12 Feb, 2011
7 commits
-
While applying patch to use memblock to find aperture for 64bit x86.
Ingo found system with 1g + force_iommu> No AGP bridge found
> Node 0: aperture @ 38000000 size 32 MB
> Aperture pointing to e820 RAM. Ignoring.
> Your BIOS doesn't leave a aperture memory hole
> Please enable the IOMMU option in the BIOS setup
> This costs you 64 MB of RAM
> Cannot allocate aperture memory hole (0,65536K)the corresponding code:
addr = memblock_find_in_range(0, 1ULL<< 0xffffffff) {
printk(KERN_ERR
"Cannot allocate aperture memory hole (%lx,%uK)\n",
addr, aper_size>>10);
return 0;
}
memblock_x86_reserve_range(addr, addr + aper_size, "aperture64")fails because memblock core code align the size with 512M. That could
make size way too big.So don't align the size in that case.
actually __memblock_alloc_base, the another caller already align that
before calling that function.BTW. x86 does not use __memblock_alloc_base...
Signed-off-by: Yinghai Lu
Cc: Ingo Molnar
Cc: David Miller
Cc: "H. Peter Anvin"
Cc: Benjamin Herrenschmidt
Cc: Dave Airlie
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 2a48fc0ab242417 ("block: autoconvert trivial BKL users to private
mutex") replaced uses of the BKL in the nbd driver with mutex
operations. Since then, I've been been seeing these lock ups:INFO: task qemu-nbd:16115 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
qemu-nbd D 0000000000000001 0 16115 16114 0x00000004
ffff88007d775d98 0000000000000082 ffff88007d775fd8 ffff88007d774000
0000000000013a80 ffff8800020347e0 ffff88007d775fd8 0000000000013a80
ffff880133730000 ffff880002034440 ffffea0004333db8 ffffffffa071c020
Call Trace:
[] __mutex_lock_slowpath+0xf7/0x180
[] mutex_lock+0x2b/0x50
[] nbd_ioctl+0x6c/0x1c0 [nbd]
[] blkdev_ioctl+0x230/0x730
[] block_ioctl+0x41/0x50
[] do_vfs_ioctl+0x93/0x370
[] sys_ioctl+0x81/0xa0
[] system_call_fastpath+0x16/0x1bInstrumenting the nbd module's ioctl handler with some extra logging
clearly shows the NBD_DO_IT ioctl being invoked which is a long-lived
ioctl in the sense that it doesn't return until another ioctl asks the
driver to disconnect. However, that other ioctl blocks, waiting for the
module-level mutex that replaced the BKL, and then we're stuck.This patch removes the module-level mutex altogether. It's clearly
wrong, and as far as I can see, it's entirely unnecessary, since the nbd
driver maintains per-device mutexes, and I don't see anything that would
require a module-level (or kernel-level, for that matter) mutex.Signed-off-by: Soren Hansen
Acked-by: Serge Hallyn
Acked-by: Paul Clements
Cc: Arnd Bergmann
Cc: Jens Axboe
Cc: [2.6.37.x]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In file drivers/rtc/rtc-proc.c seq_open() can return -ENOMEM.
86 if (!try_module_get(THIS_MODULE))
87 return -ENODEV;
88
89 return single_open(file, rtc_proc_show, rtc);In this case before exiting (line 89) from rtc_proc_open the
module_put(THIS_MODULE) must be called.Found by Linux Device Drivers Verification Project
Signed-off-by: Alexander Strakh
Cc: Alessandro Zummo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add a mutex to register communication and handling. Without the mutex,
GPIOs didn't switch as expected when toggled in a fast sequence of
status changes of multiple outputs.Signed-off-by: Roland Stigge
Acked-by: Eric Miao
Cc: Grant Likely
Cc: Marc Zyngier
Cc: Ben Gardner
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The wake_up_process() call in ptrace_detach() is spurious and not
interlocked with the tracee state. IOW, the tracee could be running or
sleeping in any place in the kernel by the time wake_up_process() is
called. This can lead to the tracee waking up unexpectedly which can be
dangerous.The wake_up is spurious and should be removed but for now reduce its
toxicity by only waking up if the tracee is in TRACED or STOPPED state.This bug can possibly be used as an attack vector. I don't think it
will take too much effort to come up with an attack which triggers oops
somewhere. Most sleeps are wrapped in condition test loops and should
be safe but we have quite a number of places where sleep and wakeup
conditions are expected to be interlocked. Although the window of
opportunity is tiny, ptrace can be used by non-privileged users and with
some loading the window can definitely be extended and exploited.Signed-off-by: Tejun Heo
Acked-by: Roland McGrath
Acked-by: Oleg Nesterov
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In commit fa0d7e3de6d6 ("fs: icache RCU free inodes"), we use rcu free
inode instead of freeing the inode directly. It causes a crash when we
rmmod immediately after we umount the volume[1].So we need to call rcu_barrier after we kill_sb so that the inode is
freed before we do rmmod. The idea is inspired by Aneesh Kumar.
rcu_barrier will wait for all callbacks to end before preceding. The
original patch was done by Tao Ma, but synchronize_rcu() is not enough
here.1. http://marc.info/?l=linux-fsdevel&m=129680863330185&w=2
Tested-by: Tao Ma
Signed-off-by: Boaz Harrosh
Cc: Nick Piggin
Cc: Al Viro
Cc: Chris Mason
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In commit 31e6b01f4183 ("fs: rcu-walk for path lookup") we started doing
path lookup using RCU, which then falls back to a careful non-RCU lookup
in case of problems (LOOKUP_REVAL). So do_filp_open() has this "re-do
the lookup carefully" looping case.However, that means that we must not release the open-intent file data
if we are going to loop around and use it once more!Fix this by moving the release of the open-intent data to the function
that allocates it (do_filp_open() itself) rather than the helper
functions that can get called multiple times (finish_open() and
do_last()). This makes the logic for the lifetime of that field much
more obvious, and avoids the possible double free.Reported-by: J. R. Okajima
Acked-by: Al Viro
Cc: Nick Piggin
Cc: Andrew Morton
Signed-off-by: Linus Torvalds
11 Feb, 2011
8 commits
-
This patch fixes an OOPS triggered when calling modprobe ipmi_si a
second time after the first modprobe returned without finding any ipmi
devices. This can happen if you reload the module after having the
first module load fail. The driver was not deregistering from PNP in
that case.Peter Huewe originally reported this patch and supplied a fix, I have a
different patch based on Linus' suggestion that cleans things up a bit
more.Cc: stable@kernel.org
Cc: openipmi-developer@lists.sourceforge.net
Reviewed-by: Peter Huewe
Cc: Randy Dunlap
Signed-off-by: Corey Minyard
Signed-off-by: Linus Torvalds -
In commit ce6ada35bdf7 ("security: Define CAP_SYSLOG") Serge Hallyn
introduced CAP_SYSLOG, but broke backwards compatibility by no longer
accepting CAP_SYS_ADMIN as an override (it would cause a warning and
then reject the operation).Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable
capability until any legacy applications have been updated. There are
apparently applications out there that drop all capabilities except for
CAP_SYS_ADMIN in order to access the syslog.(This is a re-implementation of a patch by Serge, cleaning the logic up
and making the code more readable)Acked-by: Serge Hallyn
Reviewed-by: James Morris
Signed-off-by: Linus Torvalds -
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (21 commits)
USB: cdc-acm: Adding second ACM channel support for Nokia N8
USB, Mass Storage, composite, gadget: Fix build failure and memset of a struct
USB: Fix trout build failure with ci13xxx_msm gadget
USB: EHCI: fix scheduling while atomic during suspend
USB: usb-storage: unusual_devs entry for Coby MP3 player
USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research spectrograph
USB: fix race between root-hub resume and wakeup requests
USB: prevent buggy hubs from crashing the USB stack
usb: r8a66597-udc: Fixed bufnum of Bulk
USB: ftdi_sio: add ST Micro Connect Lite uart support
USB: Storage: Add unusual_devs entry for VTech Kidizoom
USB SL811HS HCD: Fix memory leak in sl811h_urb_enqueue()
USB: ti_usb: fix module removal
USB: io_edgeport: fix the reported firmware major and minor
usb: ehci-omap: Show fatal probing time errors to end user
usb: musb: introduce api for dma code to check compatibility with usb request
usb: musb: maintain three states for buffer mappings instead of two
usb: musb: disable double buffering when it's broken
usb: musb: hsdma: change back to use musb_read/writew
usb: musb: core: fix IRQ check
... -
* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
serial: bfin_5xx: split uart RX lock from uart port lock to avoid deadlock
68360serial: Plumb in rs_360_get_icount()
n_gsm: copy mtu over when configuring via ioctl interface
virtio: console: Move file back to drivers/char/ -
* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
staging: zram: fix data corruption issue
Staging: Comedi: Fix a few NI module dependencies
Staging: comedi: Add MODULE_LICENSE and similar to NI modules
staging: brcm80211: bugfix for softmac crash on multi cpu configurations
staging: sst: Fix for dmic capture on v2 pmic
staging: hv: Enable sending GARP packet after live migration -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)
virtio_net: Add schedule check to napi_enable call
x25: Do not reference freed memory.
pch_can: fix tseg1/tseg2 setting issue
isdn: hysdn: Kill (partially buggy) CVS regision log reporting.
can: softing_cs needs slab.h
pch_gbe: Fix the issue which a driver locks when rx offload is set by ethtool
netfilter: nf_conntrack: set conntrack templates again if we return NF_REPEAT
pch_can: fix module reload issue with MSI
pch_can: fix rmmod issue
pch_can: fix 800k comms issue
net: Fix lockdep regression caused by initializing netdev queues too early.
net/caif: Fix dangling list pointer in freed object on error.
USB CDC NCM errata updates for cdc_ncm host driver
CDC NCM errata updates for cdc.h
ixgbe: update version string
ixgbe: cleanup variable initialization
ixgbe: limit VF access to network traffic
ixgbe: fix for 82599 erratum on Header Splitting
ixgbe: fix variable set but not used warnings by gcc 4.6
e1000: add support for Marvell Alaska M88E1118R PHY
... -
Under harsh testing conditions, including low memory, the guest would
stop receiving packets. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers
Signed-off-by: Olaf Kirch
Cc: stable@kernel.org
Signed-off-by: Rusty Russell
Signed-off-by: David S. Miller -
Fixes a hang when booting as dom0 under Xen, when jiffies can be
quite large by the time the kernel init gets this far.Signed-off-by: Tim Deegan
[jbeulich@novell.com: !time_after() -> time_before_eq() as suggested by Jiri Slaby]
Signed-off-by: Jan Beulich
Cc: Jiri Slaby
Cc: Jeremy Fitzhardinge
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds
10 Feb, 2011
13 commits
-
In x25_link_free(), we destroy 'nb' before dereferencing
'nb->dev'. Don't do this, because 'nb' might be freed
by then.Reported-by: Randy Dunlap
Tested-by: Randy Dunlap
Signed-off-by: David S. Miller -
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
deb-pkg: Fix building outside of source tree (O=...).
deb-pkg: Use $SRCARCH for include path -
Previous patch "[PATCH 1/3] pch_can: fix 800k comms issue" is wrong.
I should have modified tseg1_min not tseg2_min.
This patch reverts tseg2_min to 1 and set tseg1_min to 2.Signed-off-by: Tomoya MORINAGA
Signed-off-by: David S. Miller -
Some cases try to modify const strings, and in any event the
CVS revision strings have not changed in over ten years making
these printouts completely worthless.Just kill all of this stuff off.
Reported-by: Randy Dunlap
Signed-off-by: David S. Miller -
From: Randy Dunlap
softing_cs.c uses kzalloc & kfree, so it needs to include linux/slab.h.
drivers/net/can/softing/softing_cs.c:234: error: implicit declaration of function 'kfree'
drivers/net/can/softing/softing_cs.c:271: error: implicit declaration of function 'kzalloc'Signed-off-by: Randy Dunlap
Signed-off-by: David S. Miller -
This driver will be in a deadlock, When the rx offload is set by ethtool.
The pch_gbe_reinit_locked function was modified.Signed-off-by: Toshiharu Okada
Signed-off-by: David S. Miller -
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
virtio: console: Update Copyright
virtio: console: Wake up outvq on host notifications -
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
cdrom: support devices that have check_events but not media_changed
cfq-iosched: Don't wait if queue already has requests.
blkio-throttle: Avoid calling blkiocg_lookup_group() for root group
cfq: rename a function to give it more appropriate name
cciss: make cciss_revalidate not loop through CISS_MAX_LUNS volumes unnecessarily.
drivers/block/aoe/Makefile: replace the use of -objs with -y
loop: queue_lock NULL pointer derefence in blk_throtl_exit
drivers/block/Makefile: replace the use of -objs with -y
blktrace: Don't output messages if NOTIFY isn't set. -
* 'for-linus' of git://neil.brown.name/md:
FIX: md: process hangs at wait_barrier after 0->10 takeover
md_make_request: don't touch the bio after calling make_request
md: Don't allow slot_store while resync/recovery is happening.
md: don't clear curr_resync_completed at end of resync.
md: Don't use remove_and_add_spares to remove failed devices from a read-only array
Add raid1->raid0 takeover support
md: Remove the AllReserved flag for component devices.
md: don't abort checking spares as soon as one cannot be added.
md: fix the test for finding spares in raid5_start_reshape.
md: simplify some 'if' conditionals in raid5_start_reshape.
md: revert change to raid_disks on failure. -
In zram_read() and zram_write() we were not incrementing the
index number and thus were reading/writing values from/to
incorrect sectors on zram disk, resulting in data corruption.Signed-off-by: Nitin Gupta
Cc: stable
Signed-off-by: Greg Kroah-Hartman -
The ni_tio and ni_tio modules do not depend on the 8255 module, but the
ni_atmio, ni_mio_cs and ni_pcimio modules do need the 8255 module. The
ni_pcimio module also needs the comedi_fc module.Signed-off-by: Ian Abbott
Signed-off-by: Greg Kroah-Hartman -
As mentioned by W. Trevor King on the devel@linuxdriverproject.org list
on "Thu, 27 Jan 2011 18:52:15 -0500", "Message-ID:
", the ni_pcimio module
is missing module metadata, including a license.This patch adds module metadata to all the NI comedi driver modules. It
also removes a duplicate MODULE_LICENSE("GPL") line from the "mite"
module.Signed-off-by: Ian Abbott
Cc: W. Trevor King
Signed-off-by: Greg Kroah-Hartman
09 Feb, 2011
12 commits
-
Commit 93aae17af1172c40c6f74b7294e93a90c3cfaa5d ("sr: implement
sr_check_events()") replaced the media_changed op with the
check_events op in drivers/scsi/sr.cAll users that check for the CDC_MEDIA_CHANGED capbility try both
the check_events op and the media_changed op, but register_cdrom()
was requiring media_changed.This patch fixes the capability checking.
The cdrom_select_disc ioctl is also using the two operations, so
they should be required for CDC_SELECT_DISC too.Signed-off-by: Simon Arlott
Cc: Tejun Heo
Cc: Kay Sievers
Tested-by: Chris Clayton
Signed-off-by: Jens Axboe -
Commit 7667aa0630407bc07dc38dcc79d29cc0a65553c1 added logic to wait for
the last queue of the group to become busy (have at least one request),
so that the group does not lose out for not being continuously
backlogged. The commit did not check for the condition that the last
queue already has some requests. As a result, if the queue already has
requests, wait_busy is set. Later on, cfq_select_queue() checks the
flag, and decides that since the queue has a request now and wait_busy
is set, the queue is expired. This results in early expiration of the
queue.This patch fixes the problem by adding a check to see if queue already
has requests. If it does, wait_busy is not set. As a result, time slices
do not expire early.The queues with more than one request are usually buffered writers.
Testing shows improvement in isolation between buffered writers.Cc: stable@kernel.org
Signed-off-by: Justin TerAvest
Reviewed-by: Gui Jianfeng
Acked-by: Vivek Goyal
Signed-off-by: Jens Axboe -
The TCP tracking code has a special case that allows to return
NF_REPEAT if we receive a new SYN packet while in TIME_WAIT state.In this situation, the TCP tracking code destroys the existing
conntrack to start a new clean session.[DESTROY] tcp 6 src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925 [ASSURED]
[NEW] tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 [UNREPLIED] src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925However, this is a problem for the iptables' CT target event filtering
which will not work in this case since the conntrack template will not
be there for the new session. To fix this, we reassign the conntrack
template to the packet if we return NF_REPEAT.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy -
Currently, in case reload pch_can,
pch_can not to be able to catch interrupt.The cause is bus-master is not set in pch_can.
Thus, add enabling bus-master processing.Signed-off-by: Tomoya MORINAGA
Signed-off-by: David S. Miller -
Currently, when rmmod pch_can, kernel failure occurs.
The cause is pci_iounmap executed before pch_can_reset.
Thus pci_iounmap moves after pch_can_reset.Signed-off-by: Tomoya MORINAGA
Signed-off-by: David S. Miller -
Currently, 800k comms fails since prop_seg set zero.
(EG20T PCH CAN register of prop_seg must be set more than 1)
To prevent prop_seg set to zero, change tseg2_min 1 to 2.Signed-off-by: Tomoya MORINAGA
Signed-off-by: David S. Miller -
In commit aa9421041128abb4d269ee1dc502ff65fb3b7d69 ("net: init ingress
queue") we moved the allocation and lock initialization of the queues
into alloc_netdev_mq() since register_netdevice() is way too late.The problem is that dev->type is not setup until the setup()
callback is invoked by alloc_netdev_mq(), and the dev->type is
what determines the lockdep class to use for the locks in the
queues.Fix this by doing the queue allocation after the setup() callback
runs.This is safe because the setup() callback is not allowed to make any
state changes that need to be undone on error (memory allocations,
etc.). It may, however, make state changes that are undone by
free_netdev() (such as netif_napi_add(), which is done by the
ipoib driver's setup routine).The previous code also leaked a reference to the &init_net namespace
object on RX/TX queue allocation failures.Signed-off-by: David S. Miller
-
rtnl_link_ops->setup(), and the "setup" callback passed to alloc_netdev*(),
cannot make state changes which need to be undone on failure. There is
no cleanup mechanism available at this point.So we have to add the caif private instance to the global list once we
are sure that register_netdev() has succedded in ->newlink().Otherwise, if register_netdev() fails, the caller will invoke free_netdev()
and we will have a reference to freed up memory on the chnl_net_list.Signed-off-by: David S. Miller
-
Specification links:
- CDC NCM errata link:
http://www.usb.org/developers/devclass_docs/NCM10_012011.zip
- CDC and WMC errata link:
http://www.usb.org/developers/devclass_docs/CDC1.2_WMC1.1_012011.zipChanges:
- driver updated to match cdc.h header with errata changes
- added support for USB_CDC_SET_NTB_INPUT_SIZE control request with
8 byte length
- fixes to comply with specification: send only control requests supported by
device, set number of datagrams for IN direction, connection speed structure
update, etc.
- packet loss fixed for tx direction; misleading flag renamed.
- adjusted hard_mtu value.Signed-off-by: Alexey Orishko
Signed-off-by: David S. Miller -
Changes are based on the following documents:
- CDC NCM errata:
http://www.usb.org/developers/devclass_docs/NCM10_012011.zip
- CDC and WMC errata link:
http://www.usb.org/developers/devclass_docs/CDC1.2_WMC1.1_012011.zipSigned-off-by: Alexey Orishko
Acked-by: Greg Kroah-Hartman
Signed-off-by: David S. Miller -
Signed-off-by: Amit Shah
Signed-off-by: Rusty Russell -
The outvq needs to be woken up on host notifications so that buffers
consumed by the host can be reclaimed, outvq freed, and application
writes may proceed again.The need for this is now finally noticed when I have qemu patches ready
to use nonblocking IO and flow control.CC: Hans de Goede
CC: stable@kernel.org
Signed-off-by: Amit Shah
Signed-off-by: Rusty Russell
Acked-by: Hans de Goede
