 or 1
transfer, the clock signal state at the assertion of chipselect will be low.
Of course this will violates SPI transfer.
This patch is short term solution for this problem. It makes all CSRn.CPOL
match for the transfer before activating chipselect. For longer term, the
best fix might be to let NPCS0 stay selected permanently in MR and overwrite
CSR0 with to the new slave's settings before asserting CS.
Signed-off-by: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Acked-by: Haavard Skinnemoen <hskinnemoen at atmel.com>
Cc: David Brownell <david-b at pacbell.net>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 061e98a971b62ce4ee25c6cbd88b46d9870d5d9f
Author: Michael Buesch <mb at bu3sch.de>
Date: Fri Feb 29 12:55:41 2008 +0100
b43: Backport bcm4311 fix
This is a backport of upstream commit 013978b6 ("b43: Changes to enable
BCM4311 rev 02 with wireless core revision 13") and the changes include
the following:
(1) Add the 802.11 rev 13 device to the ssb_device_id table to load b43.
(2) Add PHY revision 9 to the supported list.
(3) Change the 2-bit routing code for address extensions to 0b10 rather
than the 0b01 used for the 32-bit case.
(4) Remove some magic numbers in the DMA setup.
The DMA implementation for this chip supports full 64-bit addressing with
one exception. Whenever the Descriptor Ring Buffer is in high memory, a
fatal DMA error occurs. This problem was not present in 2.6.24-rc2 due
to code to "Bias the placement of kernel pages at lower PFNs". When
commit 44048d70 reverted that code, the DMA error appeared. As a "fix",
use the GFP_DMA flag when allocating the buffer for 64-bit DMA. At present,
this problem is thought to arise from a hardware error.
Signed-off-by: Michael Buesch <mb at bu3sch.de>
Cc: Larry Finger <Larry.Finger at lwfinger.net>
Cc: John W. Linville <linville at tuxdriver.com>
Cc: Alexey Zaytsev <alexey.zaytsev at gmail.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d5940b2fc01d028b1cffb271294667f81e6a819a
Author: Mike Pagano <mpagano at gentoo.org>
Date: Wed Feb 27 19:35:01 2008 -0500
arcmsr: fix IRQs disabled warning spew
As of 2.6.24, running the archttp passthrough daemon with the arcmsr
driver produces an endless spew of dma_free_coherent warnings:
WARNING: at arch/x86/kernel/pci-dma_64.c:169 dma_free_coherent()
It turns out that coherent memory is not needed, so commit 76d78300 by
Nick Cheng <nick.cheng at areca.com.tw> switched it to kmalloc (as well as
making a lot of other changes which have not been included here).
James Bottomley pointed out that the new kmalloc usage was also wrong,
I corrected this in commit 69e562c2.
This patch combines both of the above for the purpose of fixing 2.6.24.
details in http://bugs.gentoo.org/208493.
Signed-off-by: Daniel Drake <dsd at gentoo.org>
Cc: Nick Cheng <nick.cheng at areca.com.tw>
Cc: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 535d75274d992be482951967af0ec4d99c99fadc
Author: Auke Kok <auke-jan.h.kok at intel.com>
Date: Tue Feb 12 15:20:24 2008 -0800
e1000e: Fix CRC stripping in hardware context bug
CRC stripping was only correctly enabled for packet split recieves
which is used when receiving jumbo frames. Correctly enable SECRC
also for normal buffer packet receives.
Tested by Andy Gospodarek and Johan Andersson, see bugzilla #9940.
Signed-off-by: Auke Kok <auke-jan.h.kok at intel.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Cc: Mike Pagano <mike at mpagano.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b39bf4a535df7afb304cc3884b669210036cb960
Author: Ivan Kokshaysky <ink at jurassic.park.msu.ru>
Date: Mon Jan 14 17:31:09 2008 -0500
PCI x86: always use conf1 to access config space below 256 bytes
[upsteam commit: a0ca9909]
Thanks to Loic Prylli <loic at myri.com>, who originally proposed
this idea.
Always using legacy configuration mechanism for the legacy config space
and extended mechanism (mmconf) for the extended config space is
a simple and very logical approach. It's supposed to resolve all
known mmconf problems. It still allows per-device quirks (tweaking
dev->cfg_size). It also allows to get rid of mmconf fallback code.
This patch fixes a boot hang on Intel Q35 chipset as detailed at:
http://bugs.gentoo.org/198810
Signed-off-by: Ivan Kokshaysky <ink at jurassic.park.msu.ru>
Signed-off-by: Matthew Wilcox <willy at linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Mike Pagano <mpagano at gentoo.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d25532f4d8283edb7f844ae5a7770cbd51d05dc8
Author: Ivan Kokshaysky <ink at jurassic.park.msu.ru>
Date: Wed Feb 13 15:03:26 2008 -0800
moduleparam: fix alpha, ia64 and ppc64 compile failures
[upstream commit: 91d35dd9]
On alpha, ia64 and ppc64 only relocations to local data can go into
read-only sections. The vast majority of module parameters use the global
generic param_set_*/param_get_* functions, so the 'const' attribute for
struct kernel_param is not only useless, but it also causes compile
failures due to 'section type conflict' in those rare cases where
param_set/get are local functions.
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8964
Signed-off-by: Ivan Kokshaysky <ink at jurassic.park.msu.ru>
Cc: Richard Henderson <rth at twiddle.net>
Cc: Tony Luck <tony.luck at intel.com>
Cc: Anton Blanchard <anton at samba.org>
Cc: Paul Mackerras <paulus at samba.org>
Cc: Adrian Bunk <bunk at stusta.de>
Cc: Kamalesh Babulal <kamalesh at linux.vnet.ibm.com>
Cc: Rusty Russell <rusty at rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Mike Pagano <mpagano at gentoo.org>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9256d0b8cb13a854c0a29861ce37a252f7712568
Author: Alan Cox <alan at lxorguk.ukuu.org.uk>
Date: Tue Feb 26 13:35:54 2008 -0800
pata_hpt*, pata_serverworks: fix UDMA masking
[upstream commit: 6ddd6861]
When masking, mask out the modes that are unsupported not the ones
that are supported. This makes life happier.
Signed-off-by: Alan Cox <alan at redhat.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit db29706ff57deba8866fb4681a1a8b99bf59c805
Author: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
Date: Wed Feb 27 02:06:18 2008 +0900
SCSI advansys: fix overrun_buf aligned bug
commit 7d5d408c77cee95d1380511de46b7a4c8dc2211d
struct asc_dvc_var needs overrun buffer to be placed on an 8 byte
boundary. advansys defines struct asc_dvc_var:
struct asc_dvc_var {
...
uchar overrun_buf[ASC_OVERRUN_BSIZE] __aligned(8);
The problem is that struct asc_dvc_var is placed on
shost->hostdata. So if the hostdata is not on an 8 byte boundary, the
advansys crashes. The hostdata is placed on a sizeof(unsigned long)
boundary so the 8 byte boundary is not garanteed with x86_32.
With 2.6.23 and 2.6.24, the hostdata is on an 8 byte boundary by
chance, but with the current git, it's not.
This patch removes overrun_buf static array and use kzalloc.
Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
FUJITA Tomonori notes:
We thought that 2.6.24 doesn't have this bug, however it does.
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 3752f4024d617852b6d4758b9a7ac89a530cf98e
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Feb 25 15:01:04 2008 +0100
NETFILTER: fix ebtable targets return
Upstream commit 1b04ab459:
The function ebt_do_table doesn't take NF_DROP as a verdict from the targets.
Signed-off-by: Joonwoo Park <joonwpark81 at gmail.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit bc7869bf6e038edaccc9ad9e8ba9e300f96dddee
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Feb 25 15:01:02 2008 +0100
NETFILTER: Fix incorrect use of skb_make_writable
Upstream commit eb1197bc0:
http://bugzilla.kernel.org/show_bug.cgi?id=9920
The function skb_make_writable returns true or false.
Signed-off-by: Joonwoo Park <joonwpark81 at gmail.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ca02fcbe2193c3947466f5659fc7ac7b851ea20b
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Feb 25 15:01:01 2008 +0100
NETFILTER: nfnetlink_queue: fix SKB_LINEAR_ASSERT when mangling packet data
Upstream commit e2b58a67:
As reported by Tomas Simonaitis <tomas.simonaitis at gmail.com>, inserting new
data in skbs queued over {ip,ip6,nfnetlink}_queue triggers a SKB_LINEAR_ASSERT
in skb_put().
Going back through the git history, it seems this bug is present since at
least 2.6.12-rc2, probably even since the removal of skb_linearize() for
netfilter.
Linearize non-linear skbs through skb_copy_expand() when enlarging them.
Tested by Thomas, fixes bugzilla #9933.
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d8d644bcd0e46dc2a354ffce219a788630a0cdcc
Author: Ned Forrester <nforrester at whoi.edu>
Date: Sun Feb 24 02:10:06 2008 +0000
spi: pxa2xx_spi clock polarity fix
commit: b97c74bddce4e2c6fef6b3b58910b4fd9eb7f3b8
Fixes a sequencing bug in spi driver pxa2xx_spi.c in which the chip select
for a transfer may be asserted before the clock polarity is set on the
interface. As a result of this bug, the clock signal may have the wrong
polarity at transfer start, so it may need to make an extra half transition
before the intended clock/data signals begin. (This probably means all
transfers are one bit out of sequence.)
This only occurs on the first transfer following a change in clock polarity
in systems using more than one more than one such polarity. The fix
assures that the clock mode is properly set before asserting chip select.
This bug was introduced in a patch merged on 2006/12/10, kernel 2.6.20.
The patch defines an additional bit in: include/asm-arm/arch-pxa/regs-ssp.h
for 2.6.25 and newer kernels but this addition must be made in:
include/asm-arm/arch-pxa/pxa-regs.h for kernels between 2.6.20 and 2.6.24,
inclusive
Signed-off-by: Ned Forrester <nforrester at whoi.edu>
Signed-off-by: David Brownell <dbrownell at users.sourceforge.net>
Cc: Russell King <rmk at arm.linux.org.uk>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
[chrisw at sous-sol.org: backport to 2.6.24.3]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 55004de819a04430d92aaa5f6c39464862b57028
Author: Roel Kluin <12o3l at tiscali.nl>
Date: Sun Feb 24 02:10:08 2008 +0000
ufs: fix parenthesisation in ufs_set_fs_state()
commit: f81e8a43871f44f98dd14e83a83bf9ca0b3b46c5
This bug snuck in with
commit 252e211e90ce56bf005cb533ad5a297c18c19407
Author: Mark Fortescue <mark at mtfhpc.demon.co.uk>
Date: Tue Oct 16 23:26:31 2007 -0700
Add in SunOS 4.1.x compatible mode for UFS
Signed-off-by: Roel Kluin <12o3l at tiscali.nl>
Acked-by: Evgeniy Dushistov <dushistov at mail.ru>
Cc: Mark Fortescue <mark at mtfhpc.demon.co.uk>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 83e8acc059f9b3075de6b4386488f09abc9a4868
Author: Andy Whitcroft <apw at shadowen.org>
Date: Sun Feb 24 02:10:08 2008 +0000
hugetlb: ensure we do not reference a surplus page after handing it to buddy
commit: e5df70ab194543522397fa3da8c8f80564a0f7d3
When we free a page via free_huge_page and we detect that we are in surplus
the page will be returned to the buddy. After this we no longer own the page.
However at the end free_huge_page we clear out our mapping pointer from
page private. Even where the page is not a surplus we free the page to
the hugepage pool, drop the pool locks and then clear page private. In
either case the page may have been reallocated. BAD.
Make sure we clear out page private before we free the page.
Signed-off-by: Andy Whitcroft <apw at shadowen.org>
Acked-by: Adam Litke <agl at us.ibm.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 2628814b59f33d6a1aae535adc7ef44359aafe98
Author: Serge E. Hallyn <serue at us.ibm.com>
Date: Sun Feb 24 02:10:07 2008 +0000
file capabilities: simplify signal check
commit: 094972840f2e7c1c6fc9e1a97d817cc17085378e
Simplify the uid equivalence check in cap_task_kill(). Anyone can kill a
process owned by the same uid.
Without this patch wireshark is reported to fail.
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
Signed-off-by: Andrew G. Morgan <morgan at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f9e77acd4060fefbb60a351cdb8d30fca27fe194
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Sun Feb 24 02:10:05 2008 +0000
futex: runtime enable pi and robust functionality
commit: a0c1e9073ef7428a14309cba010633a6cd6719ea
Not all architectures implement futex_atomic_cmpxchg_inatomic(). The default
implementation returns -ENOSYS, which is currently not handled inside of the
futex guts.
Futex PI calls and robust list exits with a held futex result in an endless
loop in the futex code on architectures which have no support.
Fixing up every place where futex_atomic_cmpxchg_inatomic() is called would
add a fair amount of extra if/else constructs to the already complex code. It
is also not possible to disable the robust feature before user space tries to
register robust lists.
Compile time disabling is not a good idea either, as there are already
architectures with runtime detection of futex_atomic_cmpxchg_inatomic support.
Detect the functionality at runtime instead by calling
cmpxchg_futex_value_locked() with a NULL pointer from the futex initialization
code. This is guaranteed to fail, but the call of
futex_atomic_cmpxchg_inatomic() happens with pagefaults disabled.
On architectures, which use the asm-generic implementation or have a runtime
CPU feature detection, a -ENOSYS return value disables the PI/robust features.
On architectures with a working implementation the call returns -EFAULT and
the PI/robust features are enabled.
The relevant syscalls return -ENOSYS and the robust list exit code is blocked,
when the detection fails.
Fixes http://lkml.org/lkml/2008/2/11/149
Originally reported by: Lennart Buytenhek
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Acked-by: Ingo Molnar <mingo at elte.hu>
Cc: Lennert Buytenhek <buytenh at wantstofly.org>
Cc: Riku Voipio <riku.voipio at movial.fi>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c51d3bbd2c2256e2567984068bc0950b4ac73e49
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Sun Feb 24 02:10:06 2008 +0000
futex: fix init order
commit: 3e4ab747efa8e78562ec6782b08bbf21a00aba1b
When the futex init code fails to initialize the futex pseudo file system it
returns early without initializing the hash queues. Should the boot succeed
then a futex syscall which tries to enqueue a waiter on the hashqueue will
crash due to the unitilialized plist heads.
Initialize the hash queues before the filesystem.
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Acked-by: Ingo Molnar <mingo at elte.hu>
Cc: Lennert Buytenhek <buytenh at wantstofly.org>
Cc: Riku Voipio <riku.voipio at movial.fi>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit e08b12e87e90a96df9380e8b17424e939c9f3448
Author: Russell King <rmk+kernel at arm.linux.org.uk>
Date: Sun Feb 24 15:55:37 2008 +0100
ARM pxa: fix clock lookup to find specific device clocks
commit: a0dd005d1d9f4c3beab52086f3844ef9342d1e67
Ensure that the clock lookup always finds an entry for a specific
device and ID before it falls back to finding just by ID. This
fixes a problem reported by Holger Schurig where the BTUART was
assigned the wrong clock.
Tested-by: Holger Schurig <hs4233 at mail.mn-solutions.de>
Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
Uli Luckas notes:
The patch fixes the otherwise unusable bluetooth uart on pxa25x. The
patch is written by Russell King [1] who also gave his OK for
stable inclusion [2]. The patch is also available as commit
a0dd005d1d9f4c3beab52086f3844ef9342d1e67 to Linus' tree.
[1] http://marc.info/?l=linux-arm-kernel&m=120298366510315
[2] http://marc.info/?l=linux-arm-kernel&m=120384388411097
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 512ec490759a432367546adff16877e9dd9e5409
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Sat Feb 23 11:56:56 2008 -0500
x86: replace LOCK_PREFIX in futex.h
Commit: 9d55b9923a1b7ea8193b8875c57ec940dc2ff027
The exception fixup for the futex macros __futex_atomic_op1/2 and
futex_atomic_cmpxchg_inatomic() is missing an entry when the lock
prefix is replaced by a NOP via SMP alternatives.
Chuck Ebert tracked this down from the information provided in:
https://bugzilla.redhat.com/show_bug.cgi?id=429412
A possible solution would be to add another fixup after the
LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the
exception table, but it's not really worth the trouble.
Simply replace LOCK_PREFIX with lock and keep those untouched by SMP
alternatives.
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
[cebbert at redhat.com: backport to 2.6.24]
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 2d367bd043bee47750b26b2a5fbdf998cfa78fe5
Author: James Bottomley <James.Bottomley at HansenPartnership.com>
Date: Sat Feb 23 20:55:15 2008 +0000
SCSI aic94xx: fix REQ_TASK_ABORT and REQ_DEVICE_RESET
commit: cb84e2d2ff3b50c0da5a7604a6d8634294a00a01
This driver has been failing under heavy load with
aic94xx: escb_tasklet_complete: REQ_TASK_ABORT, reason=0x6
aic94xx: escb_tasklet_complete: Can't find task (tc=4) to abort!
The second message is because the driver fails to identify the task
it's being asked to abort. On closer inpection, there's a thinko in
the for each task loop over pending tasks in both the REQ_TASK_ABORT
and REQ_DEVICE_RESET cases where it doesn't look at the task on the
pending list but at the one on the ESCB (which is always NULL).
Fix by looking at the right task. Also add a print for the case where
the pending SCB doesn't have a task attached.
Not sure if this will fix all the problems, but it's a definite first
step.
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 461bab342d2601c5e032f85b27e66beafef66ff8
Author: James Bottomley <James.Bottomley at HansenPartnership.com>
Date: Sat Feb 23 20:55:14 2008 +0000
SCSI gdth: don't call pci_free_consistent under spinlock
commit: ff83efacf2b77a1fe8942db6613825a4b80ee5e2
The spinlock is held over too large a region: pscratch is a permanent
address (it's allocated at boot time and never changes). All you need
the smp lock for is mediating the scratch in use flag, so fix this by
moving the spinlock into the case where we set the pscratch_busy flag
to false.
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f59549d67e4d2f236a87f7d9d2e48dfe84d70f6b
Author: FUJITA Tomonori <tomof at acm.org>
Date: Sat Feb 23 20:55:12 2008 +0000
SCSI ips: fix data buffer accessors conversion bug
commit: 2b28a4721e068ac89bd5435472723a1bc44442fe
This fixes a bug that can't handle a passthru command with more than
two sg entries.
Big thanks to Tim Pepper for debugging the problem.
Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
Acked-by: Mark Salyzyn <Mark_Salyzyn at adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 90fbe8b1fa081a99616ccd7760f5877fcafa35ef
Author: Alan Stern <stern at rowland.harvard.edu>
Date: Fri Feb 22 17:03:25 2008 -0500
usb-storage: don't access beyond the end of the sg buffer
This patch (as1038) fixes a bug in usb_stor_access_xfer_buf() and
usb_stor_set_xfer_buf() (the bug was originally found by Boaz
Harrosh): The routine must not attempt to write beyond the end of a
scatter-gather list or beyond the number of bytes requested.
This is the minimal 2.6.24 equivalent to as1035 +
as1037 (7084191d53b224b953c8e1db525ea6c31aca5fc7 "USB:
usb-storage: don't access beyond the end of the sg buffer" +
6d512a80c26d87f8599057c86dc920fbfe0aa3aa "usb-storage: update earlier
scatter-gather bug fix"). Mark Glines has confirmed that it fixes
his problem.
Signed-off-by: Alan Stern <stern at rowland.harvard.edu>
Cc: Mark Glines <mark at glines.org>
Cc: Boaz Harrosh <bharrosh at panasas.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 759be208409db44bdc81bd28156c38e4f9501ecd
Author: Miklos Szeredi <mszeredi at suse.cz>
Date: Sat Feb 23 15:23:27 2008 -0800
fuse: fix permission checking
[upstream commit 1a823ac9ff09cbdf39201df37b7ede1f9395de83]
I added a nasty local variable shadowing bug to fuse in 2.6.24, with the
result, that the 'default_permissions' mount option is basically ignored.
How did this happen?
- old err declaration in inner scope
- new err getting declared in outer scope
- 'return err' from inner scope getting removed
- old declaration not being noticed
-Wshadow would have saved us, but it doesn't seem practical for
the kernel :(
More testing would have also saved us :((
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 7c0f76561fdc0a24ebfae4ee4112d62473eb3bdc
Author: Sebastian Siewior <sebastian at breakpoint.cc>
Date: Wed Mar 12 12:18:36 2008 +0800
CRYPTO xts: Use proper alignment
[ Upstream commit: 6212f2c7f70c591efb0d9f3d50ad29112392fee2 ]
The XTS blockmode uses a copy of the IV which is saved on the stack
and may or may not be properly aligned. If it is not, it will break
hardware cipher like the geode or padlock.
This patch encrypts the IV in place so we don't have to worry about
alignment.
Signed-off-by: Sebastian Siewior <sebastian at breakpoint.cc>
Tested-by: Stefan Hellermann <stefan at the2masters.de>
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0c7ac6f8e603b7e33c7ee268c30f2de59111951c
Author: Joy Latten <latten at austin.ibm.com>
Date: Wed Mar 12 12:17:45 2008 +0800
CRYPTO xcbc: Fix crash with IPsec
[ Upstream commit: 2f40a178e70030c4712fe63807c883f34c3645eb ]
When using aes-xcbc-mac for authentication in IPsec,
the kernel crashes. It seems this algorithm doesn't
account for the space IPsec may make in scatterlist for authtag.
Thus when crypto_xcbc_digest_update2() gets called,
nbytes may be less than sg[i].length.
Since nbytes is an unsigned number, it wraps
at the end of the loop allowing us to go back
into loop and causing crash in memcpy.
I used update function in digest.c to model this fix.
Please let me know if it looks ok.
Signed-off-by: Joy Latten <latten at austin.ibm.com>
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0ad5232c1ccba61437676cdb88d030b1c369dec7
Author: Jeff Garzik <jeff at garzik.org>
Date: Wed Mar 12 10:25:42 2008 +0900
SCSI ips: handle scsi_add_host() failure, and other err cleanups
commit 2551a13e61d3c3df6c2da6de5a3ece78e6d67111
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Acked-by: Mark Salyzyn <mark_salyzyn at adaptec.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
FUJITA Tomonori notes:
It didn't intend to fix a critical bug, however, it turned out that it
does. Without this patch, the ips driver in 2.6.23 and 2.6.24 doesn't
work at all. You can find the more details at the following thread:
http://marc.info/?t=120293911900023&r=1&w=2
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 41abba651b51394ae1119ac26bd1dd2e31bc2dc0
Author: Jan Beulich <jbeulich at novell.com>
Date: Tue Mar 11 11:30:25 2008 +0100
x86: adjust enable_NMI_through_LVT0()
commit e94271017f0933b29362a3c9dea5a6b9d04d98e1
Its previous use in a call to on_each_cpu() was pointless, as at the
time that code gets executed only one CPU is online. Further, the
function can be __cpuinit, and for this to work without
CONFIG_HOTPLUG_CPU setup_nmi() must also get an attribute (this one
can even be __init; on 64-bits check_timer() also was lacking that
attribute).
Signed-off-by: Jan Beulich <jbeulich at novell.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
[ tglx at linutronix.de: backport to 2.6.24.3]
Cc: Justin Piszcz <jpiszcz at lucidpixels.com>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c9ef5a43530e7dbec05c1dad59356f85516d2c0b
Author: James Bottomley <James.Bottomley at HansenPartnership.com>
Date: Tue Mar 11 01:50:07 2008 +0000
drivers: fix dma_get_required_mask
commit: e88a0c2ca81207a75afe5bbb8020541dabf606ac
Date: Sun, 9 Mar 2008 11:57:56 -0500
Subject: drivers: fix dma_get_required_mask
There's a bug in the current implementation of dma_get_required_mask()
where it ands the returned mask with the current device mask. This
rather defeats the purpose if you're using the call to determine what
your mask should be (since you will at that time have the default
DMA_32BIT_MASK). This bug results in any driver that uses this function
*always* getting a 32 bit mask, which is wrong.
Fix by removing the and with dev->dma_mask.
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b6845726368e5b7b086e6d6438c9380bf5b7bc1c
Author: Nick Piggin <npiggin at suse.de>
Date: Tue Mar 11 01:50:06 2008 +0000
iov_iter_advance() fix
commit: f7009264c519603b8ec67c881bd368a56703cfc9
iov_iter_advance() skips over zero-length iovecs, however it does not properly
terminate at the end of the iovec array. Fix this by checking against
i->count before we skip a zero-length iov.
The bug was reproduced with a test program that continually randomly creates
iovs to writev. The fix was also verified with the same program and also it
could verify that the correct data was contained in the file after each
writev.
Signed-off-by: Nick Piggin <npiggin at suse.de>
Tested-by: "Kevin Coffman" <kwc at citi.umich.edu>
Cc: "Alexey Dobriyan" <adobriyan at gmail.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit cc7571b226c93b032164ebb3ff3b365651c4652f
Author: Aurelien Jarno <aurelien at aurel32.net>
Date: Sat Mar 8 11:43:52 2008 +0100
x86: Clear DF before calling signal handler
x86: Clear DF before calling signal handler
The Linux kernel currently does not clear the direction flag before
calling a signal handler, whereas the x86/x86-64 ABI requires that.
This become a real problem with gcc version 4.3, which assumes that
the direction flag is correctly cleared at the entry of a function.
This patches changes the setup_frame() functions to clear the
direction before entering the signal handler.
This is a backport of patch e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
("x86: clear DF before calling signal handler") that has been applied
in 2.6.25-rc.
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b83b97b0e5185e2c9c80824e2dd880419c200c09
Author: Pete Zaitcev <zaitcev at redhat.com>
Date: Fri Mar 7 17:36:54 2008 +0100
ub: fix up the conversion to sg_init_table()
Signed-off-by: Pete Zaitcev <zaitcev at redhat.com>
Cc: "Oliver Pinter" <oliver.pntr at gmail.com>
Cc: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
Cc: Greg KH <greg at kroah.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a1843b4dedab81c769ccdce4ec9ed2fce6f6ad90
Author: Ralf Baechle <ralf at linux-mips.org>
Date: Fri Feb 8 04:22:02 2008 -0800
MIPS: Mark all but i8259 interrupts as no-probe.
Use set_irq_noprobe() to mark all MIPS interrupts as non-probe. Override that
default for i8259 interrupts.
Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
Acked-and-tested-by: Rob Landley <rob at landley.net>
Cc: Alan Cox <alan at lxorguk.ukuu.org.uk>
Cc: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 6224c2148e2d6df8d537f081e31381a18eee918e
Author: Ralf Baechle <ralf at linux-mips.org>
Date: Fri Feb 8 04:22:01 2008 -0800
IRQ_NOPROBE helper functions
Probing non-ISA interrupts using the handle_percpu_irq as their handle_irq
method may crash the system because handle_percpu_irq does not check
IRQ_WAITING. This for example hits the MIPS Qemu configuration.
This patch provides two helper functions set_irq_noprobe and set_irq_probe to
set rsp. clear the IRQ_NOPROBE flag. The only current caller is MIPS code
but this really belongs into generic code.
As an aside, interrupt probing these days has become a mostly obsolete if not
dangerous art. I think Linux interrupts should be changed to default to
non-probing but that's subject of this patch.
Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
Acked-and-tested-by: Rob Landley <rob at landley.net>
Cc: Alan Cox <alan at lxorguk.ukuu.org.uk>
Cc: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 11b47c8828d4cd1df21636719603784ec5e26067
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Wed Mar 5 20:07:37 2008 -0800
IPCOMP: Disable BH on output when using shared tfm
Upstream commit: 21e43188f272c7fd9efc84b8244c0b1dfccaa105
Because we use shared tfm objects in order to conserve memory,
(each tfm requires 128K of vmalloc memory), BH needs to be turned
off on output as that can occur in process context.
Previously this was done implicitly by the xfrm output code.
That was lost when it became lockless. So we need to add the
BH disabling to IPComp directly.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 5eb4efe242d2fbd36551f6016707ee280bb30f31
Author: Stephen Hemminger <shemminger at linux-foundation.org>
Date: Wed Mar 5 14:44:01 2008 -0800
IPCONFIG: The kernel gets no IP from some DHCP servers
Upstream commit: dea75bdfa57f75a7a7ec2961ec28db506c18e5db
From: Stephen Hemminger <shemminger at linux-foundation.org>
Based upon a patch by Marcel Wappler:
This patch fixes a DHCP issue of the kernel: some DHCP servers
(i.e. in the Linksys WRT54Gv5) are very strict about the contents
of the DHCPDISCOVER packet they receive from clients.
Table 5 in RFC2131 page 36 requests the fields 'ciaddr' and
'siaddr' MUST be set to '0'. These DHCP servers ignore Linux
kernel's DHCP discovery packets with these two fields set to
'255.255.255.255' (in contrast to popular DHCP clients, such as
'dhclient' or 'udhcpc'). This leads to a not booting system.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 44e77f1afc44a41375c4dc16d26459a3bbfddf61
Author: David S. Miller <davem at davemloft.net>
Date: Wed Mar 5 14:44:30 2008 -0800
IPV4: Remove IP_TOS setting privilege checks.
Upstream commit: e4f8b5d4edc1edb0709531bd1a342655d5e8b98e
Various RFCs have all sorts of things to say about the CS field of the
DSCP value. In particular they try to make the distinction between
values that should be used by "user applications" and things like
routing daemons.
This seems to have influenced the CAP_NET_ADMIN check which exists for
IP_TOS socket option settings, but in fact it has an off-by-one error
so it wasn't allowing CS5 which is meant for "user applications" as
well.
Further adding to the inconsistency and brokenness here, IPV6 does not
validate the DSCP values specified for the IPV6_TCLASS socket option.
The real actual uses of these TOS values are system specific in the
final analysis, and these RFC recommendations are just that, "a
recommendation". In fact the standards very purposefully use
"SHOULD" and "SHOULD NOT" when describing how these values can be
used.
In the final analysis the only clean way to provide consistency here
is to remove the CAP_NET_ADMIN check. The alternatives just don't
work out:
1) If we add the CAP_NET_ADMIN check to ipv6, this can break existing
setups.
2) If we just fix the off-by-one error in the class comparison in
IPV4, certain DSCP values can be used in IPV6 but not IPV4 by
default. So people will just ask for a sysctl asking to
override that.
I checked several other freely available kernel trees and they
do not make any privilege checks in this area like we do. For
the BSD stacks, this goes back all the way to Stevens Volume 2
and beyond.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit bb59adefa5eccfde1e7e174a8fb48fe45bc089f9
Author: Denis V. Lunev <den at openvz.org>
Date: Wed Mar 5 14:43:05 2008 -0800
IPV6: dst_entry leak in ip4ip6_err.
Upstream commit: 9937ded8e44de8865cba1509d24eea9d350cebf0
The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case
Signed-off-by: Denis V. Lunev <den at openvz.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit ba8fd2d277fcc06905a45380a2203c4bd9d8d025
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Wed Mar 5 14:46:35 2008 -0800
IPV6: Fix IPsec datagram fragmentation
Upstream commits: 28a89453b1e8de8d777ad96fa1eef27b5d1ce074
b5c15fc004ac83b7ad280acbe0fd4bbed7e2c8d4
This is a long-standing bug in the IPsec IPv6 code that breaks
when we emit a IPsec tunnel-mode datagram packet. The problem
is that the code the emits the packet assumes the IPv6 stack
will fragment it later, but the IPv6 stack assumes that whoever
is emitting the packet is going to pre-fragment the packet.
In the long term we need to fix both sides, e.g., to get the
datagram code to pre-fragment as well as to get the IPv6 stack
to fragment locally generated tunnel-mode packet.
For now this patch does the second part which should make it
work for the IPsec host case.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 430ff1d0b6e50d7665baf3d8dc1ef83d3295c9ad
Author: Matti Linnanvuori <mattilinnanvuori at yahoo.com>
Date: Wed Mar 5 14:42:41 2008 -0800
NET: Fix race in dev_close(). (Bug 9750)
Upstream commit: d8b2a4d21e0b37b9669b202867bfef19f68f786a
There is a race in Linux kernel file net/core/dev.c, function dev_close.
The function calls function dev_deactivate, which calls function
dev_watchdog_down that deletes the watchdog timer. However, after that, a
driver can call netif_carrier_ok, which calls function
__netdev_watchdog_up that can add the watchdog timer again. Function
unregister_netdevice calls function dev_shutdown that traps the bug
!timer_pending(&dev->watchdog_timer). Moving dev_deactivate after
netif_running() has been cleared prevents function netif_carrier_on
from calling __netdev_watchdog_up and adding the watchdog timer again.
Signed-off-by: Matti Linnanvuori <mattilinnanvuori at yahoo.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 53a8bf30f67d9a10e1b8e0adfed889d3a5694813
Author: Jorge Boncompte [DTI2] <jorge at dti2.net>
Date: Wed Mar 5 14:47:01 2008 -0800
NET: Messed multicast lists after dev_mc_sync/unsync
Upstream commit: 12aa343add3eced38a44bdb612b35fdf634d918c
Commit a0a400d79e3dd7843e7e81baa3ef2957bdc292d0 ("[NET]: dev_mcast:
add multicast list synchronization helpers") from you introduced a new
field "da_synced" to struct dev_addr_list that is not properly
initialized to 0. So when any of the current users (8021q, macvlan,
mac80211) calls dev_mc_sync/unsync they mess the address list for both
devices.
The attached patch fixed it for me and avoid future problems.
Signed-off-by: Jorge Boncompte [DTI2] <jorge at dti2.net>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 887b7b08e75ee7dae5da7924291cd90d4bcb5b40
Author: David S. Miller <davem at davemloft.net>
Date: Wed Mar 5 14:49:01 2008 -0800
NIU: Bump driver version and release date.
Upstream commit: a442585952f137bd4cdb1f2f3166e4157d383b82
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 6a9d3b1f4ec21b365f027d241bbfc871c4c91152
Author: Matheos Worku <matheos.worku at sun.com>
Date: Wed Mar 5 14:47:36 2008 -0800
NIU: Fix BMAC alternate MAC address indexing.
Upstream commit: 3b5bcedeeb755b6e813537fcf4c32f010b490aef
BMAC port alternate MAC address index needs to start at 1. Index 0 is
used for the main MAC address.
Signed-off-by: Matheos Worku <matheos.worku at sun.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 958346d4b18fa1474a706a535396e94a6eaf5fb4
Author: Matheos Worku <Matheos.Worku at Sun.COM>
Date: Wed Mar 5 14:48:37 2008 -0800
NIU: More BMAC alt MAC address fixes.
Upstream commit: fa907895b7b776208a1406efe5ba7ffe0f49f507
From: Matheos Worku <Matheos.Worku at Sun.COM>
1) niu_enable_alt_mac() needs to be adjusted so that the mask
is computed properly for the BMAC case.
2) BMAC has 6 alt MAC addresses available, not 7.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit beeb75e6ebc60fb4323f9ce5cfeffaea5ccffc36
Author: David S. Miller <davem at davemloft.net>
Date: Wed Mar 5 14:49:24 2008 -0800
TCP: Improve ipv4 established hash function.
Upstream commit: 7adc3830f90df04a13366914d80a3ed407db5381
If all of the entropy is in the local and foreign addresses,
but xor'ing together would cancel out that entropy, the
current hash performs poorly.
Suggested by Cosmin Ratiu:
Basically, the situation is as follows: There is a client
machine and a server machine. Both create 15000 virtual
interfaces, open up a socket for each pair of interfaces and
do SIP traffic. By profiling I noticed that there is a lot of
time spent walking the established hash chains with this
particular setup.
The addresses were distributed like this: client interfaces
were 198.18.0.1/16 with increments of 1 and server interfaces
were 198.18.128.1/16 with increments of 1. As I said, there
were 15000 interfaces. Source and destination ports were 5060
for each connection. So in this case, ports don't matter for
hashing purposes, and the bits from the address pairs used
cancel each other, meaning there are no differences in the
whole lot of pairs, so they all end up in the same hash chain.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 7564c2eb8926cc19fe06f8b0c6f9f08628c544da
Author: David S. Miller <davem at davemloft.net>
Date: Thu Mar 6 14:47:51 2008 -0800
SPARC: Fix link errors with gcc-4.3
Upstream commit: f0e98c387e61de00646be31fab4c2fa0224e1efb
Reported by Adrian Bunk.
Just like in changeset a3f9985843b674cbcb58f39fab8416675e7ab842
("[SPARC64]: Move kernel unaligned trap handlers into assembler
file.") we have to move the assembler bits into a seperate
asm file because as far as the compiler is concerned
these inline bits we're doing in unaligned.c are unreachable.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 68b498d251d97de9adda518fda42cfe1451063b7
Author: David S. Miller <davem at davemloft.net>
Date: Thu Mar 6 14:47:20 2008 -0800
SPARC64: Loosen checks in exception table handling.
Upstream commits: 622eaec613130e6ea78f2a5d5070e3278b21cd8f
be71716e464f4ea38f08034dc666f2feb55535d9
Some parts of the kernel now do things like do *_user() accesses while
set_fs(KERNEL_DS) that fault on purpose.
See, for example, the code added by changeset
a0c1e9073ef7428a14309cba010633a6cd6719ea ("futex: runtime enable pi
and robust functionality").
That trips up the ASI sanity checking we make in do_kernel_fault().
Just remove it for now. Maybe we can add it back later with an added
conditional which looks at the current get_fs() value.
Also, because of the new futex validation init handler, we have
to accept faults in init section text as well as the normal
kernel text.
Thanks to Tom Callaway for the bug report.
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 5c2699a0d511a78ae8692ab08f4a332a634b0d67
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Thu Mar 6 16:00:36 2008 -0800
Revert "NET: Add if_addrlabel.h to sanitized headers."
This reverts commit 5fb7ba76544d95bfa05199f7394a442de5660be7.
It was incorrectly added to the .24.y stable tree and causes build
breakages.
Cc: Stephen Hemminger <stephen.hemminger at vyatta.com>
Cc: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit 927684b414dae48568ab82939ea2f55a10188e94
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Mon Feb 25 16:20:20 2008 -0800
Linux 2.6.24.3
commit 7a0fd2e6b0190e5dd2bfe71a0b4f10826811418e
Author: Ingo Molnar <mingo at elte.hu>
Date: Fri Feb 15 20:59:33 2008 +0100
x86_64: CPA, fix cache attribute inconsistency bug
(no matching git id as the upstream code is rewritten)
fix CPA cache attribute bug in v2.6.24. When phys_base is nonzero (when
CONFIG_RELOCATABLE=y) then change_page_attr_addr() miscalculates the
secondary alias address by -14 MB (depending on the configured offset).
The default 64-bit kernels of Fedora and Ubuntu are affected:
$ grep RELOCA /boot/config-2.6.23.9-85.fc8
CONFIG_RELOCATABLE=y
$ grep RELOC /boot/config-2.6.22-14-generic
CONFIG_RELOCATABLE=y
and probably on many other distros as well.
the bug affects all pages in the first 40 MB of physical RAM that
are allocated by some subsystem that does ioremap_nocache() on them:
if (__pa(address) < KERNEL_TEXT_SIZE) {
Hence we might leave page table entries with inconsistent cache
attributes around (pages mapped at both UnCacheable and Write-Back),
and we can also set the wrong kernel text pages to UnCacheable.
the effects of this bug can be random slowdowns and other misbehavior.
If for example AGP allocates its aperture pages into the first 40 MB
of physical RAM, then the -14 MB bug might mark random kernel texto
pages as uncacheable, slowing down a random portion of the 64-bit
kernel until the AGP driver is unloaded.
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Acked-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f7e1b66a194e38f9fa41f8144aa34b782fb4f53a
Author: Jay Vosburgh <fubar at us.ibm.com>
Date: Fri Feb 15 10:00:41 2008 -0800
bonding: fix NULL pointer deref in startup processing
patch 4fe4763cd8cacd81d892193efb48b99c99c15323 in mainline.
Fix the "are we creating a duplicate" check to not compare
the name if the name is NULL (meaning that the system should select
a name). Bug reported by Benny Amorsen <benny+usenet at amorsen.dk>.
Signed-off-by: Jay Vosburgh <fubar at us.ibm.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a3b89e6d7396b874b8e7ec25378bb479418ef2d5
Author: Olaf Hering <olaf at aepfle.de>
Date: Thu Feb 21 19:41:44 2008 -0500
POWERPC: Revert chrp_pci_fixup_vt8231_ata devinit to fix libata on pegasos
Commit: 092ca5bd61da6344f3b249754b337f2d48dfe08d
[POWERPC] Revert chrp_pci_fixup_vt8231_ata devinit to fix libata on pegasos
Commit 6d98bda79bea0e1be26c0767d0e9923ad3b72f2e changed the init order
for chrp_pci_fixup_vt8231_ata().
It can not work anymore because either the irq is not yet set to 14 or
pci_get_device() returns nothing. At least the printk() in
chrp_pci_fixup_vt8231_ata() does not trigger anymore.
pata_via works again on Pegasos with the change below.
Signed-off-by: Olaf Hering <olaf at aepfle.de>
Signed-off-by: Paul Mackerras <paulus at samba.org>
Cc: Chuck Ebbert <cebbert at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 80e9255328f9f1c2a6aa7422be1f0a87a4a9cb7b
Author: Chuck Ebbert <cebbert at redhat.com>
Date: Thu Feb 21 19:33:00 2008 -0500
PCMCIA: Fix station address detection in smc
Commit: a1a98b72dbd17e53cd92b8e78f404525ebcfd981
Fix station address detection in smc
Megahertz EM1144 PCMCIA ethernet adapter needs special handling
because it has two VERS_1 tuples and the station address is in
the second one. Conversion to generic handling of these fields
broke it. Reverting that fixes the device.
https://bugzilla.redhat.com/show_bug.cgi?id=233255
Thanks go to Jon Stanley for not giving up on this one until the
problem was found.
Signed-off-by: Chuck Ebbert <cebbert at redhat.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 4cf87f7ef5c892c0a3d21a14724fcae1bb9ec8d6
Author: Boaz Harrosh <bharrosh at panasas.com>
Date: Thu Feb 14 21:15:08 2008 +0000
SCSI: gdth: scan for scsi devices
commit: 61c92814dc324b541391757062ff02fbf3b08086
The patch: "gdth: switch to modern scsi host registration"
missed one simple fact when moving a way from scsi_module.c.
That is to call scsi_scan_host() on the probed host.
With this the gdth driver from 2.6.24 is again able to
see drives and boot.
Signed-off-by: Boaz Harrosh <bharrosh at panasas.com>
Tested-by: Joerg Dorchain <joerg at dorchain.net>
Tested-by: Stefan Priebe <s.priebe at allied-internet.ag>
Tested-by: Jon Chelton <jchelton at ffpglobal.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 8b0ccb03f068cf8561efd51e88cbdf3f345163b9
Author: Oliver Neukum <oliver at neukum.org>
Date: Fri Feb 22 00:35:05 2008 +0000
USB: fix pm counter leak in usblp
commit 1902869019918411c148c18cc3a22aade569ac9a upstream
if you fail in open() you must decrement the pm counter again.
Signed-off-by: Oliver Neukum <oneukum at suse.de>
Signed-off-by: Pete Zaitcev <zaitcev at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 365b073075ef23cfdd8ba68720e7de3b4dbe4f1b
Author: Heiko Carstens <heiko.carstens at de.ibm.com>
Date: Tue Feb 19 17:20:11 2008 +0000
S390: Fix futex_atomic_cmpxchg_std inline assembly.
commit: d5b02b3ff1d9a2e1074f559c84ed378cfa6fc3c0 upstream
Add missing exception table entry so that the kernel can handle
proctection exceptions as well on the cs instruction. Currently only
specification exceptions are handled correctly.
The missing entry allows user space to crash the kernel.
Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0466e6b39901c5af878300cf43485ae581b252cb
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Wed Feb 20 00:29:02 2008 +0100
genirq: do not leave interupts enabled on free_irq
commit 89d694b9dbe769ca1004e01db0ca43964806a611
The default_disable() function was changed in commit:
76d2160147f43f982dfe881404cfde9fd0a9da21
genirq: do not mask interrupts by default
It removed the mask function in favour of the default delayed
interrupt disabling. Unfortunately this also broke the shutdown in
free_irq() when the last handler is removed from the interrupt for
those architectures which rely on the default implementations. Now we
can end up with a enabled interrupt line after the last handler was
removed, which can result in spurious interrupts.
Fix this by adding a default_shutdown function, which is only
installed, when the irqchip implementation does provide neither a
shutdown nor a disable function.
Pointed-out-by: Michael Hennerich <Michael.Hennerich at analog.com>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Acked-by: Ingo Molnar <mingo at elte.hu>
Tested-by: Michael Hennerich <Michael.Hennerich at analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 4813a83f2665f7276f1e4eee9cffe45116cf3824
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Wed Feb 20 01:04:56 2008 +0100
hrtimer: catch expired CLOCK_REALTIME timers early
commit 63070a79ba482c274bad10ac8c4b587a3e011f2c
A CLOCK_REALTIME timer, which has an absolute expiry time less than
the clock realtime offset calls with a negative delta into the clock
events code and triggers the WARN_ON() there.
This is a false positive and needs to be prevented. Check the result
of timer->expires - timer->base->offset right away and return -ETIME
right away.
Thanks to Frans Pop, who reported the problem and tested the fixes.
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Tested-by: Frans Pop <elendil at planet.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 85d1617924607c1311962546bb55367b9edb4ca6
Author: Thomas Gleixner <tglx at linutronix.de>
Date: Wed Feb 20 01:03:00 2008 +0100
hrtimer: check relative timeouts for overflow
commit: 5a7780e725d1bb4c3094fcc12f1c5c5faea1e988
Various user space callers ask for relative timeouts. While we fixed
that overflow issue in hrtimer_start(), the sites which convert
relative user space values to absolute timeouts themself were uncovered.
Instead of putting overflow checks into each place add a function
which does the sanity checking and convert all affected callers to use
it.
Thanks to Frans Pop, who reported the problem and tested the fixes.
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Acked-by: Ingo Molnar <mingo at elte.hu>
Tested-by: Frans Pop <elendil at planet.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 227db665f6f946d376d48785b08d2b0cd1f21aad
Author: Christoph Lameter <clameter at sgi.com>
Date: Thu Feb 7 17:47:41 2008 -0800
SLUB: Deal with annoying gcc warning on kfree()
patch 5bb983b0cce9b7b281af15730f7019116dd42568 in mainline.
gcc 4.2 spits out an annoying warning if one casts a const void *
pointer to a void * pointer. No warning is generated if the
conversion is done through an assignment.
Signed-off-by: Christoph Lameter <clameter at sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5214a170d6c2f1ff99c0aa9b8ed4be56d55f4ee4
Author: Oleg Nesterov <oleg at tv-sign.ru>
Date: Wed Feb 20 00:48:53 2008 +0100
hrtimer: fix *rmtp/restarts handling in compat_sys_nanosleep()
commit 416529374b4793ba2d2e97e736d108a2e0f3ef07
Spotted by Pavel Emelyanov and Alexey Dobriyan.
compat_sys_nanosleep() implicitly uses hrtimer_nanosleep_restart(), this can't
work. Make a suitable compat_nanosleep_restart() helper.
Introduced by commit c70878b4e0b6cf8d2f1e46319e48e821ef4a8aba
hrtimer: hook compat_sys_nanosleep up to high res timer code
Also, set ->addr_limit = KERNEL_DS before doing hrtimer_nanosleep(), this func
was changed by the previous patch and now takes the "__user *" parameter.
Thanks to Ingo Molnar for fixing the bug in this patch.
Signed-off-by: Oleg Nesterov <oleg at tv-sign.ru>
Cc: Andrew Morton <akpm at linux-foundation.org>
Cc: Alexey Dobriyan <adobriyan at sw.ru>
Cc: Pavel Emelyanov <xemul at sw.ru>
Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
Cc: Toyo Abe <toyoa at mvista.com>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ab23ae27f48ee940397f7e9bc21c4d3e4eb8391e
Author: Oleg Nesterov <oleg at tv-sign.ru>
Date: Wed Feb 20 00:48:06 2008 +0100
hrtimer: fix *rmtp handling in hrtimer_nanosleep()
commit 080344b98805553f9b01de0f59a41b1533036d8d
Spotted by Pavel Emelyanov and Alexey Dobriyan.
hrtimer_nanosleep() sets restart_block->arg1 = rmtp, but this rmtp points to
the local variable which lives in the caller's stack frame. This means that
if sys_restart_syscall() actually happens and it is interrupted as well, we
don't update the user-space variable, but write into the already dead stack
frame.
Introduced by commit 04c227140fed77587432667a574b14736a06dd7f
hrtimer: Rework hrtimer_nanosleep to make sys_compat_nanosleep easier
Change the callers to pass "__user *rmtp" to hrtimer_nanosleep(), and change
hrtimer_nanosleep() to use copy_to_user() to actually update *rmtp.
Small problem remains. man 2 nanosleep states that *rtmp should be written if
nanosleep() was interrupted (it says nothing whether it is OK to update *rmtp
if nanosleep returns 0), but (with or without this patch) we can dirty *rem
even if nanosleep() returns 0.
NOTE: this patch doesn't change compat_sys_nanosleep(), because it has other
bugs. Fixed by the next patch.
Signed-off-by: Oleg Nesterov <oleg at tv-sign.ru>
Cc: Alexey Dobriyan <adobriyan at sw.ru>
Cc: Michael Kerrisk <mtk.manpages at googlemail.com>
Cc: Pavel Emelyanov <xemul at sw.ru>
Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
Cc: Toyo Abe <toyoa at mvista.com>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5ef76ae0cc433e1e5927e964ad3320842ee94106
Author: Benjamin Herrenschmidt <benh at kernel.crashing.org>
Date: Thu Feb 7 14:29:43 2008 +1100
Disable G5 NAP mode during SMU commands on U3
patch 592a607bbc053bc6f614a0e619326009f4b3829e in mainline.
It appears that with the U3 northbridge, if the processor is in NAP
mode the whole time while waiting for an SMU command to complete,
then the SMU will fail. It could be related to the weird backward
mechanism the SMU uses to get to system memory via i2c to the
northbridge that doesn't operate properly when the said bridge is
in napping along with the CPU. That is on U3 at least, U4 doesn't
seem to be affected.
This didn't show before NO_HZ as the timer wakeup was enough to make
it work it seems, but that is no longer the case.
This fixes it by disabling NAP mode on those machines while
an SMU command is in flight.
Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus at samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 58e6cf1df821c76f245a45da05f4ac8f880e3296
Author: Jonathan Corbet <corbet at lwn.net>
Date: Mon Feb 11 16:17:33 2008 -0700
Be more robust about bad arguments in get_user_pages()
patch 900cf086fd2fbad07f72f4575449e0d0958f860f in mainline.
So I spent a while pounding my head against my monitor trying to figure
out the vmsplice() vulnerability - how could a failure to check for
*read* access turn into a root exploit? It turns out that it's a buffer
overflow problem which is made easy by the way get_user_pages() is
coded.
In particular, "len" is a signed int, and it is only checked at the
*end* of a do {} while() loop. So, if it is passed in as zero, the loop
will execute once and decrement len to -1. At that point, the loop will
proceed until the next invalid address is found; in the process, it will
likely overflow the pages array passed in to get_user_pages().
I think that, if get_user_pages() has been asked to grab zero pages,
that's what it should do. Thus this patch; it is, among other things,
enough to block the (already fixed) root exploit and any others which
might be lurking in similar code. I also think that the number of pages
should be unsigned, but changing the prototype of this function probably
requires some more careful review.
Signed-off-by: Jonathan Corbet <corbet at lwn.net>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5e10c4208a7b87b4bc0e42622109a6d9e8453419
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Fri Feb 15 01:32:40 2008 -0800
AUDIT: Increase skb->truesize in audit_expand
Upstream commit: 406a1d868001423c85a3165288e566e65f424fe6
The recent UDP patch exposed this bug in the audit code. It
was calling pskb_expand_head without increasing skb->truesize.
The caller of pskb_expand_head needs to do so because that function
is designed to be called in places where truesize is already fixed
and therefore it doesn't update its value.
Because the audit system is using it in a place where the truesize
has not yet been fixed, it needs to update its value manually.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Acked-by: James Morris <jmorris at namei.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 47b66fe95afa8400cefaea06263ab8948d8465ba
Author: Dave Young <hidave.darkstar at gmail.com>
Date: Fri Feb 15 01:34:03 2008 -0800
BLUETOOTH: Add conn add/del workqueues to avoid connection fail.
Upstream commit: b6c0632105f7d7548f1d642ba830088478d4f2b0
The bluetooth hci_conn sysfs add/del executed in the default
workqueue. If the del_conn is executed after the new add_conn with
same target, add_conn will failed with warning of "same kobject name".
Here add btaddconn & btdelconn workqueues, flush the btdelconn
workqueue in the add_conn function to avoid the issue.
Signed-off-by: Dave Young <hidave.darkstar at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 8f08540f032d07a7fb8f7576140ca426c55396f3
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Fri Feb 15 01:55:06 2008 -0800
INET: Prevent out-of-sync truesize on ip_fragment slow path
Upstream commit: 29ffe1a5c52dae13b6efead97aab9b058f38fce4
When ip_fragment has to hit the slow path the value of skb->truesize
may go out of sync because we would have updated it without changing
the packet length. This violates the constraints on truesize.
This patch postpones the update of skb->truesize to prevent this.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 4450ae03346faceb80a45b4d696c15f981080916
Author: Arnaldo Carvalho de Melo <acme at redhat.com>
Date: Fri Feb 15 01:41:34 2008 -0800
INET_DIAG: Fix inet_diag_lock_handler error path.
Upstream commit: 8cf8e5a67fb07f583aac94482ba51a7930dab493
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825
The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.
This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.
Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.
This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.
Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.
This bug was introduced in cset
d523a328fb0271e1a763e985a21f2488fd816e7e ("Fix inet_diag dead-lock
regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected.
Signed-off-by: Arnaldo Carvalho de Melo <acme at redhat.com>
Acked-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 363c11d7e1c2b2cc30e33416a518cea5ef9e0cc8
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Fri Feb 15 01:44:03 2008 -0800
IPCOMP: Fetch nexthdr before ipch is destroyed
Upstream commit: 2614fa59fa805cd488083c5602eb48533cdbc018
When I moved the nexthdr setting out of IPComp I accidently moved
the reading of ipch->nexthdr after the decompression. Unfortunately
this means that we'd be reading from a stale ipch pointer which
doesn't work very well.
This patch moves the reading up so that we get the correct nexthdr
value.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit cefe34bea77e194fd6b6a7a062e1620af2eef69f
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Fri Feb 15 01:42:57 2008 -0800
IPCOMP: Fix reception of incompressible packets
Upstream commit: b1641064a3f4a58644bc2e8edf40c025c58473b4
I made a silly typo by entering IPPROTO_IP (== 0) instead of
IPPROTO_IPIP (== 4). This broke the reception of incompressible
packets.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f52a4f4ea2c5ea3dc17561d32d839a3051e47b0c
Author: Julian Anastasov <ja at ssi.bg>
Date: Fri Feb 15 01:38:53 2008 -0800
IPV4: fib: fix route replacement, fib_info is shared
Upstream commit: c18865f39276435abb9286f9a816cb5b66c99a00
fib_info can be shared by many route prefixes but we don't want
duplicate alternative routes for a prefix+tos+priority. Last change
was not correct to check fib_treeref because it accounts usage from
other prefixes. Additionally, avoid replacement without error if new
route is same, as Joonwoo Park suggests.
Signed-off-by: Julian Anastasov <ja at ssi.bg>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 3eb4493a1c64bb9c63979f73d471eba255cfa78c
Author: Julian Anastasov <ja at ssi.bg>
Date: Fri Feb 15 01:39:42 2008 -0800
IPV4: fib_trie: apply fixes from fib_hash
Upstream commit: 936f6f8e1bc46834bbb3e3fa3ac13ab44f1e7ba6
Update fib_trie with some fib_hash fixes:
- check for duplicate alternative routes for prefix+tos+priority when
replacing route
- properly insert by matching tos together with priority
- fix alias walking to use list_for_each_entry_continue for insertion
and deletion when fa_head is not NULL
- copy state from fa to new_fa on replace (not a problem for now)
- additionally, avoid replacement without error if new route is same,
as Joonwoo Park suggests.
Signed-off-by: Julian Anastasov <ja at ssi.bg>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5fb7ba76544d95bfa05199f7394a442de5660be7
Author: Stephen Hemminger <stephen.hemminger at vyatta.com>
Date: Fri Feb 15 01:31:32 2008 -0800
NET: Add if_addrlabel.h to sanitized headers.
Upstream commit: dded91611a728d65721cdab3dd41d801a356fa15
if_addrlabel.h is needed for iproute2 usage.
Signed-off-by: Stephen Hemminger <stephen.hemminger at vyatta.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit e2a0956c9d1c9eebd51849c58fcbc7477c618a19
Author: Stephen Hemminger <shemminger at vyatta.com>
Date: Fri Feb 15 01:36:36 2008 -0800
PKT_SCHED: ematch: oops from uninitialized variable (resend)
Upstream commit: 268bcca1e7b0d244afd07ea89cda672e61b0fc4a
Setting up a meta match causes a kernel OOPS because of uninitialized
elements in tree.
[ 37.322381] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 37.322381] IP: [<ffffffff883fc717>] :em_meta:em_meta_destroy+0x17/0x80
[ 37.322381] Call Trace:
[ 37.322381] [<ffffffff803ec83d>] tcf_em_tree_destroy+0x2d/0xa0
[ 37.322381] [<ffffffff803ecc8c>] tcf_em_tree_validate+0x2dc/0x4a0
[ 37.322381] [<ffffffff803f06d2>] nla_parse+0x92/0xe0
[ 37.322381] [<ffffffff883f9672>] :cls_basic:basic_change+0x202/0x3c0
[ 37.322381] [<ffffffff802a3917>] kmem_cache_alloc+0x67/0xa0
[ 37.322381] [<ffffffff803ea221>] tc_ctl_tfilter+0x3b1/0x580
[ 37.322381] [<ffffffff803dffd0>] rtnetlink_rcv_msg+0x0/0x260
[ 37.322381] [<ffffffff803ee944>] netlink_rcv_skb+0x74/0xa0
[ 37.322381] [<ffffffff803dffc8>] rtnetlink_rcv+0x18/0x20
[ 37.322381] [<ffffffff803ee6c3>] netlink_unicast+0x263/0x290
[ 37.322381] [<ffffffff803cf276>] __alloc_skb+0x96/0x160
[ 37.322381] [<ffffffff803ef014>] netlink_sendmsg+0x274/0x340
[ 37.322381] [<ffffffff803c7c3b>] sock_sendmsg+0x12b/0x140
[ 37.322381] [<ffffffff8024de90>] autoremove_wake_function+0x0/0x30
[ 37.322381] [<ffffffff8024de90>] autoremove_wake_function+0x0/0x30
[ 37.322381] [<ffffffff803c7c3b>] sock_sendmsg+0x12b/0x140
[ 37.322381] [<ffffffff80288611>] zone_statistics+0xb1/0xc0
[ 37.322381] [<ffffffff803c7e5e>] sys_sendmsg+0x20e/0x360
[ 37.322381] [<ffffffff803c7411>] sockfd_lookup_light+0x41/0x80
[ 37.322381] [<ffffffff8028d04b>] handle_mm_fault+0x3eb/0x7f0
[ 37.322381] [<ffffffff8020c2fb>] system_call_after_swapgs+0x7b/0x80
Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 07e6e223bed8c3d387f92f92a4706ff6d601b285
Author: Paul Moore <paul.moore at hp.com>
Date: Fri Feb 15 01:46:10 2008 -0800
SELinux: Fix double free in selinux_netlbl_sock_setsid()
Upstream commit: e1770d97a730ff4c3aa1775d98f4d0558390607f
As pointed out by Adrian Bunk, commit
45c950e0f839fded922ebc0bfd59b1081cc71b70 ("fix memory leak in netlabel
code") caused a double-free when security_netlbl_sid_to_secattr()
fails. This patch fixes this by removing the netlbl_secattr_destroy()
call from that function since we are already releasing the secattr
memory in selinux_netlbl_sock_setsid().
Signed-off-by: Paul Moore <paul.moore at hp.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 79a25f70244c66402c99d9b32d19204dfded85d0
Author: Stephen Hemminger <shemminger at vyatta.com>
Date: Fri Feb 15 01:37:49 2008 -0800
TC: oops in em_meta
Upstream commit: 04f217aca4d803fe72c2c54fe460d68f5233ce52
If userspace passes a unknown match index into em_meta, then
em_meta_change will return an error and the data for the match will
not be set. This then causes an null pointer dereference when the
cleanup is done in the error path via tcf_em_tree_destroy. Since the
tree structure comes kzalloc, it is initialized to NULL.
Discovered when testing a new version of tc command against an
accidental older kernel.
Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5531e217653acba748a687e949e9e2f39462c969
Author: Shan Wei <shanwei at cn.fujitsu.com>
Date: Fri Feb 15 01:48:20 2008 -0800
TCP: Fix a bug in strategy_allowed_congestion_control
Upstream commit: 16ca3f913001efdb6171a2781ef41c77474e3895
In strategy_allowed_congestion_control of the 2.6.24 kernel, when
sysctl_string return 1 on success,it should call
tcp_set_allowed_congestion_control to set the allowed congestion
control.But, it don't. the sysctl_string return 1 on success,
otherwise return negative, never return 0.The patch fix the problem.
Signed-off-by: Shan Wei <shanwei at cn.fujitsu.com>
Acked-by: Stephen Hemminger <shemminger at vyatta.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c5ae77d37bde1e9b2db48026f6a483a7fd08c076
Author: James Bottomley <James.Bottomley at HansenPartnership.com>
Date: Sat Feb 2 16:06:23 2008 -0600
SCSI: sd: handle bad lba in sense information
patch 366c246de9cec909c5eba4f784c92d1e75b4dc38 in mainline.
Some devices report medium error locations incorrectly. Add guards to
make sure the reported bad lba is actually in the request that caused
it. Additionally remove the large case statment for sector sizes and
replace it with the proper u64 divisions.
Tested-by: Mike Snitzer <snitzer at gmail.com>
Cc: Stable Tree <stable at kernel.org>
Cc: Tony Battersby <tonyb at cybernetics.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0a2395cc34d5d170a6597c41435de9199f187437
Author: Al Viro <viro at ZenIV.linux.org.uk>
Date: Fri Feb 1 07:05:44 2008 +0000
Fix dl2k constants
patch 9c52fab2f187636b39afb0dcf562872ed42ab608 in mainline.
The MSSR constants didn't match the reality - bitfield declarations
used to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum
had them the other way round. Went unnoticed until the switch from
the bitfields use to the explicit arithmetics and I hadn't caught that one
when verifying correctness of change...
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 311fd5af55d60bea90c25ac314ba648e9415fd1f
Author: David Chinner <dgc at sgi.com>
Date: Wed Feb 6 10:52:15 2008 +1100
XFS: Fix oops in xfs_file_readdir()
patch 450790a2c51e6d9d47ed30dbdcf486656b8e186f in mainline.
Several occurrences of oops in xfs_file_readdir() on ia32 have been
reported since 2.6.24 was released. This is a regression introduced
in 2.6.24 and is relatively easy to hit. The patch below fixes the
problem.
Signed-off-by: Dave Chinner <dgc at sgi.com>
Signed-off-by: Lachlan McIlroy <lachlan at sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 091a61f602b7db7f4d1fdcb41e6ff9a97a6e0cce
Author: Nishanth Aravamudan <nacc at us.ibm.com>
Date: Fri Feb 8 04:18:18 2008 -0800
hugetlb: add locking for overcommit sysctl
patch a3d0c6aa1bb342b9b2c7b123b52ac2f48a4d4d0a in mainline.
When I replaced hugetlb_dynamic_pool with nr_overcommit_hugepages I used
proc_doulongvec_minmax() directly. However, hugetlb.c's locking rules
require that all counter modifications occur under the hugetlb_lock. Add a
callback into the hugetlb code similar to the one for nr_hugepages. Grab
the lock around the manipulation of nr_overcommit_hugepages in
proc_doulongvec_minmax().
Signed-off-by: Nishanth Aravamudan <nacc at us.ibm.com>
Acked-by: Adam Litke <agl at us.ibm.com>
Cc: David Gibson <david at gibson.dropbear.id.au>
Cc: William Lee Irwin III <wli at holomorphy.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0cc3ec3d1add90d860786382dc5abe7ca94d242e
Author: Ulisses Furquim <ulissesf at gmail.com>
Date: Fri Feb 8 04:18:16 2008 -0800
inotify: fix check for one-shot watches before destroying them
patch ac74c00e499ed276a965e5b5600667d5dc04a84a in mainline.
As the IN_ONESHOT bit is never set when an event is sent we must check it
in the watch's mask and not in the event's mask.
Signed-off-by: Ulisses Furquim <ulissesf at gmail.com>
Reported-by: "Clem Taylor" <clem.taylor at gmail.com>
Tested-by: "Clem Taylor" <clem.taylor at gmail.com>
Cc: Amy Griffis <amy.griffis at hp.com>
Cc: Robert Love <rlove at google.com>
Cc: John McCutchan <ttb at tentacle.dhs.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a1a0d79533b9698b3a40d0091fe69a86386d44bb
Author: Trond Myklebust <Trond.Myklebust at netapp.com>
Date: Fri Feb 8 14:01:02 2008 -0500
NFS: Fix a potential file corruption issue when writing
patch 5d47a35600270e7115061cb1320ee60ae9bcb6b8 in mainline.
If the inode is flagged as having an invalid mapping, then we can't rely on
the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
write optimisation in nfs_updatepage(), since that will cause NFS to write
out areas of the page that are no longer guaranteed to be up to date.
A potential corruption could occur in the following scenario:
client 1 client 2
=============== ===============
fd=open("f",O_CREAT|O_WRONLY,0644);
write(fd,"fubar\n",6); // cache last page
close(fd);
fd=open("f",O_WRONLY|O_APPEND);
write(fd,"foo\n",4);
close(fd);
fd=open("f",O_WRONLY|O_APPEND);
write(fd,"bar\n",4);
close(fd);
-----
The bug may lead to the file "f" reading 'fubar\n\0\0\0\nbar\n' because
client 2 does not update the cached page after re-opening the file for
write. Instead it keeps it marked as PageUptodate() until someone calls
invalidate_inode_pages2() (typically by calling read()).
The bug was introduced by commit 44b11874ff583b6e766a05856b04f3c492c32b84
"NFS: Separate metadata and page cache revalidation mechanisms"
Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c17ebea7bec9333f4208ba25d8ebe3ccc2bb8598
Author: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Date: Tue Feb 19 16:24:01 2008 +0100
NETFILTER: nf_conntrack_tcp: conntrack reopening fix
[NETFILTER]: nf_conntrack_tcp: conntrack reopening fix
[Upstream commits b2155e7f + d0c1fd7a]
TCP connection tracking in netfilter did not handle TCP reopening
properly: active close was taken into account for one side only and
not for any side, which is fixed now. The patch includes more comments
to explain the logic how the different cases are handled.
The bug was discovered by Jeff Chua.
Signed-off-by: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9884948ab9d3ff59a1d77fd24c2d93af7686225f
Author: David Miller <davem at davemloft.net>
Date: Fri Feb 15 02:05:53 2008 -0800
SPARC/SPARC64: Fix usage of .section .sched.text in assembler code.
[SPARC/SPARC64]: Fix usage of .section .sched.text in assembler code.
Upstream commit: c6d64c16bb193c8ca2ccc0b3c556a4574a02408b
ld will generate an unique named section when assembler do not use
"ax" but gcc does. Add the missing annotation.
Signed-off-by: Sam Ravnborg <sam at ravnborg.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c78cb439103bf7deba5feb64921398d0ff93179a
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Sun Feb 10 21:51:11 2008 -0800
Linux 2.6.24.2
commit 1617e66d11d6621824f642728d62f242272fd063
Author: Bastian Blank <bastian at waldi.eu.org>
Date: Sun Feb 10 16:47:57 2008 +0200
splice: fix user pointer access in get_iovec_page_array()
patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline.
Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.
But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.
Signed-off-by: Bastian Blank <waldi at debian.org>
Acked-by: Oliver Pinter <oliver.pntr at gmail.com>
Cc: Jens Axboe <jens.axboe at oracle.com>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 87d81ba62bfa79149ace0653278eac00233c2853
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Fri Feb 8 11:55:30 2008 -0800
Linux 2.6.24.1
commit cece280a46c9b5c0adb4d5251f42c082a578e1ad
Author: Jens Axboe <jens.axboe at oracle.com>
Date: Fri Feb 8 08:49:14 2008 -0800
splice: missing user pointer access verification (CVE-2008-0009/10)
patch 8811930dc74a503415b35c4a79d14fb0b408a361 in mainline.
vmsplice_to_user() must always check the user pointer and length
with access_ok() before copying. Likewise, for the slow path of
copy_from_user_mmap_sem() we need to check that we may read from
the user region.
Signed-off-by: Jens Axboe <jens.axboe at oracle.com>
Cc: Wojciech Purczynski <cliph at research.coseinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
commit 1dcde8747cb95109b731894bde1a39634d6089f3
Author: Dave Airlie <airlied at linux.ie>
Date: Thu Feb 7 05:43:11 2008 +0000
drm: the drm really should call pci_set_master..
(submitted upstream as 19a8f59ab8ceee751ea720085098355d53f727d6)
perhaps bonghits could turn on my bus-mastering because the drm
certainly never bothered doing it before.
Signed-off-by: Dave Airlie <airlied at linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 71591e87172bda0d1bf239dd4c7f9aef57a69c28
Author: Michael E Brown <Michael_E_Brown at dell.com>
Date: Tue Jan 29 15:35:01 2008 -0600
Driver core: Revert "Fix Firmware class name collision"
patch 7d640c4a5b36c4733460065db1554da924044511 in mainline.
This reverts commit 109f0e93b6b728f03c1eb4af02bc25d71b646c59.
The original patch breaks BIOS updates on all Dell machines. The path to
the firmware file for the dell_rbu driver changes, which breaks all of
the userspace tools which rely on it.
Note that this patch re-introduces a problem with i2c name collision
that was previously fixed by this patch.
Signed-off-by: Michael E Brown <michael_e_brown at dell.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 145eb46ca9f10a16790a59a327bcb59362bf40bc
Author: Nick Piggin <nickpiggin at yahoo.com.au>
Date: Sat Feb 2 15:01:17 2008 +0100
fix writev regression: pan hanging unkillable and un-straceable
patch 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 in mainline.
Frederik Himpe reported an unkillable and un-straceable pan process.
Zero length iovecs can go into an infinite loop in writev, because the
iovec iterator does not always advance over them.
The sequence required to trigger this is not trivial. I think it
requires that a zero-length iovec be followed by a non-zero-length iovec
which causes a pagefault in the atomic usercopy. This causes the writev
code to drop back into single-segment copy mode, which then tries to
copy the 0 bytes of the zero-length iovec; a zero length copy looks like
a failure though, so it loops.
Put a test into iov_iter_advance to catch zero-length iovecs. We could
just put the test in the fallback path, but I feel it is more robust to
skip over zero-length iovecs throughout the code (iovec iterator may be
used in filesystems too, so it should be robust).
Signed-off-by: Nick Piggin <npiggin at suse.de>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ac005b49fd49bc8c624ad51bc7aca7945e177ece
Author: Srivatsa Vaddagiri <vatsa at linux.vnet.ibm.com>
Date: Thu Jan 31 22:45:22 2008 +0100
sched: fix high wake up latencies with FAIR_USER_SCHED
patch 296825cbe14d4c95ee9c41ca5824f7487bfb4d9d in mainline.
The reason why we are getting better wakeup latencies for
!FAIR_USER_SCHED is because of this snippet of code in place_entity():
if (!initial) {
/* sleeps upto a single latency don't count. */
if (sched_feat(NEW_FAIR_SLEEPERS) && entity_is_task(se))
^^^^^^^^^^^^^^^^^^
vruntime -= sysctl_sched_latency;
/* ensure we never gain time by being placed backwards. */
vruntime = max_vruntime(se->vruntime, vruntime);
}
NEW_FAIR_SLEEPERS feature gives credit for sleeping only to tasks and
not group-level entities. With the patch attached, I could see that
wakeup latencies with FAIR_USER_SCHED are restored to the same level as
!FAIR_USER_SCHED.
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 818b7bc903fc96665eb6c885b1180e3268756d33
Author: Peter Zijlstra <a.p.zijlstra at chello.nl>
Date: Thu Jan 31 22:45:22 2008 +0100
sched: let +nice tasks have smaller impact
patch ef9884e6f29bbe1075204f962a00f7533bf7e8f3 in mainline.
Michel Dänzr has bisected an interactivity problem with
plus-reniced tasks back to this commit:
810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8 is first bad commit
commit 810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8
Author: Peter Zijlstra <a.p.zijlstra at chello.nl>
Date: Mon Oct 15 17:00:14 2007 +0200
sched: another wakeup_granularity fix
unit mis-match: wakeup_gran was used against a vruntime
fix this by assymetrically scaling the vtime of positive reniced
tasks.
Bisected-by: Michel Dänzer <michel at tungstengraphics.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 5df1d0f87854e9bcd6b32ad0d2e1f8676dbe9ea6
Author: Michael Buesch <mb at bu3sch.de>
Date: Sat Jan 26 13:54:52 2008 +0100
b43: Reject new firmware early
(not in mainline, as it is not applicable.)
We must reject new incompatible firmware early to avoid
running into strange transmission failures.
The current development tree supports newer firmware revisions.
These revisions cause strange failures on the stable 2.6.24 kernel.
Add a check to avoid confusing users a lot.
Signed-off-by: Michael Buesch <mb at bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9a87ea3ee51fb81e7a33b820a8bb59d23c7be9ef
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date: Fri Jan 25 13:03:42 2008 -0500
selinux: fix labeling of /proc/net inodes
patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline.
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials. Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
Signed-off-by: James Morris <jmorris at namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 3ecd7e88c999f6c73694c30359c4d084c5ab90be
Author: Stefano Brivio <stefano.brivio at polimi.it>
Date: Fri Jan 25 14:32:00 2008 +0100
b43legacy: fix DMA slot resource leakage
patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.
This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.
This patch by Michael Buesch has been ported to b43legacy.
Cc: Michael Buesch <mb at bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio at polimi.it>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9c5149b9f241dcae61b9a20653b26d10b4738f24
Author: Stefano Brivio <stefano.brivio at polimi.it>
Date: Fri Jan 25 14:29:50 2008 +0100
b43legacy: drop packets we are not able to encrypt
patch 9eca9a8e81928685b4de00ecef83a7c13c340fc9 in mainline.
We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).
This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.
It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.
This patch by Michael Buesch has been ported to b43legacy.
Cc: Michael Buesch <mb at bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio at polimi.it>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit bee7e28170165cb0503dc04bc2b9b6a5cb1593f9
Author: Stefano Brivio <stefano.brivio at polimi.it>
Date: Fri Jan 25 14:26:21 2008 +0100
b43legacy: fix suspend/resume
patch ada50731c0346bf900dc387edd3a6961297bf2d3 in mainline.
This patch makes suspend/resume work with the b43legacy driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.
This patch by Michael Buesch has been ported to b43legacy.
Cc: Michael Buesch <mb at bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio at polimi.it>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit c6ca9ee045051774b8e5035e5ffadbb53d5a3ad6
Author: Stefano Brivio <stefano.brivio at polimi.it>
Date: Fri Jan 25 14:24:05 2008 +0100
b43legacy: fix PIO crash
patch 0cd67d48b519c3d8d89d238fab1cf68a5289638a in mainline.
Fix the crash reported below, which seems to happen on bcm4306 rev. 2 devices
only while using PIO:
Oops: 0000 [#1] PREEMPT
Modules linked in: b43(F) rfkill(F) led_class(F) input_polldev(F) arc4 b43legacy mac80211 cfg80211 i915 drm snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ohci1394 ieee1394 ssb pcmcia snd_intel8x0m ehci_hcd uhci_hcd evdev
Pid: 0, comm: swapper Tainted: GF (2.6.24st3 #2)
EIP: 0060:[<f90f667b>] EFLAGS: 00010002 CPU: 0
EIP is at b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy]
EAX: 0000049b EBX: f11f8044 ECX: 00000001 EDX: 00000000
ESI: f1ff8000 EDI: 00000000 EBP: f11f8040 ESP: c04f4ef4
DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c04f4000 task=c0488300 task.ti=c04b8000)
Stack: f90f2788 c05009f0 c0500900 000010f7 f1053823 c04f4f24 dfb8e800 00000003
f1368000 00000007 00000296 f90f1975 00001000 010c0800 01000000 00000007
f90f6391 f11f8000 00000082 c04f4f4a 00000000 00004fd0 10f70000 8c061000
Call Trace:
[<f90f2788>] b43legacy_debugfs_log_txstat+0x48/0xb0 [b43legacy]
[<f90f1975>] b43legacy_handle_hwtxstatus+0x75/0x80 [b43legacy]
[<f90f6391>] b43legacy_pio_rx+0x201/0x280 [b43legacy]
[<f90e4fa3>] b43legacy_interrupt_tasklet+0x2e3/0x870 [b43legacy]
[<c0123567>] tasklet_action+0x27/0x60
[<c01237b4>] __do_softirq+0x54/0xb0
[<c010686b>] do_softirq+0x7b/0xe0
[<c01457c0>] handle_level_irq+0x0/0x110
[<c01457c0>] handle_level_irq+0x0/0x110
[<c0123758>] irq_exit+0x38/0x40
[<c0106953>] do_IRQ+0x83/0xd0
[<c011812f>] __update_rq_clock+0x4f/0x180
[<c0104b4f>] common_interrupt+0x23/0x28
[<c011007b>] wakeup_code+0x7b/0xde
[<c02b1039>] acpi_processor_idle+0x24a/0x3c9
[<c01025c7>] cpu_idle+0x47/0x80
[<c04b9ad5>] start_kernel+0x205/0x290
[<c04b9360>] unknown_bootoption+0x0/0x1f0
=======================
Code: 0f 00 00 81 fb ff 00 00 00 0f 87 36 01 00 00 8d 04 db 85 ff 8d 6c c6 40 8d 5d 04 0f 85 ef 00 00 00 fe 4e 0e 0f b7 46 0c 8b 53 04 <8b> 4a 50 29 c8 83 e8 52 66 89 46 0c 8b 54 24 14 80 7a 0b 00 74
EIP: [<f90f667b>] b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] SS:ESP 0068:c04f4ef4
Kernel panic - not syncing: Fatal exception in interrupt
Signed-off-by: Stefano Brivio <stefano.brivio at polimi.it>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a30954e2544519c8920c04b46f8300ec6179618f
Author: Michael Buesch <mb at bu3sch.de>
Date: Fri Jan 25 12:20:20 2008 +0100
b43: Fix dma-slot resource leakage
patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.
This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.
Signed-off-by: Michael Buesch <mb at bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio at polimi.it>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 2e892f92fe8b48824cf647e812d7fac1c289a854
Author: Michael Buesch <mb at bu3sch.de>
Date: Fri Jan 25 12:15:07 2008 +0100
b43: Drop packets we are not able to encrypt
patch 09552ccd8277e6382097e93a40f7311a09449367 in mainline
We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).
This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.
It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.
Signed-off-by: Michael Buesch <mb at bu3sch.de>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b3b222ff9374f16ed55aad252b1817980699b9b7
Author: Michael Buesch <mb at bu3sch.de>
Date: Fri Jan 25 12:11:45 2008 +0100
b43: Fix suspend/resume
patch 7be1bb6b798d506693d2d8668e801951996b5a4a in mainline.
This patch makes suspend/resume work with the b43 driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.
Signed-off-by: Michael Buesch <mb at bu3sch.de>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit dbccde6478f3d8d11762d5f19322cbc152d4c99d
Author: Stephen Hemminger <shemminger at linux-foundation.org>
Date: Thu Jan 24 19:46:10 2008 -0800
sky2: fix for WOL on some devices
patch 82637e808478087ce861129745fa60cc37e7929d in mainline
This patch disables config mode access after clearing PCI settings.
Without this change WOL won't work on some BIOS's
Signed-off-by: Stephen Hemminger <shemminger at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 31d722ee25d1b8139259483f8ab14c188ca52b2e
Author: Stephen Hemminger <shemminger at linux-foundation.org>
Date: Thu Jan 24 19:44:50 2008 -0800
sky2: restore multicast addresses after recovery
patch a7bffe722c996679b4fb2103ecaf673ec2b9b4a7 in mainline.
If the sky2 deadman timer forces a recovery, the multicast hash
list is lost. Move the call to sky2_set_multicast to the end
of sky2_up() so all paths that bring device up will restore multicast.
Signed-off-by: Stephen Hemminger <shemminger at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit de0d21fac3d694b3d87a61557d561fb23b56679a
Author: Sam Ravnborg <sam at ravnborg.org>
Date: Sun Feb 3 13:19:38 2008 +0100
x86: restore correct module name for apm
patch 3a900d89db35c133bc0874e71d9156b22db362b4 in mainline
The apm module were renamed to apm_32 during the merge of 32 and 64 bit
x86 which is unfortunate. As apm is 32 bit specific we like to keep the
_32 in the filename but the module should be named apm.
Fix this in the Makefile.
Reported-by: "A.E.Lawrence" <lawrence_a_e at ntlworld.com>
Signed-off-by: Sam Ravnborg <sam at ravnborg.org>
Cc: Cc: Ingo Molnar <mingo at elte.hu>
Cc: "H. Peter Anvin" <hpa at zytor.com>
Cc: "A.E.Lawrence" <lawrence_a_e at ntlworld.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9b0fb094a1bdbd7f93b8d0977ec0c113d6e31ff8
Author: Len Brown <len.brown at intel.com>
Date: Sun Feb 3 17:43:57 2008 -0500
ACPI: update ACPI blacklist
These minor changes sync the latest ACPI blacklist into 2.6.24.
The main benefit of this patch is to make any future
changes easier to apply. The immediate benefit is one less
dmesg line on Acer systems.
Signed-off-by: Len Brown <len.brown at intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 1d866417a3f8b531cdfb314aa693d634d5fef4a3
Author: Ian Abbott <abbotti at mev.co.uk>
Date: Mon Feb 4 13:43:13 2008 +0000
PCI: Fix fakephp deadlock
This patch works around a problem in the fakephp driver when a process
writing "0" to a "power" sysfs file to fake removal of a PCI device ends
up deadlocking itself in the sysfs code.
The patch was recently accepted into Linus' tree after the 2.6.24 release:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff
Signed-off-by: Ian Abbott <abbotti at mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 7e3c396b7554c761718702a1a9d519bfab2fa430
Author: Oleg Nesterov <oleg at tv-sign.ru>
Date: Mon Feb 4 22:27:18 2008 -0800
sys_remap_file_pages: fix ->vm_file accounting
patch 8a459e44ad837018ea5c34a9efe8eb4ad27ded26 in mainline.
Fix ->vm_file accounting, mmap_region() may do do_munmap().
Signed-off-by: Oleg Nesterov <oleg at tv-sign.ru>
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 56d4009e9628d07acb194a52a655c5fb9abc014f
Author: Peter Zijlstra <a.p.zijlstra at chello.nl>
Date: Mon Feb 4 22:27:20 2008 -0800
lockdep: annotate epoll
patch 0ccf831cbee94df9c5006dd46248c0f07847dd7c in mainline.
On Sat, 2008-01-05 at 13:35 -0800, Davide Libenzi wrote:
> I remember I talked with Arjan about this time ago. Basically, since 1)
> you can drop an epoll fd inside another epoll fd 2) callback-based wakeups
> are used, you can see a wake_up() from inside another wake_up(), but they
> will never refer to the same lock instance.
> Think about:
>
> dfd = socket(...);
> efd1 = epoll_create();
> efd2 = epoll_create();
> epoll_ctl(efd1, EPOLL_CTL_ADD, dfd, ...);
> epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...);
>
> When a packet arrives to the device underneath "dfd", the net code will
> issue a wake_up() on its poll wake list. Epoll (efd1) has installed a
> callback wakeup entry on that queue, and the wake_up() performed by the
> "dfd" net code will end up in ep_poll_callback(). At this point epoll
> (efd1) notices that it may have some event ready, so it needs to wake up
> the waiters on its poll wait list (efd2). So it calls ep_poll_safewake()
> that ends up in another wake_up(), after having checked about the
> recursion constraints. That are, no more than EP_MAX_POLLWAKE_NESTS, to
> avoid stack blasting. Never hit the same queue, to avoid loops like:
>
> epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...);
> epoll_ctl(efd3, EPOLL_CTL_ADD, efd2, ...);
> epoll_ctl(efd4, EPOLL_CTL_ADD, efd3, ...);
> epoll_ctl(efd1, EPOLL_CTL_ADD, efd4, ...);
>
> The code "if (tncur->wq == wq || ..." prevents re-entering the same
> queue/lock.
Since the epoll code is very careful to not nest same instance locks
allow the recursion.
Signed-off-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
Tested-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Acked-by: Davide Libenzi <davidel at xmailserver.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit d98837eca254bde37d9ce8d61709c977247c7582
Author: Ayaz Abdulla <aabdulla at nvidia.com>
Date: Mon Jan 28 10:24:40 2008 -0500
forcedeth: mac address mcp77/79
patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline.
This patch is a critical fix for MCP77 and MCP79 devices. The feature
flags were missing the define for correct mac address
(DEV_HAS_CORRECT_MACADDR).
Signed-off-by: Ayaz Abdulla <aabdulla at nvidia.com>
Signed-off-by: Jeff Garzik <jeff at garzik.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 7775972d879aa23bef49c57a7da5d921e7a2f130
Author: Stefan Bader <stefan.bader at canonical.com>
Date: Fri Feb 1 15:18:38 2008 -0800
USB: Fix usb_serial_driver structure for Kobil cardreader driver.
The device setup did miss to initialize the num_interrupt_out field, thus
failing to successfully complete the probe function.
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
Cc: Alan Cox <alan at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 073d5d745eac690f0d748a97eca815320a039098
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Fri Feb 1 15:17:00 2008 -0800
USB: handle idVendor of 0x0000
Some crazy devices in the wild have a vendor id of 0x0000. If we try to
add a module alias with this id, we just can't do it due to a check in
the file2alias.c file. Change the test to verify that both the vendor
and product ids are 0x0000 to show a real "blank" module alias.
Note, the module-init-tools package also needs to be changed to properly
generate the depmod tables.
Cc: Janusz <janumix at poczta.fm>
Cc: Jon Masters <jcm at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 0d3d1387be1e0801ec81b23d10f2259b9a2ea387
Author: Jan Andersson <jan at gaisler.com>
Date: Fri Feb 1 15:16:59 2008 -0800
USB: fix usbtest halt check on big endian systems
usbtest did not swap the received status information when checking for
a non-zero value and failed to discover halted endpoints on big endian
systems.
Signed-off-by: Jan Andersson <jan at gaisler.com>
Acked-by: David Brownell <david-b at pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit e4eb1fbba7ce7cf95520f5b07d76819d2afe3f80
Author: Grant Grundler <grundler at parisc-linux.org>
Date: Fri Feb 1 15:16:58 2008 -0800
USB: storage: Add unusual_dev for HP r707
Add "FIX_CAPACITY" entry for HP Photosmart r707 Camera in "Disk" mode.
Camera will wedge when /lib/udev/vol_id attempts to access the last sector,
EIO gets reported to dmesg, and block device is marked "offline" (it is).
Reproduced vol_id behavior with:
"dd if=/dev/sda of=/dev/null skip=60800 count=1"
Signed-off-by: Grant Grundler <grundler at parisc-linux.org>
Signed-off-by: Phil Dibowitz <phil at ipom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit cb0ba31a08707a87b7a600c65d93415d212e417b
Author: Nate Carlson <natecars at natecarlson.com>
Date: Fri Feb 1 15:16:57 2008 -0800
USB: Variant of the Dell Wireless 5520 driver
I've got a Dell wireless 5520 card with a different USB ID - specifically, 8136
instead of 8137. Attached a small patch to add support, and the output of an
'ati3'.
If we could get this in, that'd be sweet. ;) Thanks!
nc at knight:~/tmp/linux-2.6.24-rc8/drivers/usb/serial$ lsusb | grep 8136
Bus 001 Device 005: ID 413c:8136 Dell Computer Corp.
nc at knight:~/tmp/linux-source-2.6.23/drivers/usb/serial$ cu -l ttyUSB0 -s 115200
Connected.
ati3
Manufacturer: Novatel Wireless Incorporated
Model: Expedite EU860D MiniCard
Revision: 10.10.04.01-01 [2007-04-11 14:07:19]
IMEI: 011186000228043
+GCAP: +CGSM,+DS,+ES
From: Nate Carlson <natecars at natecarlson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit ce2193d7451caa92af6753b5cef6212be6bbb57f
Author: Oliver Neukum <oliver at neukum.org>
Date: Fri Feb 1 15:16:56 2008 -0800
USB: use GFP_NOIO in reset path
this function will run in the context of the scsi error handler thread.
It must use GFP_NOIO instead of GFP_KERNEL to avoid a possible
deadlock.
Signed-off-by: Oliver Neukum <oneukum at suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 69421556bbdb1cc1447ba330f7411871a72b6e7b
Author: Ed Beroset <beroset at mindspring.com>
Date: Fri Feb 1 15:16:55 2008 -0800
USB: ftdi driver - add support for optical probe device
Added support for the Elster Unicom III Optical Probe.
The device ID has already been added to the usb.ids file.
Signed-off-by: Ed Beroset <beroset at mindspring.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a2624d8f16508d0a4e96c1142e07f19add7c3bc0
Author: Akira Tsukamoto <akirat at rd.scei.sony.co.jp>
Date: Fri Feb 1 15:16:54 2008 -0800
USB: pl2303: add support for RATOC REX-USB60F
pl2303: add support for RATOC REX-USB60F
This patch adds support for RATOC REX-USB60F Serial Adapters,
which is widely used in Japan recently.
Signed-off-by: Akira Tsukamoto <akirat at rd.scei.sony.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit abc1add25bc808649a31c8cb1462fe44d48a788a
Author: Daniel Kozák <kozzi11 at gmail.com>
Date: Fri Feb 1 15:16:53 2008 -0800
USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem
Remove entry for Huawei E620 UMTS/HSDPA card (ID: 12d1:1001) in pl2303 driver
Option driver is use instead
Signed-off-by: Daniel Kozák <kozzi11 at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit cbf644cb0a745f7214538a416eb2810d88a2e516
Author: Bruno Redondi <bruno.redondi at altarisoluzione.com>
Date: Fri Feb 1 15:16:52 2008 -0800
USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless
Added support for Onda H600/Zte MF330 GPRS/UMTS/HSDPA datacard
Signed-off-by: Bruno Redondi <bruno.redondi at altarisoluzione.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 1b9843265b5290064495a5742eab76b0cc45dc02
Author: Franco Lanza <nextime at nexlab.it>
Date: Fri Feb 1 15:16:51 2008 -0800
USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD
little patches only to add vendor/device id of ATK_16IC CCD cam for
astronomy.
From: Franco Lanza <nextime at nexlab.it>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 52c70fb37c41e47fd290aa66eca79a6b9951751e
Author: Peter Stark <Peter.Stark at t-online.de>
Date: Fri Feb 1 15:16:50 2008 -0800
USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC
I work with a group of people on a free home automation tool called
FHEM. Some of the users own more than one USB-serial device by ELV. The
ftdi_sio driver has most of the ELV devices disabled by default and
needs to be re-enabled every time you get a new kernel. Additionally a
new device (EM 1010 PC - enegry monitor) is missing in the list.
Currently our users have to follow the instructions we provide at
http://www.koeniglich.de/fhem/linux.html ... However, to some users it
is too complicated to compile their own kernel module.
We are aware that you can specify one additional device using the
vendor/product option of the module. But lot's of users own more than
one device.
Signed-off-by: Peter Stark <peter.stark at t-online.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 9abbc804d2ff5988e13f9270503bcd5fe00287b6
Author: Kevin Lloyd <linux at sierrawireless.com>
Date: Fri Feb 1 15:16:48 2008 -0800
USB: sierra driver - add devices
The following improvements were made:
- Added new product support: MC5725, AC 880 U, MP 3G (UMTS & CDMA)
Signed-off-by: Kevin Lloyd <linux at sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 649140eb725b886fdc353ba7421ef0585273e2b9
Author: Damien Stuart <dstuart at dstuart.org>
Date: Fri Feb 1 15:16:47 2008 -0800
USB: Adding YC Cable USB Serial device to pl2303
This simply adds the "YC Cable" as a vendor and its pl2303-based
USB<->Serial adapter as a product. This particular adapter is sold by
Radio Shack. I've done limited testing on a few different systems with
no issues.
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f3c19c9871db7c076cfb068fb965e53612ae6e1c
Author: Jessica L. Blank <j at twu.net>
Date: Fri Feb 1 15:16:46 2008 -0800
USB: Sierra - Add support for Aircard 881U
Adds the appropriate vendor and device IDs for the AirCard 881U to
sierra.c. (This device is often rebadged by AT&T as the USBConnect 881).
Signed-off-by: Jessica L Blank <j at twu.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit 8b5fc24779395a26ccf456321636c78339436b76
Author: Piotr Roszatycki <dexter at debian.org>
Date: Fri Feb 1 15:16:45 2008 -0800
USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter
add support for:
4348:5523 WinChipHead USB->RS 232 adapter with Prolifec PL 2303 chipset
[ mingo at elte.hu: merged it and nursed it upstream ]
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit b2482c0bb4496a5f2ae1e596832dc19234ff660e
Author: Craig Shelley <craig at microtron.org.uk>
Date: Fri Feb 1 15:16:44 2008 -0800
USB: CP2101 New Device IDs
Six new device IDs for CP2101 driver.
Signed-off-by: Craig Shelley <craig at microtron.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f3f25f6175790dc79028fd39d0eb3abce5f2222b
Author: Li Yang <leoli at freescale.com>
Date: Fri Feb 1 15:16:43 2008 -0800
usb gadget: fix fsl_usb2_udc potential OOPS
For fsl_usb2_udc driver, ep0 also has a descriptor. Current code is
misleading and contains a logical mistake. Here is the patch to fix it.
http://bugzilla.kernel.org/show_bug.cgi?id=9595
Signed-off-by: David Brownell <dbrownell at users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit a9ceb6ce700eb40d9aff44c2601b51943eea6990
Author: Alan Cox <alan at lxorguk.ukuu.org.uk>
Date: Fri Feb 1 15:16:42 2008 -0800
USB: keyspan: Fix oops
If we get a data URB back from the hardware after we have put the tty to
bed we go kaboom. Fortunately all we need to do is process the URB
without trying to ram its contents down the throat of an ex-tty.
Signed-off-by: Alan Cox <alan at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f5871b9016c0ebce8acc58f7a230adcb9bd89577
Author: Nick Piggin <npiggin at suse.de>
Date: Sat Feb 2 03:08:53 2008 +0100
vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
Drivers that register a ->fault handler, but do not range-check the
offset argument, must set VM_DONTEXPAND in the vm_flags in order to
prevent an expanding mremap from overflowing the resource.
I've audited the tree and attempted to fix these problems (usually by
adding VM_DONTEXPAND where it is not obvious).
Signed-off-by: Nick Piggin <npiggin at suse.de>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
commit f4ae0ab4b8237848ad5d687342a10cd3b7037705
Author: Pekka J Enberg <penberg at cs.helsinki.fi>
Date: Sat Jan 26 14:15:54 2008 +0200
slab: fix bootstrap on memoryless node
[ Upstream commit: 556a169dab38b5100df6f4a45b655dddd3db94c1 ]
If the node we're booting on doesn't have memory, bootstrapping kmalloc()
caches resorts to fallback_alloc() which requires ->nodelists set for all
nodes. Fix that by calling set_up_list3s() for CACHE_CACHE in
kmem_cache_init().
As kmem_getpages() is called with GFP_THISNODE set, this used to work before
because of breakage in 2.6.22 and before with GFP_THISNODE returning pages from
the wrong node if a node had no memory. So it may have worked accidentally and
in an unsafe manner because the pages would have been associated with the wrong
node which could trigger bug ons and locking troubles.
Tested-by: Mel Gorman <mel at csn.ul.ie>
Tested-by: Olaf Hering <olaf at aepfle.de>
Reviewed-by: Christoph Lameter <clameter at sgi.com>
[ With additional one-liner by Olaf Hering - Linus ]
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
commit a869ec27f09435a48a6601c2c5543b457410b40c
Author: Michael Krufky <mkrufky at linuxtv.org>
Date: Thu Jan 24 18:26:19 2008 -0500
DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
[PATCH] DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
Signed-off-by: Michael Krufky <mkrufky at linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab at infradead.org>
Signed-off-by: Chris Wright <chrisw at sous-sol.org>
More information about the commitlog
mailing list
