09 Oct, 2007
5 commits
-
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPv6]: Fix ICMPv6 redirect handling with target multicast address
[PKT_SCHED] cls_u32: error code isn't been propogated properly
[ROSE]: Fix rose.ko oops on unload
[TCP]: Fix fastpath_cnt_hint when GSO skb is partially ACKed -
When IOCB_FLAG_RESFD flag is set and iocb->aio_resfd is incorrect,
statement 'goto out_put_req' is executed. At label 'out_put_req',
aio_put_req(..) is called, which requires 'req->ki_filp' set.Signed-off-by: Yan Zheng
Cc: Zach Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
find_lock_page increases page's usage count, we should decrease it
before return VM_FAULT_SIGBUSSigned-off-by: Yan Zheng
Cc: Nick Piggin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The test for VM_CAN_NONLINEAR always fails
Signed-off-by: Yan Zheng
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
All the current page_mkwrite() implementations also set the page dirty. Which
results in the set_page_dirty_balance() call to _not_ call balance, because the
page is already found dirty.This allows us to dirty a _lot_ of pages without ever hitting
balance_dirty_pages(). Not good (tm).Force a balance call if ->page_mkwrite() was successful.
Signed-off-by: Peter Zijlstra
Signed-off-by: Linus Torvalds
08 Oct, 2007
15 commits
-
When the ICMPv6 Target address is multicast, Linux processes the
redirect instead of dropping it. The problem is in this code in
ndisc_redirect_rcv():if (ipv6_addr_equal(dest, target)) {
on_link = 1;
} else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
ND_PRINTK2(KERN_WARNING
"ICMPv6 Redirect: target address is not
link-local.\n");
return;
}This second check will succeed if the Target address is, for example,
FF02::1 because it has link-local scope. Instead, it should be checking
if it's a unicast link-local address, as stated in RFC 2461/4861 Section
8.1:- The ICMP Target Address is either a link-local address (when
redirected to a router) or the same as the ICMP Destination
Address (when redirected to the on-link destination).I know this doesn't explicitly say unicast link-local address, but it's
implied.This bug is preventing Linux kernels from achieving IPv6 Logo Phase II
certification because of a recent error that was found in the TAHI test
suite - Neighbor Disovery suite test 206 (v6LC.2.3.6_G) had the
multicast address in the Destination field instead of Target field, so
we were passing the test. This won't be the case anymore.The patch below fixes this problem, and also fixes ndisc_send_redirect()
to not send an invalid redirect with a multicast address in the Target
field. I re-ran the TAHI Neighbor Discovery section to make sure Linux
passes all 245 tests now.Signed-off-by: Brian Haley
Acked-by: David L Stevens
Signed-off-by: David S. Miller -
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Commit a3d384029aa304f8f3f5355d35f0ae274454f7cd aka
"[AX.25]: Fix unchecked rose_add_loopback_neigh uses"
transformed rose_loopback_neigh var into statically allocated one.
However, on unload it will be kfree's which can't work.Steps to reproduce:
modprobe rose
rmmod roseBUG: unable to handle kernel NULL pointer dereference at virtual address 00000008
printing eip:
c014c664
*pde = 00000000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: rose ax25 fan ufs loop usbhid rtc snd_intel8x0 snd_ac97_codec ehci_hcd ac97_bus uhci_hcd thermal usbcore button processor evdev sr_mod cdrom
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00210086 (2.6.23-rc9 #3)
EIP is at kfree+0x48/0xa1
eax: 00000556 ebx: c1734aa0 ecx: f6a5e000 edx: f7082000
esi: 00000000 edi: f9a55d20 ebp: 00200287 esp: f6a5ef28
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process rmmod (pid: 1823, ti=f6a5e000 task=f7082000 task.ti=f6a5e000)
Stack: f9a55d20 f9a5200c 00000000 00000000 00000000 f6a5e000 f9a5200c f9a55a00
00000000 bf818cf0 f9a51f3f f9a55a00 00000000 c0132c60 65736f72 00000000
f69f9630 f69f9528 c014244a f6a4e900 00200246 f7082000 c01025e6 00000000
Call Trace:
[] rose_rt_free+0x1d/0x49 [rose]
[] rose_rt_free+0x1d/0x49 [rose]
[] rose_exit+0x4c/0xd5 [rose]
[] sys_delete_module+0x15e/0x186
[] remove_vma+0x40/0x45
[] sysenter_past_esp+0x8f/0x99
[] trace_hardirqs_on+0x118/0x13b
[] sysenter_past_esp+0x5f/0x99
=======================
Code: 05 03 1d 80 db 5b c0 8b 03 25 00 40 02 00 3d 00 40 02 00 75 03 8b 5b 0c 8b 73 10 8b 44 24 18 89 44 24 04 9c 5d fa e8 77 df fd ff 56 08 89 f8 e8 84 f4 fd ff e8 bd 32 06 00 3b 5c 86 60 75 0f
EIP: [] kfree+0x48/0xa1 SS:ESP 0068:f6a5ef28Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
When only GSO skb was partially ACKed, no hints are reset,
therefore fastpath_cnt_hint must be tweaked too or else it can
corrupt fackets_out. The corruption to occur, one must have
non-trivial ACK/SACK sequence, so this bug is not very often
that harmful. There's a fackets_out state reset in TCP because
fackets_out is known to be inaccurate and that fixes the issue
eventually anyway.In case there was also at least one skb that got fully ACKed,
the fastpath_skb_hint is set to NULL which causes a recount for
fastpath_cnt_hint (the old value won't be accessed anymore),
thus it can safely be decremented without additional checking.Reported by Cedric Le Goater
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
We should only reparent to a class former class devices that
form the base of class hierarchy. Nested devices should still
grow from their real parents.Signed-off-by: Dmitry Torokhov
Tested-by: Andrey Borzenkov
Tested-by: Anssi Hannula
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: point to migration document -
Add the manufacturer and card id of teltonica pcmcia modems to serial_cs.c
Signed-off-by: Attila Kinali
Acked-by: Alan Cox
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Document sequence of keypresses that actually works. Yes, this changed
year-or-so ago.Signed-off-by: Pavel Machek
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Async signals should not be reported as sent by current in audit log. As
it is, we call audit_signal_info() too early in check_kill_permission().
Note that check_kill_permission() has that test already - it needs to know
if it should apply current-based permission checks. So the solution is to
move the call of audit_signal_info() between those.Bogosity in question is easily reproduced - add a rule watching for e.g.
kill(2) from specific process (so that audit_signal_info() would not
short-circuit to nothing), say load_policy, watch the bogus OBJ_PID entry
in audit logs claiming that write(2) on selinuxfs file issued by
load_policy(8) had somehow managed to send a signal to syslogd...Signed-off-by: Al Viro
Acked-by: Steve Grubb
Acked-by: Eric Paris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Modulat lguest started giving linking errors
MODPOST 1 modules
ERROR: "kasprintf" [drivers/lguest/lg.ko] undefined!Signed-off-by: Alexey Dobriyan
Cc: Rusty Russell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Provide some documentation for CONFIG_LOCK_STAT.
Signed-off-by: Peter Zijlstra
Acked-by: Ingo Molnar
Cc: "Randy.Dunlap"
Cc: Rob Landley
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
VIA C3 Ezra-T has RevisionID equal to 1, but it needs RevisionKey to be 0
or CPU will ignore new frequency and will continue to work at old
frequency. New "revid_errata" option will force RevisionKey to be set to
0, whatever RevisionID is.Additionaly "Longhaul" will not silently ignore unsuccessful transition.
It will try to check if "revid_errata" or "disable_acpi_c3" options need to
be enabled for this processor/system.Same for Longhaul ver. 2 support. It will be disabled if none of above
options will work.Best case scenario (with patch apllied and v2 enabled):
longhaul: VIA C3 'Ezra' [C5C] CPU detected. Longhaul v2 supported.
longhaul: Using northbridge support.
longhaul: VRM 8.5
longhaul: Max VID=1.350 Min VID=1.050, 13 possible voltage scales
longhaul: f: 300000 kHz, index: 0, vid: 1050 mV
[...]
longhaul: Voltage scaling enabled.
Worst case scenario:
longhaul: VIA C3 'Ezra-T' [C5M] CPU detected. Powersaver supported.
longhaul: Using northbridge support.
longhaul: Using ACPI support.
longhaul: VRM 8.5
longhaul: Claims to support voltage scaling but min & max are both 1.250. Voltage scaling disabled
longhaul: Failed to set requested frequency!
longhaul: Enabling "Ignore Revision ID" option.
longhaul: Failed to set requested frequency!
longhaul: Disabling ACPI C3 support.
longhaul: Disabling "Ignore Revision ID" option.
longhaul: Failed to set requested frequency!
longhaul: Enabling "Ignore Revision ID" option.[akpm@linux-foundation.org: coding-style cleanups]
Signed-off-by: Rafal Bilski
Signed-off-by: Dave Jones
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
When using /proc/timer_stats on ppc64 I noticed the events/sec field wasnt
accurate. Sometimes the integer part was incorrect due to rounding (we
werent taking the fractional seconds into consideration).The fraction part is also wrong, we need to pad the printf statement and
take the bottom three digits of 1000 times the value.Signed-off-by: Anton Blanchard
Acked-by: Ingo Molnar
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
It turns out that there are a few other five-second timers in the
kernel, and if the timers get in sync, the load-average can get
artificially inflated by events that just happen to coincide.So just offset the load average calculation it by a timer tick.
Noticed by Anders Boström, for whom the coincidence started triggering
on one of his machines with the JBD jiffies rounding code (JBD is one of
the subsystems that also end up using a 5-second timer by default).Tested-by: Anders Boström
Cc: Chuck Ebbert
Cc: Arjan van de Ven
Cc: Andrew Morton
Signed-off-by: Linus Torvalds -
We should generally prefer to return ERESTARTNOHAND rather than EINTR,
so that processes with unhandled signals that get ignored don't return
EINTR.This can help with X startup issues:
Fatal server error:
xf86OpenConsole: VT_WAITACTIVE failed: Interrupted system callalthough the real fix is having the X server always retry EINTR
regardless (since EINTR does happen for signals that have handlers
installed). Keithp has a patch for that.Regardless, ERESTARTNOHAND is the correct thing to use.
Signed-off-by: Linus Torvalds
07 Oct, 2007
5 commits
-
Signed-off-by: Stefan Richter
-
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] IP32: Enable PCI bridges -
This reverts commit f443675affe3f16dd428e46f0f7fd3f4d703eeab, which
breaks horribly if you aren't running an unreleased xf86-video-intel
driver out of git.Signed-off-by: Kyle McMartin
Cc: Dave Airlie
Cc: Zhenyu Wang
Acked-by: Keith Packard
Signed-off-by: Linus Torvalds -
The PCI device table in the powermac IDE driver isn't properly
terminated. Depending on how your kernel is linked and other random
factors, you can end up with this driver matched against any other PCI
device in your system, possibly crashing at boot.Thanks to Heikki for tracking this down with me, the bug have been there
for some time, though it rarely hurts due to luck. In this case, the
switch from .22 to .23-rc9 is causing it to show up due to differences
in the resulting layout of .data I suppose.Signed-off-by: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Bartlomiej Zolnierkiewicz
Cc: Heikki Lindholm
Signed-off-by: Linus Torvalds -
When pinning and unpinning pagetables, we must protect them against
being used by other CPUs, lest they see the pagetable in an
intermediate read-only-but-not-pinned state.When using split pte locks, doing this properly would require taking
all the pte locks for the pagetable while pinning, but this may overflow
the PREEMPT_BITS part of the preempt counter if the process has mapped
more than about 512M of memory.However, failing to take the pte locks causes write-protect faults when
the pageout code is trying to clear the Access bit on a pte which is part
of a freshy created and still being pinned process after fork.This is a short-term fix until the problem is solved properly.
Signed-off-by: Jeremy Fitzhardinge
Acked-by: Rik van Riel
Acked-by: Hugh Dickins
Cc: David Rientjes
Cc: Andrew Morton
Cc: Andi Kleen
Cc: Keir Fraser
Cc: Jan Beulich
Signed-off-by: Linus Torvalds
06 Oct, 2007
4 commits
-
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 4598/2: OSIRIS: Ensure we do not get nRSTOUT during suspend
[ARM] 4597/2: OSIRIS: ensure CPLD0 is preserved after suspend -
Ensure nRSTOUT is not asserted during or on resume.
Signed-off-by: Ben Dooks
Signed-off-by: Russell King -
Ensure that CPLD is restored to the original state
on resume, and that before going into suspend we
select the NAND bank we booted from for restarting.Signed-off-by: Ben Dooks
Signed-off-by: Russell King -
The 8169/8110SC currently announces itself as:
[...]
eth0: RTL8169sc/8110sc at 0x........, ..:..:..:..:..:.., XID 18000000 IRQ ..
^^^^^^^^
It uses RTL_GIGA_MAC_VER_05 and this part of the changeset can cut
its performance by a factor of 2~2.5 as reported by Timo.(the driver includes code just before the hunk to write the ChipCmd
register when mac_version == RTL_GIGA_MAC_VER_0[1-4])Signed-off-by: Francois Romieu
Cc: Timo Jantunen
Signed-off-by: Jeff Garzik
05 Oct, 2007
8 commits
-
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix 'niu' complex IRQ probing.
[SPARC64]: check fork_idle() error
[SPARC64]: Temporary workaround for PCI-E slot on T1000.
[SPARC64]: VIO device addition log message level is too high.
[SPARC64]: Fix domain-services port probing.
[SPARC64]: Don't use in/local regs for ldx/stx data in N1 memcpy. -
It is ok to call prefetch() function with NULL argument, as specifically
commented in include/linux/prefetch.h. But in standard C, it is invalid
to dereference NULL pointer (see C99 standard 6.5.3.2 paragraph 4 and
note #84).prefetch() has a memory reference for its argument.
Newer gcc versions (4.3 and above) will use that to conclude that "x"
argument is non-null and thus wreaking havok everywhere prefetch() was
inlined.Fixed by removing cast and changing asm constraint.
[ It seems in theory gcc 4.2 could miscompile this too; although no
cases known. In 2.6.24 we should probably switch to
__builtin_prefetch() instead, but this is a simpler fix for now.
-- AK ]Signed-off-by: Serge Belyshev
Signed-off-by: Andi Kleen
Signed-off-by: Linus Torvalds -
Fixe MACE PCI addressing by adding the bus number parameter.
Remove check of the used slot since every slot should be valid.
Converted mkaddr from #define to inline function.Signed-off-by: Giuseppe Sacco
Signed-off-by: Ralf Baechle -
They should be computed the same as how we compute
them under 'virtual-devices'.Signed-off-by: David S. Miller
-
Check the return value of fork_idle() to catch error.
Signed-off-by: Akinobu Mita
Signed-off-by: David S. Miller -
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] megaraid_old: fix READ_CAPACITY -
Gurudas Pai reports kernel BUG at arch/i386/mm/highmem.c:15! below
sys_remap_file_pages, while running Oracle database test on x86 in 6GB
RAM: kunmap thinks we're in_interrupt because the preempt count has
wrapped.That's because __do_fault expected to unmap page_table, but one of its
two callers do_nonlinear_fault already unmapped it: let do_linear_fault
unmap it first too, and then there's no need to pass the page_table arg
down.Why have we been so slow to notice this? Probably through forgetting
that the mapping_cap_account_dirty test means that sys_remap_file_pages
nowadays only goes the full nonlinear vma route on a few memory-backed
filesystems like ramfs, tmpfs and hugetlbfs.[ It also depends on CONFIG_HIGHPTE, so it becomes even harder to
trigger in practice. Many who have need of large memory have probably
migrated to x86-64..Problem introduced by commit d0217ac04ca6591841e5665f518e38064f4e65bd
("mm: fault feedback #1") -- Linus ]Signed-off-by: Hugh Dickins
Cc: gurudas pai
Cc: Nick Piggin
Cc: Andrew Morton
Signed-off-by: Linus Torvalds -
The bulk transfer mode got eleminated by
3f6270ef76f2ce5c134615a470685d6c2a66c07e. Unfortunately, this mode is
required for READ_CAPACITY commands on certain cards, so put it back
again. This fixes a boot failure regression reported by Burton
Windle.Signed-off-by: FUJITA Tomonori
Signed-off-by: James Bottomley
04 Oct, 2007
3 commits
-
The PCI-E slot on T1000 connects directly to the Fire PCI chip with no
intervening bridges visible in the OBP tree.Unfortunately the bus numbering of the device in that slot is
different (2) from the PCI host controller (0), and thus the
pci_bus_{read,write}_config_*() calls don't work out.Complicating things further the Fire PCI controller has no config
space it responds to either.For now treat this case specially so that devices in the slot work.
Longer term we need to perhaps cons up a dummy bridge between the Fire
and the PCI-E slot so that the bus hierarchy is complete inside of the
kernel and thus the bus numbering all works out right.Signed-off-by: David S. Miller
-
There is no reason this should be KERN_ERR, KERN_INFO is
just fine.Signed-off-by: David S. Miller
-
We should only use ports underneath "domain-services", other DS ports
in the MDESC aren't for us to use.Signed-off-by: David S. Miller