Sven Hartge [Sun, 9 Oct 2005 04:14:34 +0000 (21:14 -0700)]
[PATCH] Fix compile error in irq.c
irq.c is missing the inclusion of asm/io.h, which causes
readb() and writeb() the be undefined.
Signed-off-by: Sven Hartge <hartge@ds9.argh.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Tue, 8 Nov 2005 15:03:46 +0000 (15:03 +0000)]
[PATCH] CVE-2005-2709 sysctl unregistration oops
You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
wait for interface to go away, try to grab as much memory as possible in
hope to hit the (kfreed) ctl_table. Then fill it with pointers to your
function. Then do read from file you've opened and if you are lucky,
you'll get it called as ->proc_handler() in kernel mode.
So this is at least an Oops and possibly more. It does depend on an
interface going away though, so less of a security risk than it would
otherwise be.
This fixes the RCU race on bridge delete interface. Basically,
the network device has to be detached from the bridge in the first
step (pre-RCU), rather than later. At that point, no more bridge traffic
will come in, and the other code will not think that network device
is part of a bridge.
This should also fix the XEN test problems. If there is another
2.6.13-stable, add it as well.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Please consider this change for 2.6.13-stable Since BIC is
the default congestion control algorithm, this fix is quite
important.
Missing parenthesis in causes BIC to be slow in increasing congestion
window.
Spotted by Injong Rhee.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pavel Roskin [Fri, 7 Oct 2005 23:43:50 +0000 (16:43 -0700)]
[PATCH] orinoco: Information leakage due to incorrect padding
The orinoco driver can send uninitialized data exposing random pieces of
the system memory. This happens because data is not padded with zeroes
when its length needs to be increased.
Reported by Meder Kydyraliev <meder@o0o.nu>
Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Richter [Fri, 7 Oct 2005 23:43:49 +0000 (16:43 -0700)]
[PATCH] ieee1394/sbp2: fixes for hot-unplug and module unloading
Fixes for reference counting problems, deadlocks, and delays when SBP-2 devices
are unplugged or unbound from sbp2, or when unloading of sbp2/ ohci1394/ pcilynx
is attempted.
Most often reported symptoms were hotplugs remaining undetected once a FireWire
disk was unplugged since the knodemgrd kernel thread went to uninterruptible
sleep, and "modprobe -r sbp2" being unable to complete because still being in
use.
Patch is equivalent to commit abd559b1052e28d8b9c28aabde241f18fa89090b in
2.6.14-rc3 plus a fix which is necessary together with 2.6.13's scsi core API
(linux1394.org commit r1308 by Ben Collins).
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: Ben Collins <bcollins@debian.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Don't over-clamp window in tcp_clamp_window()
Handle better the case where the sender sends full sized
frames initially, then moves to a mode where it trickles
out small amounts of data at a time.
This known problem is even mentioned in the comments
above tcp_grow_window() in tcp_input.c, specifically:
...
* The scheme does not work when sender sends good segments opening
* window and then starts to feed us spagetti. But it should work
* in common situations. Otherwise, we have to rely on queue collapsing.
...
When the sender gives full sized frames, the "struct sk_buff" overhead
from each packet is small. So we'll advertize a larger window.
If the sender moves to a mode where small segments are sent, this
ratio becomes tilted to the other extreme and we start overrunning
the socket buffer space.
tcp_clamp_window() tries to address this, but it's clamping of
tp->window_clamp is a wee bit too aggressive for this particular case.
Fix confirmed by Ion Badulescu.
Signed-off-by: "David S. Miller" <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] tcp: set default congestion control correctly for incoming connections
Patch from Joel Sing to fix the default congestion control algorithm for incoming connections. If a new congestion control handler is added (via module),
it should become the default for new connections. Instead, the incoming
connections use reno. The cause is incorrect
initialisation causes the tcp_init_congestion_control() function to return
after the initial if test fails.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Acked-by: "David S. Miller" <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org>
Here is the patch (fuzz removed) for 2.6.13.2 that fixes
OOPs when using bonding with skge.
Skge driver was bringing link up/down when changing mac
address. This doesn't work in the bonding environment, and is
more effort than needed.
Fixes-bug: http://bugzilla.kernel.org/show_bug.cgi?id=5271 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Sigend-off-by: Chris Wright <chrisw@osdl.org>
We were leaking pmd pages when 3_LEVEL_PGTABLES was enabled. This fixes that,
has been well tested and is included in mainline tree. Please include in -stable
as well.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] ipvs: ip_vs_ftp breaks connections using persistence
ip_vs_ftp when loaded can create NAT connections with unknown
client port for passive FTP. For such expectations we lookup with
cport=0 on incoming packet but it matches the format of the persistence
templates causing packets to other persistent virtual servers to be
forwarded to real server without creating connection. Later the
reply packets are treated as foreign and not SNAT-ed.
If the IPVS box serves both FTP and other services (eg. HTTP)
for the time we wait for first packet for the FTP data connections with
unknown client port (there can be many), other HTTP connections
that have nothing common to the FTP conn break, i.e. HTTP client
sends SYN to the virtual IP but the SYN+ACK is not NAT-ed properly
in IPVS box and the client box returns RST to real server IP. I.e.
the result can be 10% broken HTTP traffic if 10% of the time
there are passive FTP connections in connecting state. It hurts
only IPVS connections.
This patch changes the connection lookup for packets from
clients:
* introduce IP_VS_CONN_F_TEMPLATE connection flag to mark the
connection as template
* create new connection lookup function just for templates - ip_vs_ct_in_get
* make sure ip_vs_conn_in_get hits only connections with
IP_VS_CONN_F_NO_CPORT flag set when s_port is 0. By this way
we avoid returning template when looking for cport=0 (ftp)
Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Chris Wright <chrisw@osdl.org>
David Stevens [Thu, 15 Sep 2005 19:46:06 +0000 (13:46 -0600)]
[PATCH] fix IPv6 per-socket multicast filtering in exact-match case
per-socket multicast filters were not being applied to all sockets
in the case of an exact-match bound address, due to an over-exuberant
"return" in the look-up code. Fix below. IPv4 does not have this problem.
Thanks to Hoerdt Mickael for reporting the bug.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Chris Wright <chrisw@osdl.org>
Alexander Nyberg [Wed, 14 Sep 2005 16:54:06 +0000 (18:54 +0200)]
[PATCH] Fix fs/exec.c:788 (de_thread()) BUG_ON
It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.
de_thread() does
while (atomic_read(&sig->count) > count) {
}
.....
.....
BUG_ON(!thread_group_empty(current));
but release_task does
write_lock_irq(&tasklist_lock)
__exit_signal
(this is where atomic_dec(&sig->count) is run)
__exit_sighand
__unhash_process
takes write lock on tasklist_lock
remove itself out of PIDTYPE_TGID list
write_unlock_irq(&tasklist_lock)
so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.
And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.
Big thanks to Marc Lehmann who provided the test-case.
Ivan Kokshaysky [Wed, 14 Sep 2005 19:05:30 +0000 (23:05 +0400)]
[PATCH] yenta oops fix
In some cases, especially on modern laptops with a lot of PCI and
cardbus bridges, we're unable to assign correct secondary/subordinate
bus numbers to all cardbus bridges due to BIOS limitations unless
we are using "pci=assign-busses" boot option.
So some cardbus controllers may not have attached subordinate pci_bus
structure, and yenta driver must cope with it - just ignore such cardbus
bridges.
For example, see https://bugzilla.novell.com/show_bug.cgi?id=113778
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Fix up more strange byte writes to the PCI_ROM_ADDRESS config word
It's a dword thing, and the value we write is a dword. Doing a byte
write to it is nonsensical, and writes only the low byte, which only
contains the enable bit. So we enable a nonsensical address (usually
zero), which causes the controller no end of problems.
Trivial fix, but nasty to find.
Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org>
Patrick McHardy [Tue, 13 Sep 2005 07:37:22 +0000 (09:37 +0200)]
[PATCH] Fix DHCP + MASQUERADE problem
In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.
Thanks to Rusty for this suggestion.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org>
This ports the Sun GEM ROM mapping/enable fixes it sunhme (which used
the same PCI ROM mapping code).
Without this, I get NULL MAC addresses for all 4 ports (it's a SUN QFE).
With it, I get the correct addresses (the ones printed on the label on
the card).
Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Sun GEM ethernet: enable and map PCI ROM properly
This same patch was reported to fix the MAC address detection on sunhme
(next patch). Most people seem to be running this on Sparcs or PPC
machines, where we get the MAC address from their respective firmware
rather than from the (previously broken) ROM mapping routines.
Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] forcedeth: Initialize link settings in every nv_open()
R�diger found a bug in nv_open that explains some of the reports
with duplex mismatches:
nv_open calls nv_update_link_speed for initializing the hardware link speed
registers. If current link setting matches the values in np->linkspeed and
np->duplex, then the function does nothing.
Usually, doing nothing is the right thing, but not in nv_open: During
nv_open, the registers must be initialized because the nic was reset.
The attached patch fixes that by setting np->linkspeed to an invalid value
before calling nv_update_link_speed from nv_open.
Signed-Off-By: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Chris Wright <chrisw@osdl.org>
This patch adds lost sockfd_put() in 32bit compat rounting_ioctl() on
64bit platforms, bug found by Vasiliy Averin <vvs@sw.ru>.
I believe this is a security issues, since user can fget() file as many
times as he wants to. So file refcounter can be overlapped and first
fput() will free resources though there will be still structures
pointing to the file, mnt, dentry etc.
Also fput() sets f_dentry and f_vfsmnt to NULL,
so other file users will OOPS.
The oops can be done under files_lock and others, so this can be an
exploitable DoS on SMP. Didn't checked it on practice actually.
This patch adds lost fput in 32bit tiocgdev ioctl on x86-64
I believe this is a security issues, since user can fget() file as
many times as he wants to. So file refcounter can be overlapped and
first fput() will free resources though there will be still structures
pointing to the file, mnt, dentry etc. Also fput() sets f_dentry and
f_vfsmnt to NULL, so other file users will OOPS.
The oops can be done under files_lock and others, so this is really
exploitable DoS on SMP. Didn't checked it on practice actually.
Al Viro [Wed, 31 Aug 2005 09:55:12 +0000 (10:55 +0100)]
[PATCH] raw_sendmsg DoS (CAN-2005-2492)
Fix unchecked __get_user that could be tricked into generating a
memory read on an arbitrary address. The result of the read is not
returned directly but you may be able to divine some information about
it, or use the read to cause a crash on some architectures by reading
hardware state. CAN-2005-2492.
Fix from Al Viro, ack from Dave Miller.
Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Woodhouse [Tue, 6 Sep 2005 08:30:10 +0000 (09:30 +0100)]
[PATCH] 32bit sendmsg() flaw (CAN-2005-2490)
When we copy 32bit ->msg_control contents to kernel, we walk the same
userland data twice without sanity checks on the second pass.
Second version of this patch: the original broke with 64-bit arches
running 32-bit-compat-mode executables doing sendmsg() syscalls with
unaligned CMSG data areas
Another thing is that we use kmalloc() to allocate and sock_kfree_s()
to free afterwards; less serious, but also needs fixing.
Patch by Al Viro, David Miller, David Woodhouse
(sparc64 clean compile fix from David Miller)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This was found by inspection while looking for checksum problems
with the skge driver that sets CHECKSUM_HW. It did not fix the
problem, but it looks like it is needed.
If IP reassembly is trimming an overlapping fragment, it
should reset (or adjust) the hardware checksum flag on the skb.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Sat, 10 Sep 2005 02:42:51 +0000 (19:42 -0700)]
[PATCH] Fix boundary check in standard multi-block cipher processors
[CRYPTO] Fix boundary check in standard multi-block cipher processors
Fixes Bug 5194 (IPSec related Oops in 2.6.13).
The boundary check in the standard multi-block cipher processors are
broken when nbytes is not a multiple of bsize. In those cases it will
always process an extra block.
This patch corrects the check so that it processes at most nbytes of data.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Tue, 6 Sep 2005 01:47:10 +0000 (18:47 -0700)]
[PATCH] 2.6.13 breaks libpcap (and tcpdump)
[NET]: 2.6.13 breaks libpcap (and tcpdump)
Patrick McHardy says:
Never mind, I got it, we never fall through to the second switch
statement anymore. I think we could simply break when load_pointer
returns NULL. The switch statement will fall through to the default
case and return 0 for all cases but 0 > k >= SKF_AD_OFF.
Here's a patch to do just that.
I left BPF_MSH alone because it's really a hack to calculate the IP
header length, which makes no sense when applied to the special data.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
I had some time to think about PCI assign issues in 2.6.13-rc series.
The major problem here is that we call pci_assign_unassigned_resources()
way too early - at subsys_initcall level. Therefore we give no chances
to ACPI and PnP routines (called at fs_initcall level) to reserve their
respective resources properly, as the comments in drivers/pnp/system.c
and drivers/acpi/motherboard.c suggest:
/**
* Reserve motherboard resources after PCI claim BARs,
* but before PCI assign resources for uninitialized PCI devices
*/
So I moved the pci_assign_unassigned_resources() call to
pcibios_assign_resources() (fs_initcall), which should hopefully fix a
lot of problems and make PCIBIOS_MIN_IO tweaks unnecessary.
Other changes:
- remove resource assignment code from pcibios_assign_resources(), since
it duplicates pci_assign_unassigned_resources() functionality and
actually does nothing in 2.6.13;
- modify ROM assignment code as per Ben's suggestion: try to use firmware
settings by default (if PCI_ASSIGN_ROMS is not set);
- set CARDBUS_IO_SIZE back to 4K as it's a wonderful stress test for
various setups.
Confirmed by Tero Roponen <teanropo@cc.jyu.fi> (who had problems with
the 4kB CardBus IO size previously).
This fixes a problem with pci_map_rom() which doesn't properly
update the ROM BAR value with the address thas allocated for it by the
PCI code. This problem, among other, breaks boot on Mac laptops.
It'ss a new version based on Linus latest one with better error
checking.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michael Krufky [Tue, 30 Aug 2005 19:47:14 +0000 (15:47 -0400)]
[PATCH] Kconfig: saa7134-dvb must select tda1004x
I wish I had seen this before 2.6.13 was released... I guess this only
goes to show that there haven't been any testers using saa7134-hybrid
dvb/v4l boards that depend on the tda1004x module, during the 2.6.13-rc
series :-(
Please apply this to 2.6.14, and also to 2.6.13.1 -stable. Without this
patch, users will have to EXPLICITLY select tda1004x in Kconfig. This
SHOULD be done automatically when saa7134-dvb is selected. This patch
corrects this problem.
saa7134-dvb must select tda1004x
Signed-off-by: Michael Krufky <mkrufky@m1k.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Paul Mackerras [Sat, 27 Aug 2005 23:40:01 +0000 (09:40 +1000)]
[PATCH] Remove race between con_open and con_close
[ Same race and same patch also by Steven Rostedt <rostedt@goodmis.org> ]
I have a laptop (G3 powerbook) which will pretty reliably hit a race
between con_open and con_close late in the boot process and oops in
vt_ioctl due to tty->driver_data being NULL.
What happens is this: process A opens /dev/tty6; it comes into
con_open() (drivers/char/vt.c) and assign a non-NULL value to
tty->driver_data. Then process A closes that and concurrently process
B opens /dev/tty6. Process A gets through con_close() and clears
tty->driver_data, since tty->count == 1. However, before process A
can decrement tty->count, we switch to process B (e.g. at the
down(&tty_sem) call at drivers/char/tty_io.c line 1626).
So process B gets to run and comes into con_open with tty->count == 2,
as tty->count is incremented (in init_dev) before con_open is called.
Because tty->count != 1, we don't set tty->driver_data. Then when the
process tries to do anything with that fd, it oopses.
The simple and effective fix for this is to test tty->driver_data
rather than tty->count in con_open. The testing and setting of
tty->driver_data is serialized with respect to the clearing of
tty->driver_data in con_close by the console_sem. We can't get a
situation where con_open sees tty->driver_data != NULL and then
con_close on a different fd clears tty->driver_data, because
tty->count is incremented before con_open is called. Thus this patch
eliminates the race, and in fact with this patch my laptop doesn't
oops.
Signed-off-by: Paul Mackerras <paulus@samba.org>
[ Same patch Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
in http://marc.theaimsgroup.com/?l=linux-kernel&m=112450820432121&w=2 ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jan Blunck [Sat, 27 Aug 2005 18:07:52 +0000 (11:07 -0700)]
[PATCH] sg.c: fix a memory leak in devices seq_file implementation
I know that scsi procfs is legacy code but this is a fix for a memory leak.
While reading through sg.c I realized that the implementation of
/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
pointer returned by the next() iterator method. Since next() might return
NULL or an error this is wrong. This patch fixes it through using the
seq_files private field for holding the reference to the iterator object.
Here is a small bash script to trigger the leak. Use slabtop to watch
the size-32 usage grow and grow.
#!/bin/sh
while true; do
cat /proc/scsi/sg/devices > /dev/null
done
Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de> Acked-by: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] fix for race problem in DVB USB drivers (dibusb)
Fixed race between submitting streaming URBs in the driver and starting
the actual transfer in hardware (demodulator and USB controller) which
sometimes lead to garbled data transfers. URBs are now submitted first,
then the transfer is enabled. Dibusb devices and clones are now fully
functional again.
Signed-off-by: Patrick Boettcher <pb@linuxtv.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ralf Baechle [Wed, 24 Aug 2005 17:01:33 +0000 (18:01 +0100)]
[PATCH] Fix 6pack setting of MAC address
Don't check type of sax25_family; dev_set_mac_address has already done
that before and anyway, the type to check against would have been
ARPHRD_AX25. We only got away because AF_AX25 and ARPHRD_AX25 both happen
to be defined to the same value.
Don't check sax25_ndigis either; it's value is insignificant for the
purpose of setting the MAC address and the check has shown to break
some application software for no good reason.
Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
James Bottomley [Sat, 27 Aug 2005 01:34:17 +0000 (18:34 -0700)]
[PATCH] Fix oops in sysfs_hash_and_remove_file()
The problem arises if an entity in sysfs is created and removed without
ever having been made completely visible. In SCSI this is triggered by
removing a device while it's initialising.
The problem appears to be that because it was never made visible in sysfs,
the sysfs dentry has a null d_inode which oopses when a reference is made
to it. The solution is simply to check d_inode and assume the object was
never made visible (and thus doesn't need deleting) if it's NULL.
(akpm: possibly a stopgap for 2.6.13 scsi problems. May not be the
long-term fix)
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Deepak Saxena [Sat, 27 Aug 2005 01:34:11 +0000 (18:34 -0700)]
[PATCH] arm: fix IXP4xx flash resource range
We are currently reserving one byte more than actually needed by the flash
device and overlapping into the next I/O expansion bus window. This a)
causes us to allocate an extra page of VM due to ARM ioremap() alignment
code and b) could cause problems if another driver tries to request the
next expansion bus window.
Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andi Kleen [Sat, 27 Aug 2005 01:34:10 +0000 (18:34 -0700)]
[PATCH] x86_64: Tell VM about holes in nodes
Some nodes can have large holes on x86-64.
This fixes problems with the VM allowing too many dirty pages because it
overestimates the number of available RAM in a node. In extreme cases you
can end up with all RAM filled with dirty pages which can lead to deadlocks
and other nasty behaviour.
This patch just tells the VM about the known holes from e820. Reserved
(like the kernel text or mem_map) is still not taken into account, but that
should be only a few percent error now.
Small detail is that the flat setup uses the NUMA free_area_init_node() now
too because it offers more flexibility.
(akpm: lotsa thanks to Martin for working this problem out)
Cc: Martin Bligh <mbligh@mbligh.org> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Anton Blanchard [Sat, 27 Aug 2005 01:34:07 +0000 (18:34 -0700)]
[PATCH] ppc64: Fix issue with gcc 4.0 compiled kernels
I recently had a BUG_ON() go off spuriously on a gcc 4.0 compiled kernel.
It turns out gcc-4.0 was removing a sign extension while earlier gcc
versions would not. Thinking this to be a compiler bug, I submitted a
report:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23422
It turns out we need to cast the input in order to tell gcc to sign extend
it.
Thanks to Andrew Pinski for his help on this bug.
Signed-off-by: Anton Blanchard <anton@samba.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
At the suggestion of Nick Piggin and Dinakar, totally disable
the facility to allow cpu_exclusive cpusets to define dynamic
sched domains in Linux 2.6.13, in order to avoid problems
first reported by John Hawkes (corrupt sched data structures
and kernel oops).
This has been built for ppc64, i386, ia64, x86_64, sparc, alpha.
It has been built, booted and tested for cpuset functionality
on an SN2 (ia64).
Dinakar or Nick - could you verify that it for sure does avoid
the problems Hawkes reported. Hawkes is out of town, and I don't
have the recipe to reproduce what he found.
Signed-off-by: Paul Jackson <pj@sgi.com> Acked-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The partial disabling of Dinakar's new facility to allow
cpu_exclusive cpusets to define dynamic sched domains
doesn't go far enough. At the suggestion of Nick Piggin
and Dinakar, let us instead totally disable this facility
for 2.6.13, in order to avoid problems first reported
by John Hawkes (corrupt sched data structures and kernel oops).
This patch removes the partial disabling code in 2.6.13-rc7,
in anticipation of the next patch, which will totally disable
it instead.
Signed-off-by: Paul Jackson <pj@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jean Delvare [Thu, 25 Aug 2005 16:43:37 +0000 (18:43 +0200)]
[PATCH] hwmon: Off-by-one error in fscpos driver
Coverity uncovered an off-by-one error in the fscpos driver, in function
set_temp_reset(). Writing to the temp3_reset sysfs file will lead to an
array overrun, in turn causing an I2C write to a random register of the
FSC Poseidon chip. Additionally, writing to temp1_reset and temp2_reset
will not work as expected. The fix is straightforward.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Thu, 25 Aug 2005 22:13:14 +0000 (23:13 +0100)]
[PATCH] late spinlock initialization in ieee1394/ohci
spinlock used in irq handler should be initialized before registering
irq, even if we know that our device has interrupts disabled; handler
is registered shared and taking spinlock is done unconditionally. As
it is, we can and do get oopsen on boot for some configuration, depending
on irq routing - I've got a reproducer.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Ben Collins <bcollins@debian.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Thu, 25 Aug 2005 22:03:35 +0000 (23:03 +0100)]
[PATCH] bogus function type in qdio
In qdio_get_micros() volatile in return type is plain noise (even with old
gccisms it would make no sense - noreturn function returning __u64 is a
bit odd ;-)
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexey Dobriyan [Thu, 25 Aug 2005 21:49:14 +0000 (01:49 +0400)]
[PATCH] drivers/hwmon/*: kfree() correct pointers
The adm9240 driver, in adm9240_detect(), allocates a structure. The
error path attempts to kfree() ->client field of it (second one),
resulting in an oops (or slab corruption) if the hardware is not present.
->client field in adm1026, adm1031, smsc47b397 and smsc47m1 is the first in
${HWMON}_data structure, but fix them too.
Steve French [Fri, 26 Aug 2005 19:42:59 +0000 (14:42 -0500)]
[PATCH] Fix oops in fs/locks.c on close of file with pending locks
The recent change to locks_remove_flock code in fs/locks.c changes how
byte range locks are removed from closing files, which shows up a bug in
cifs.
The assumption in the cifs code was that the close call sent to the
server would remove any pending locks on the server on this file, but
that is no longer safe as the fs/locks.c code on the client wants unlock
of 0 to PATH_MAX to remove all locks (at least from this client, it is
not possible AFAIK to remove all locks from other clients made to the
server copy of the file).
Note that cifs locks are different from posix locks - and it is not
possible to map posix locks perfectly on the wire yet, due to
restrictions of the cifs network protocol, even to Samba without adding
a new request type to the network protocol (which we plan to do for
Samba 3.0.21 within a few months), but the local client will have the
correct, posix view, of the lock in most cases.
The correct fix for cifs for this would involve a bigger change than I
would like to do this late in the 2.6.13-rc cycle - and would involve
cifs keeping track of all unmerged (uncoalesced) byte range locks for
each remote inode and scanning that list to remove locks that intersect
or fall wholly within the range - locks that intersect may have to be
reaquired with the smaller, remaining range.
Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
There is an off by one problem with idr_get_new_above.
The comment and function name suggest that it will return an id >
starting_id, but it actually returned an id >= starting_id, and kernel
callers other than inotify treated it as such.
The patch below fixes the comment, and fixes inotifys usage. The
function name still doesn't match the behaviour, but it never did.
Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Fri, 26 Aug 2005 17:49:22 +0000 (10:49 -0700)]
Ignore disabled ROM resources at setup
Writing even a disabled value seems to mess up some matrox graphics
cards. It may be a card-related issue, but we may also be writing
reserved low bits in the result.
This was a fall-out of switching x86 over to the generic PCI resource
allocation code, and needs more debugging. In particular, the old x86
code defaulted to not doing any resource allocations at all for ROM
resources.
In the meantime, this has been reported to make X happier by Helge
Hafting <helgehaf@aitel.hist.no>.
Linus Torvalds [Fri, 26 Aug 2005 17:40:10 +0000 (10:40 -0700)]
Only pre-allocate 256 bytes of cardbio IO range
It may seem small, but most cards need much less, if any, and this not
only makes the code adhere to the comment, it seems to fix a boot-time
lockup on a ThinkPad 380XD laptop reported by Tero Roponen <teanropo@cc.jyu.fi>
Michael Chan [Thu, 25 Aug 2005 22:31:41 +0000 (15:31 -0700)]
[TG3]: Fix ethtool loopback test lockup
The tg3_abort_hw() call in tg3_test_loopback() is causing lockups on
some devices. tg3_abort_hw() disables the memory arbiter, causing
tg3_reset_hw() to hang when it tries to write the pre-reset signature.
tg3_abort_hw() should only be called after the pre-reset signature has
been written. This is all done in tg3_reset_hw() so the tg3_abort_hw()
call is unnecessary and can be removed.
[ Also bump driver version and release date. -DaveM ]
Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jens Axboe [Wed, 24 Aug 2005 12:57:54 +0000 (14:57 +0200)]
[PATCH] cfq-iosched.c: minor fixes
One critical fix and two minor fixes for 2.6.13-rc7:
- Max depth must currently be 2 to allow barriers to function on SCSI
- Prefer sync request over async in choosing the next request
- Never allow async request to preempt or disturb the "anticipation" for
a single cfq process context. This is as-designed, the code right now
is buggy in that area.
Keith Owens [Wed, 24 Aug 2005 06:06:25 +0000 (16:06 +1000)]
[PATCH] Export pcibios_bus_to_resource
pcibios_bus_to_resource is exported on all architectures except ia64
and sparc. Add exports for the two missing architectures. Needed when
Yenta socket support is compiled as a module.
Signed-off-by: Keith Owens <kaos@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I mistakedly disabled fusion support in an earlier update. Fusion
is commonly used on many x86-64 systems, so this was a problem.
This patch fixes that.
Signed-off-by: And Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] ppc64: Export machine_power_off for therm_pm72 module
This patch puts back the export of machine_power_off() that was removed
by some janitor as it's used for emergency shutdown by the G5 thermal
control driver. Wether that driver should use kernel_power_off() instead
is debatable and a post-2.6.13 decision. In the meantime, please commit
that patch that fixes the driver for now.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Paul Jackson [Wed, 24 Aug 2005 11:15:10 +0000 (04:15 -0700)]
[PATCH] cpu_exclusive sched domains build fix
As reported by Paul Mackerras <paulus@samba.org>, the previous patch
"cpu_exclusive sched domains fix" broke the ppc64 build with
CONFIC_CPUSET, yielding error messages:
kernel/cpuset.c: In function 'update_cpu_domains':
kernel/cpuset.c:648: error: invalid lvalue in unary '&'
kernel/cpuset.c:648: error: invalid lvalue in unary '&'
On some arch's, the node_to_cpumask() is a function, returning
a cpumask_t. But the for_each_cpu_mask() requires an lvalue mask.
The following patch fixes this build failure by making a copy
of the cpumask_t on the stack.
Signed-off-by: Paul Jackson <pj@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Patrick McHardy [Wed, 24 Aug 2005 05:06:09 +0000 (22:06 -0700)]
[FIB_TRIE]: Don't ignore negative results from fib_semantic_match
When a semantic match occurs either success, not found or an error
(for matching unreachable routes/blackholes) is returned. fib_trie
ignores the errors and looks for a different matching route. Treat
results other than "no match" as success and end lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Jackson [Tue, 23 Aug 2005 08:04:27 +0000 (01:04 -0700)]
[PATCH] cpu_exclusive sched domains on partial nodes temp fix
This keeps the kernel/cpuset.c routine update_cpu_domains() from
invoking the sched.c routine partition_sched_domains() if the cpuset in
question doesn't fall on node boundaries.
I have boot tested this on an SN2, and with the help of a couple of ad
hoc printk's, determined that it does indeed avoid calling the
partition_sched_domains() routine on partial nodes.
I did not directly verify that this avoids setting up bogus sched
domains or avoids the oops that Hawkes saw.
This patch imposes a silent artificial constraint on which cpusets can
be used to define dynamic sched domains.
This patch should allow proceeding with this new feature in 2.6.13 for
the configurations in which it is useful (node alligned sched domains)
while avoiding trying to setup sched domains in the less useful cases
that can cause the kernel corruption and oops.
Signed-off-by: Paul Jackson <pj@sgi.com> Acked-by: Ingo Molnar <mingo@elte.hu> Acked-by: Dinakar Guniguntala <dino@in.ibm.com> Acked-by: John Hawkes <hawkes@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andi Kleen [Tue, 23 Aug 2005 01:14:27 +0000 (03:14 +0200)]
[PATCH] x86_64: Don't oops at boot when empty Opteron node has IO
The code to detect IO links on Opteron would not check
if the node had actually memory. This could lead to pci_bus_to_node
returning an invalid node, which might cause crashes later
when dma_alloc_coherent passes it to page_alloc_node().
The bug has been there forever but for some reason
it is causing now crashes.
lepton [Tue, 23 Aug 2005 00:06:14 +0000 (17:06 -0700)]
[PATCH] usbnet oops fix
There's a "return the wrong SKB" error in the GL620A cable minidriver
(for "usbnet") which can oops. This would not appear when talking
Linux-to-Linux, only Linux-to-Windows (for recent Linuxes).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Chuck Ebbert [Wed, 24 Aug 2005 01:36:40 +0000 (21:36 -0400)]
[PATCH] i386: fix incorrect FP signal code
i386 floating-point exception handling has a bug that can cause error
code 0 to be sent instead of the proper code during signal delivery.
This is caused by unconditionally checking the IS and c1 bits from the
FPU status word when they are not always relevant. The IS bit tells
whether an exception is a stack fault and is only relevant when the
exception is IE (invalid operation.) The C1 bit determines whether a
stack fault is overflow or underflow and is only relevant when IS and IE
are set.
projects / karo-tx-linux.git / log