24 Nov, 2005
14 commits
-
Fix a 32 bit integer overflow in invalidate_inode_pages2_range.
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Work around gcc-2.95.x macro expansion bug.
Cc: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 7d24f0b8a53261709938ffabe3e00f88f6498df9 fixed bugs in the ppc64 SLB
miss handler with respect to hugepage handling, and in the process tweaked
the semantics of the hugepage address masks in mm_context_t.Unfortunately, it left out a couple of necessary changes to go with that
change. First, the in_hugepage_area() macro was not updated to match,
second prepare_hugepage_range() was not updated to correctly handle
hugepages regions which straddled the 4GB point.The latter appears only to cause process-hangs when attempting to map such
a region, but the former can cause oopses if a get_user_pages() is
triggered at the wrong point. This patch addresses both bugs.Signed-off-by: David Gibson
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
If unregister_console() is inadvertently called while no consoles are
registered, it will crash trying to dereference NULL pointer. It is
necessary to fix that because register_console() provides no indication
that it actually registered the console passed in. In fact, it may well
decide not to register it based on various things...(akpm: It'd be better to make register_console() return something and fix the
callers. All 106 of them...)Signed-off-by: Benjamin Herrenschmidt
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
When non-leader thread does exec, de_thread adds old leader to the init's
->children list in EXIT_ZOMBIE state and drops tasklist_lock.This means that release_task(leader) in de_thread() is racy vs do_wait()
from init task.I think de_thread() should set old leader's state to EXIT_DEAD instead.
Signed-off-by: Oleg Nesterov
Cc: george anzinger
Cc: Roland Dreier
Cc: Ingo Molnar
Cc: Linus Torvalds
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix a bug in kprobes that can cause an Oops or even a crash when a return
probe is installed on one of the following functions: sys_execve,
do_execve, load_*_binary, flush_old_exec, or flush_thread. The fix is to
remove the call to kprobe_flush_task() in flush_thread(). This fix has
been tested on all architectures for which the return-probes feature has
been implemented (i386, x86_64, ppc64, ia64). Please apply.BACKGROUND
Up to now, we have called kprobe_flush_task() under two situations: when a
task exits, and when it execs. Flushing kretprobe_instances on exit is
correct because (a) do_exit() doesn't return, and (b) one or more
return-probed functions may be active when a task calls do_exit(). Neither
is the case for sys_execve() and its callees.Initially, the mistaken call to kprobe_flush_task() on exec was harmless
because we put the "real" return address of each active probed function
back in the stack, just to be safe, when we recycled its
kretprobe_instance. When support for ppc64 and ia64 was added, this safety
measure couldn't be employed, and was eventually dropped even for i386 and
x86_64. sys_execve() and its callees were informally blacklisted for
return probes until this fix was developed.Acked-by: Prasanna S Panchamukhi
Signed-off-by: Jim Keniston
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
alpha, sparc64, x86_64 are each missing some primitives from their atomic64
support: fill in the gaps I've noticed by extrapolating asm, follow the
groupings in each file. But powerpc and parisc still lack atomic64.Signed-off-by: Hugh Dickins
Cc: Richard Henderson
Cc: Ivan Kokshaysky
Cc: "David S. Miller"
Cc: Andi Kleen
Cc: Nick Piggin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Restore an earlier mod which went missing in the powerpc reshuffle: the 4xx
mmu_mapin_ram does not need to take init_mm.page_table_lock.Signed-off-by: Hugh Dickins
Cc: Paul Mackerras
Cc: Benjamin Herrenschmidt
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Update comments (only) on page_table_lock and mmap_sem in arch/powerpc.
Removed the comment on page_table_lock from hash_huge_page: since it's no
longer taking page_table_lock itself, it's irrelevant whether others are; but
how it is safe (even against huge file truncation?) I can't say.Signed-off-by: Hugh Dickins
Cc: Paul Mackerras
Cc: Benjamin Herrenschmidt
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The follow_page changes in get_futex_key have left it with two almost
identical blocks, when handling the rare case of a futex in a nonlinear vma.
get_user_pages will itself do that follow_page, and its additional
find_extend_vma is hardly any overhead since the vma is already cached. Let's
just delete the follow_page block and let get_user_pages do it.Signed-off-by: Hugh Dickins
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Closer attention to the arithmetic shows that neither ppc64 nor sparc really
uses one page for multiple page tables: how on earth could they, while
pte_alloc_one returns just a struct page pointer, with no offset?Well, arm26 manages it by returning a pte_t pointer cast to a struct page
pointer, harumph, then compensating in its pmd_populate. But arm26 is never
SMP, so it's not a problem for split ptlock either.And the PA-RISC situation has been recently improved: CONFIG_PA20 works
without the 16-byte alignment which inflated its spinlock_t. But the current
union of spinlock_t with private does make the 7xxx struct page significantly
larger, even without debug, so disable its split ptlock.Signed-off-by: Hugh Dickins
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This fix causes problems on the very first floppy access - we haven't yet
talked to the FDC so we don't know which state the write-protect tab is in.Revert for now.
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Most of the functions already check. Do the ones that didn't.
Signed-off-by: Matthew Wilcox
Signed-off-by: Linus Torvalds -
This reverts commit af2b4079ab154bd12e8c12b02db5f31b31babe63
Changing the #define to an inline function breaks on non-SMP builds,
since wuite a few places in the kernel do not implement the ipi handler
when compiling for UP.Signed-off-by: Linus Torvalds
23 Nov, 2005
26 commits
-
The ext3 compat-ioctl translation wants to translate data structures
that only declared when CONFIG_JBD was enabled.So make play nicely even when we don't actually end up
using it.Acked-by: Andrew Morton
Acked-by: Jeffrey Hundstad
Acked-by: Zan Lynx
Signed-off-by: Linus Torvalds -
There was some confusion about the different zone usage, this should fix
up the resulting mess in the GFP zonemask handling.The different zone usage is still confusing (it's very easy to mix up
the individual zone numbers with the GFP zone _list_ numbers), so we
might want to clean up some of this in the future, but in the meantime
this should fix the actual problems.Acked-by: Andi Kleen
Signed-off-by: Linus Torvalds -
"extern inline" doesn't make much sense.
Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller -
Patch to ifenslave so that under older ABI versions, a failure to propogate ip
information from master to slave does not result in a filure to enslave the
slave device.Signed-off-by: Neil Horman
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
Remove proto == NULL checking since ip_conntrack_[nat_]proto_find_get
always returns a valid pointer.Fix missing ip_conntrack_proto_put in some paths.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This patch fixes the problem with promoting aliases when:
a) a single primary and > 1 secondary addresses
b) multiple primary addresses each with at least one secondary addressBased on earlier efforts from Brian Pomerantz ,
Patrick McHardy and Thomas GrafSigned-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Not really a network problem, more a !SMP issue.
net/core/flow.c:295: warning: statement with no effect
flow.c:295: smp_call_function(flow_cache_flush_per_cpu, &info, 1, 0);
Fix this by converting the macro to an inline function, which
also increases the typechecking for !SMP builds.Signed-off-by: Russell King
Signed-off-by: David S. Miller -
This makes pkg-config now the prefered way to configure QT and properly
fixes the recent Fedora breakage and leaves the old QT detection as
fallback mechanism.Signed-off-by: Roman Zippel
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The spinlock region_lock is held while calling mark_region which can sleep.
Drop the spinlock before calling that function.A region's state and inclusion in the clean list are altered by rh_inc and
rh_dec. The state variable is set to RH_CLEAN in rh_dec, but only if
'pending' is zero. It is set to RH_DIRTY in rh_inc, but not if it is already
so. The changes to 'pending', the state, and the region's inclusion in the
clean list need to be atomicly.Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
bio_list_merge() should do nothing if the second list is empty - not oops.
Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
do_end_io() can be called without interrupts blocked.
Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The linux bitset operators (test_bit, set_bit etc) work on arrays of "unsigned
long". dm-log uses such bitsets but treats them as arrays of uint32_t, only
allocating and zeroing a multiple of 4 bytes (as 'clean_bits' is a uint32_t).The patch below fixes this problem.
The problem is specific to 64-bit big endian machines such as s390x or ppc-64
and can prevent pvmove terminating.In the simplest case, if "region_count" were (say) 30, then
bitset_size (below) would be 4 and bitset_uint32_count would be 1.
Thus the memory for this butset, after allocation and zeroing would
be
0 0 0 0 X X X X
On a bigendian 64bit machine, bit 0 for this bitset is in the 8th
byte! (and every bit that dm-log would use would be in the X area).0 0 0 0 X X X X
^
herewhich hasn't been cleared properly.
As the dm-raid1 code only syncs and counts regions which have a 0 in the
'sync_bits' bitset, and only finishes when it has counted high enough, a large
number of 1's among those 'X's will cause the sync to not complete.It is worth noting that the code uses the same bitsets for in-memory and
on-disk logs. As these bitsets are host-endian and host-sized, this means
that they cannot safely be moved between computers withSigned-off-by: Neil Brown
Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In some circumstances the LIST_VERSIONS output is truncated because the size
calculation forgets about a 'uint32_t' in each structure - but the inclusion
of the whole of ALIGN_MASK frequently compensates for the omission.This is a quick workaround to use an upper bound. (The code ought to be fixed
to supply the actual size.)Running 'dmsetup targets' may demonstrate the problem: when I run it, the last
line comes out as 'erro' instead of 'error'. Consequently, 'lvcreate --type
error' doesn't work.Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
An error path in table_load() forgets to release a table that won't now be
referenced.Signed-off-by: Alasdair G Kergon
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Correct lots of URLs in Documentation/ Also a few minor whitespace cleanups
and typo/spello fixes. Sadly there are still a lot of bad URLs remaining.Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This driver only appears on IA32 & EM64T boxes.
Signed-off-by: Dave Jones
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
scsi_get_command() attempts to write into a structure that may not have
been successfully allocated. Move this write inside the if statement that
ensures we won't panic the kernel with a NULL pointer dereference.Signed-off-by: Matthew Dobson
Cc: James Bottomley
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
drivers/cpufreq/cpufreq.c: In function `cpufreq_remove_dev':
drivers/cpufreq/cpufreq.c:696: warning: unused variable `cpu_sys_dev'Signed-off-by: Grant Coady
Cc: Dave Jones
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
If there are multiple updaters to /proc/sys/vm/nr_hugepages simultaneously
it is possible for the nr_huge_pages variable to become incorrect. There
is no locking in the set_max_huge_pages function around
alloc_fresh_huge_page which is able to update nr_huge_pages. Two callers
to alloc_fresh_huge_page could race against each other as could a call to
alloc_fresh_huge_page and a call to update_and_free_page. This patch just
expands the area covered by the hugetlb_lock to cover the call into
alloc_fresh_huge_page. I'm not sure how we could say that a sysctl section
is performance critical where more specific locking would be needed.My reproducer was to run a couple copies of the following script
simultaneouslywhile [ true ]; do
echo 1000 > /proc/sys/vm/nr_hugepages
echo 500 > /proc/sys/vm/nr_hugepages
echo 750 > /proc/sys/vm/nr_hugepages
echo 100 > /proc/sys/vm/nr_hugepages
echo 0 > /proc/sys/vm/nr_hugepages
doneand then watch /proc/meminfo and eventually you will see things like
HugePages_Total: 100
HugePages_Free: 109After applying the patch all seemed well.
Signed-off-by: Eric Paris
Acked-by: William Irwin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Reported by: Wayne E. Harlan
"[1.] One line summary of the problem:
When the kernel option "vga=1" is used, additional tty's (alt+control+Fx
with x=2,3,4,5, etc) do not provide the full 50 lines of output. The first
one does have 50 lines, however.[2.] Full description of the problem/report:
These addtitional tty's show only 39 lines plus the top pixel of the 40-th
line. The remaining lines are black and not shown. Kernel version
2.6.13.4 does not show this problem."This bug is caused by using a stale font height value on vgacon_init.
Booting with vga=1 gives an 80x50 screen with an 8x8 font. Somewhere
during the initialization, the font was changed to 8x9 and the first
vc was correctly resized to 80x44. However, the rest of the vc's were
not allocated yet, and when they were subsequently initialized, they
still used a font height of 8 (instead of 9) causing the mentioned bug.Fix by saving the new font height to vga_video_font_height.
Signed-off-by: Antonino Daplas
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The shift value (amount to shift the bitmap so first pixel starts at
origin(0,0)) is incorrect. This causes corrupted characters or a kernel crash
if fontwidth is not divisible by 8 at 270 degrees, or fontheight not divisible
by 8 at 180 degrees.Report and part of the fix contributed by Knut Petersen.
Signed-off-by: Antonino Daplas
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently, if a hugetlbfs is mounted without limits (the default), statfs()
will return -1 for max/free/used blocks. This does not appear to be in
line with normal convention: simple_statfs() and shmem_statfs() both return
0 in similar cases. Worse, it confuses the translation logic in
put_compat_statfs(), causing it to return -EOVERFLOW on such a mount.This patch alters hugetlbfs_statfs() to return 0 for max/free/used blocks
on a mount without limits. Note that we need the test in the patch below,
rather than just using 0 in the sbinfo structure, because the -1 marked in
the free blocks field is used internally to tell theSigned-off-by: David Gibson
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In fs/compat.c, whenever put_compat_statfs() returns an error, the
containing syscall returns -EFAULT. This is presumably by analogy with the
non-compat case, where any non-zero code from copy_to_user() should be
translated into an EFAULT. However, put_compat_statfs() is also return
-EOVERFLOW. The same applies for put_compat_statfs64().This bug can be observed with a statfs() on a hugetlbfs directory.
hugetlbfs, when mounted without limits reports available, free and total
blocks as -1 (itself a bug, another patch coming). statfs() will
mysteriously return EFAULT although it's parameters are perfectly valid
addresses.This patch causes the compat versions of statfs() and statfs64() to
correctly propogate the return values from put_compat_statfs() and
put_compat_statfs64().Signed-off-by: David Gibson
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Earlier I unifdefed PageCompound, so that snd_pcm_mmap_control_nopage and
others can give out a 0-order component of a higher-order page, which won't
be mistakenly freed when zap_pte_range unmaps it. But many Bad page states
reported a PG_reserved was freed after all: I had missed that we need to
say __GFP_COMP to get compound page behaviour.Some of these higher-order pages are allocated by snd_malloc_pages, some by
snd_malloc_dev_pages; or if SBUS, by sbus_alloc_consistent - but that has
no gfp arg, so add __GFP_COMP into its sparc32/64 implementations.I'm still rather puzzled that DRM seems not to need a similar change.
Signed-off-by: Hugh Dickins
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
