[PATCH] uml: hostfs - fix possible PAGE_CACHE_SHIFT overflows
Prevent page->index << PAGE_CACHE_SHIFT from overflowing.
There is a casting there, but was added without care, so it's at the wrong
place. Note the extra parens around the shift - "+" is higher precedence than
"<<", leading to a GCC warning which saved all us.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Trivial removal of unused variable from this file - doesn't even change the
generated assembly code, in fact (gcc should trigger a warning for unused value
here).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Don't use printk() where "current_thread_info()" is crap.
Until when we switch to running on init_stack, current_thread_info() evaluates
to crap. Printk uses "current" at times (in detail, ¤t is evaluated with
CONFIG_DEBUG_SPINLOCK to check the spinlock owner task).
And this leads to random segmentation faults.
Exactly, what happens is that ¤t = *(current_thread_info()), i.e. round
down $esp and dereference the value. I.e. access the stack below $esp, which
causes SIGSEGV on a VM_GROWSDOWN vma (see arch/i386/mm/fault.c).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Wed, 28 Dec 2005 21:27:04 +0000 (13:27 -0800)]
[SERMOUSE]: Sun mice speak 5-byte protocol too.
Noticed by Christophe Zimmerman, this explains the slow mouse movement
with 2.6.x kernels.
And checking the 2.4.x drivers/sbus/char/sunmouse.c driver shows we
always used a 5-byte protocol with Sun mice in the past. I have no
idea how the 3-byte thing got into the 2.6.x driver, but it's surely
wrong.
Signed-off-by: David S. Miller <davem@davemloft.net>
Chris Elmquist [Tue, 20 Dec 2005 21:25:19 +0000 (13:25 -0800)]
[TG3]: ethtool -d hangs PCIe systems
Resubmitting after recommendation to use GET_REG32_1() instead of
GET_REG32_LOOP(..., 1). Retested. Problem remains fixed.
Prevent tg3_get_regs() from reading reserved and undocumented registers
at RX_CPU_BASE and TX_CPU_BASE offsets which caused hostile behavior
on PCIe platforms.
Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] Fix more radeon GART start calculation cases
As reported by Jules Villard <jvillard@ens-lyon.fr> and some others, the
recent GART aperture start reconfiguration causes problems on some
setups.
What I _think_ might be happening is that the X server is also trying to
muck around with the card memory map and is forcing it back into a wrong
setting that also happens to no longer match what the DRM wants to do
and blows up. There are bugs all over the place in that code (and still
some bugs in the DRM as well anyway).
This patch attempts to avoid that by using the largest of the 2 values,
which I think will cause it to behave as it used to for you and will
still fix the problem with machines that have an aperture size smaller
than the video memory.
David L Stevens [Tue, 27 Dec 2005 22:03:00 +0000 (14:03 -0800)]
[IPV6] mcast: Fix multiple issues in MLDv2 reports.
The below "jumbo" patch fixes the following problems in MLDv2.
1) Add necessary "ntohs" to recent "pskb_may_pull" check [breaks
all nonzero source queries on little-endian (!)]
2) Add locking to source filter list [resend of prior patch]
3) fix "mld_marksources()" to
a) send nothing when all queried sources are excluded
b) send full exclude report when source queried sources are
not excluded
c) don't schedule a timer when there's nothing to report
NOTE: RFC 3810 specifies the source list should be saved and each
source reported individually as an IS_IN. This is an obvious DOS
path, requiring the host to store and then multicast as many sources
as are queried (e.g., millions...). This alternative sends a full,
relevant report that's limited to number of sources present on the
machine.
4) fix "add_grec()" to send empty-source records when it should
The original check doesn't account for a non-empty source
list with all sources inactive; the new code keeps that
short-circuit case, and also generates the group header
with an empty list if needed.
5) fix mca_crcount decrement to be after add_grec(), which needs
its original value
These issues (other than item #1 ;-) ) were all found by Yan Zheng,
much thanks!
Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David Kimdon [Tue, 27 Dec 2005 01:27:10 +0000 (17:27 -0800)]
[BR_NETFILTER]: Fix leak if skb traverses > 1 bridge
Call nf_bridge_put() before allocating a new nf_bridge structure and
potentially overwriting the pointer to a previously allocated one.
This fixes a memory leak which can occur when the bridge topology
allows for an skb to traverse more than one bridge.
Signed-off-by: David Kimdon <david.kimdon@devicescape.com> Signed-off-by: David S. Miller <davem@davemloft.net>
James Bottomley [Mon, 26 Dec 2005 15:58:49 +0000 (09:58 -0600)]
[PATCH] Fix Fibre Channel boot oops
The oops is characteristic of the underlying device being removed from
visibility before the class device, and sure enough we do device_del()
before transport_unregister() in the scsi_target_reap() routines. I've
no idea why this is suddenly showing up, since the code has been in
there since that function was first invented. However, I've confirmed
this fixes Andrew Vasquez's boot oops.
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Kurt Huwig [Sat, 24 Dec 2005 23:13:08 +0000 (00:13 +0100)]
[PATCH] n_r3964: fixed usage of HZ; removed bad include
Fix n_r3964 timeouts (hardcoded for 100Hz)
Also the include of <asm/termios.h> in 'n_r3964.h' is unnecessary and
prevents using the header file in any application that has to include
<termios.h> due to duplicate definition of 'struct termio'.
[PATCH] x86_64/ia64 : Fix compilation error for node_to_first_cpu
Fixes a compiler error in node_to_first_cpu, __ffs expects unsigned long as
a parameter; instead cpumask_t was being passed. The macro
node_to_first_cpu was not yet used in x86_64 and ia64 arches, and so we never
hit this. This patch replaces __ffs with first_cpu macro, similar to other
arches.
Signed-off-by: Alok N Kataria <alokk@calsoftinc.com> Signed-off-by: Ravikiran G Thirumalai <kiran@scalex86.org> Signed-off-by: Shai Fultheim <shai@scalex86.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Sat, 24 Dec 2005 03:54:46 +0000 (19:54 -0800)]
[PATCH] Fix memory ordering problem in wake_futex()
Fix a memory ordering problem that occurs on IA64. The "store" to q->lock_ptr
in wake_futex() can become visible before wake_up_all() clears the lock in the
futex_q.
Manfred Spraul [Sat, 24 Dec 2005 13:19:24 +0000 (14:19 +0100)]
[PATCH] forcedeth: fix random memory scribbling bug
Two critical bugs were found in forcedeth 0.47:
- TSO doesn't work.
- pci_map_single() for the rx buffers is called with size==0. This bug
is critical, it causes random memory corruptions on systems with an
iommu.
Below is a minimal fix for both bugs, for 2.6.15.
TSO will be fixed properly in the next version. Tested on x86-64.
Frank Pavlic [Tue, 13 Dec 2005 07:22:30 +0000 (08:22 +0100)]
[PATCH] s390: minor qeth network driver fixes
[patch 2/3] s390: minor qeth network driver fixes
From: Frank Pavlic <pavlic@de.ibm.com>
- use netif_carrier_on/off calls to tell network stack
link carrier state
- fix possible kfree on NULL
- PDU_LEN2 is at offset 0x29 otherwise OSN chpid won't initialize
Frank Pavlic [Tue, 13 Dec 2005 07:21:47 +0000 (08:21 +0100)]
[PATCH] s390: some minor qeth driver fixes
[patch 1/3] s390: some minor qeth driver fixes
From: Frank Pavlic <pavlic@de.ibm.com>
- let's have just one function for both ,input and output queue
to check qdio errors
- add /proc/s390dbf/qeth_qerr entries for outbound processing
- check removed for layer2 device in qeth_add_multicast_ipv6
- NULL pointer dereference with bonding and VLAN device fixed
- minimum length check for portname fixed
Tony Battersby [Wed, 21 Dec 2005 21:35:44 +0000 (16:35 -0500)]
[PATCH] fix libata inquiry VPD for ATAPI devices
The following patch prevents libata from incorrectly modifying inquiry
VPD pages and command support data from ATAPI devices. I have tested
the patch with a SATA ATAPI tape drive on an AHCI controller.
Patch is against kernel 2.4.32 with 2.4.32-libata1.patch applied.
David S. Miller [Fri, 23 Dec 2005 07:04:39 +0000 (23:04 -0800)]
[SPARC]: Kill CHILD_MAX.
It's definition is wrong (-1 means "no limit" not 999),
only the Sparc SunOS/Solaris compat code uses it, so
let's just kill it off completely from limits.h and
all referencing code.
Noticed by Ulrich Drepper.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Renninger [Wed, 21 Dec 2005 06:29:00 +0000 (01:29 -0500)]
[ACPI] fix passive cooling regression
Return logic was inverted.
Going for changing the return value to not return zero as it is makes
more sense regarding the naming of the function (cpu_has_cpufreq()).
http://bugzilla.kernel.org/show_bug.cgi?id=3410
Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
The problem is that the TIF_NEED_RESCHED flag is loaded _before_ the
preemption count is stored back, hence any interrupt coming within that
3 instruction window causing TIF_NEED_RESCHED to be set won't be
seen and scheduling won't happen as it should.
Nothing currently prevents gcc from performing that reordering. There
is already a barrier() before the decrement of the preemption count, but
another one is needed between this and the TIF_NEED_RESCHED flag test
for proper code ordering.
Signed-off-by: Nicolas Pitre <nico@cam.org> Acked-by: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Thu, 22 Dec 2005 15:39:48 +0000 (07:39 -0800)]
[IPSEC]: Fix policy updates missed by sockets
The problem is that when new policies are inserted, sockets do not see
the update (but all new route lookups do).
This bug is related to the SA insertion stale route issue solved
recently, and this policy visibility problem can be fixed in a similar
way.
The fix is to flush out the bundles of all policies deeper than the
policy being inserted. Consider beginning state of "outgoing"
direction policy list:
policy A --> policy B --> policy C --> policy D
First, realize that inserting a policy into a list only potentially
changes IPSEC routes for that direction. Therefore we need not bother
considering the policies for other directions. We need only consider
the existing policies in the list we are doing the inserting.
Consider new policy "B'", inserted after B.
policy A --> policy B --> policy B' --> policy C --> policy D
Two rules:
1) If policy A or policy B matched before the insertion, they
appear before B' and thus would still match after inserting
B'
2) Policy C and D, now "shadowed" and after policy B', potentially
contain stale routes because policy B' might be selected
instead of them.
Therefore we only need flush routes assosciated with policies
appearing after a newly inserted policy, if any.
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Mackerras [Thu, 22 Dec 2005 10:55:37 +0000 (21:55 +1100)]
powerpc: Fix i8259 cascade on pSeries with XICS interrupt controller
It turns out that commit f9bd170a87948a9e077149b70fb192c563770fdf
broke the cascade from XICS to i8259 on pSeries machines; specifically
we ended up not ever doing the EOI on the XICS for the cascade. The
result was that interrupts from the serial ports (and presumably any
other devices using ISA interrupts) didn't get through. This fixes
it and also simplifies the code, by doing the EOI on the XICS in the
xics_get_irq routine after reading and acking the interrupt on the
i8259.
- When ALSA or OSS are loaded, check if the other is present
Fixed hotplug notifiers cleanup on module removal
- The saa7134 DMA sound modules now have their own Kconfig entries, and
if built statically enforce exclusivity
- SND_PCM_OSS isn't necessary for the OSS driver
Kristian Slavov [Thu, 22 Dec 2005 02:47:24 +0000 (18:47 -0800)]
[IPV6]: Fix address deletion
If you add more than one IPv6 address belonging to the same prefix and
delete the address that was last added, routing table entry for that
prefix is also deleted.
Tested on 2.6.14.4
To reproduce:
ip addr add 3ffe::1/64 dev eth0
ip addr add 3ffe::2/64 dev eth0
/* wait DAD */
sleep 1
ip addr del 3ffe::2/64 dev eth0
ip -6 route
(route to 3ffe::/64 should be gone)
In ipv6_del_addr(), if ifa == ifp, we set ifa->if_next to NULL, and later
assign ifap = &ifa->if_next, effectively terminating the for-loop.
This prevents us from checking if there are other addresses using the same
prefix that are valid, and thus resulting in deletion of the prefix.
This applies only if the first entry in idev->addr_list is the address to
be deleted.
Signed-off-by: Kristian Slavov <kristian.slavov@nomadiclab.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 21 Dec 2005 22:52:32 +0000 (14:52 -0800)]
Initialize drivers/media/video/saa7134 late
When compiled-in, make sure the sound system has initialized
before these drivers do.
Reported by Adrian Bunk <bunk@stusta.de>
(The right fix would be to make the sound core use "subsys_initcall()"
and thus initialize before all normal drivers, but this is the quick
and limited safe fix for 2.6.15).
Alan Stern [Wed, 21 Dec 2005 22:28:11 +0000 (14:28 -0800)]
[PATCH] usbcore: allow suspend/resume even if drivers don't support it
This patch (as618) changes usbcore to prevent derailing the
suspend/resume sequence when a USB driver doesn't include support for
it. This is a workaround rather than a true fix; the core needs to be
changed so that URB submissions from suspended drivers can be refused
and outstanding URBs cancelled.
Paul Walmsley [Wed, 21 Dec 2005 22:28:06 +0000 (14:28 -0800)]
[PATCH] USB Storage: Force starget->scsi_level in usb-storage scsiglue.c
When the usb-storage module forces sdev->scsi_level to SCSI_2, it should
also force starget->scsi_level to the same value. Otherwise, the SCSI
layer may attempt to issue SCSI-3 commands to the device, such as REPORT
LUNS, which it cannot handle. This can prevent the device from working
with Linux.
The AMS Venus DS3 DS2316SU2S SATA-to-SATA+USB enclosure, based on the
Oxford Semiconductor OXU921S chip, requires this patch to function
correctly on Linux. The enclosure reports a SCSI-3 SPC-2 command set
level, but does not correctly handle the REPORT LUNS SCSI command -
probably due to a bug in its firmware.
It seems likely that other USB storage enclosures with similar bugs will
also benefit from this patch.
Tony Lindgren <tony@atomide.com> collaborated in the development of this
patch.
Jan's crosscompile page [1] shows, that one regression in 2.6.15-rc is
that the v850 defconfig does no longer compile.
The compile error is:
<-- snip -->
...
CC arch/v850/kernel/setup.o
In file included from /usr/src/ctest/rc/kernel/arch/v850/kernel/setup.c:17:
/usr/src/ctest/rc/kernel/include/linux/irq.h:13:43: asm/smp.h: No such file or directory
make[2]: *** [arch/v850/kernel/setup.o] Error 1
<-- snip -->
The #include <asm/smp.h> in irq.h was intruduced in 2.6.15-rc.
Since include/linux/irq.h needs code from asm/smp.h only in the
CONFIG_SMP=y case and linux/smp.h #include's asm/smp.h only in the
CONFIG_SMP=y case, I'm suggesting this patch to #include <linux/smp.h>
in irq.h.
I've tested the compilation with both CONFIG_SMP=y and CONFIG_SMP=n
on i386.
Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[IPV6]: Don't select a tentative address as a source address.
A tentative address is not considered "assigned to an interface"
in the traditional sense (RFC2462 Section 4).
Don't try to select such an address for the source address.
[IPV6]: Defer IPv6 device initialization until the link becomes ready.
NETDEV_UP might be sent even if the link attached to the interface was
not ready. DAD does not make sense in such case, so we won't do so.
After interface
Tom Zanussi [Tue, 20 Dec 2005 19:10:22 +0000 (13:10 -0600)]
[PATCH] relayfs: remove warning printk() in relay_switch_subbuf()
There's currently a diagnostic printk in relay_switch_subbuf() meant as
a warning if you accidentally try to log an event larger than the
sub-buffer size.
The problem is if this happens while logging from somewhere it's not
safe to be doing printks, such as in the scheduler, you can end up with
a deadlock. This patch removes the warning from relay_switch_subbuf()
and instead prints some diagnostic info when the channel is closed.
Thanks to Mathieu Desnoyers for pointing out the problem and
suggesting a fix.
Signed-off-by: Tom Zanussi <zanussi@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Tue, 20 Dec 2005 22:53:05 +0000 (14:53 -0800)]
[SPARC64]: Stop putting -finline-limit=XXX into CFLAGS
It was a stupid workaround for the "static inline" vs.
"extern inline" issues of long ago, and it is what causes
schedule() to be inlined like crazy into kernel/sched.c
when -Os is specified.
MIPS and S390 should probably do the same.
Now CC_OPTIMIZE_FOR_SIZE can be safely used on sparc64
once more.
Signed-off-by: David S. Miller <davem@davemloft.net>
When a spinlock debugging check hits, we print the CPU number as an
informational thing - but there is no guarantee that preemption is off
at that point - hence we should use raw_smp_processor_id(). Otherwise
DEBUG_PREEMPT will print a warning.
With this fix the warning goes away and only the spinlock-debugging info
is printed.
[PATCH] nfsd: check for read-only exports before setting acls
We must check for MAY_SATTR before setting acls, which includes checking
for read-only exports: the lower-level setxattr operation that
eventually sets the acl cannot check export-level restrictions.
Bug reported by Martin Walter <mawa@uni-freiburg.de>.
Jason Wessel [Tue, 20 Dec 2005 14:21:24 +0000 (15:21 +0100)]
[PATCH] kernel/params.c: fix sysfs access with CONFIG_MODULES=n
All the work was done to setup the file and maintain the file handles but
the access functions were zeroed out due to the #ifdef. Removing the
#ifdef allows full access to all the parameters when CONFIG_MODULES=n.
akpm: put it back again, but use CONFIG_SYSFS instead.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andi Kleen [Tue, 20 Dec 2005 13:45:19 +0000 (14:45 +0100)]
[PATCH] Fix swiotlb pci_map_sg error handling
The overflow checking condition in lib/swiotlb.c was wrong.
It would first run a NULL pointer through virt_to_phys before
testing it. Since pci_map_sg overflow is not that uncommon
and causes data corruption (including broken file systems) when not
properly detected I think it's better to fix it in 2.6.15.
Whenever ywrap scrolling is selected together with 180 degree screen
rotation, 2.6.15-rc6 and earlier versions are broken. fb_pan_display()
expects non-negative yoffsets, but ud_update_start() calls it with
yoffsets down to -(yres - font height). This patch transforms yoffset
to the correct range 0 ... vyres-1.
Some obviously unneeded parentheses are removed, too.
Verified with cyblafb, should be applied before 2.6.15-final because it
does fix the framebuffer rotation code introduced early in the 2.6.15
release cycle.
[PATCH] intelfb: Fix oops when changing video mode
Reported by: janis huang (Bugzilla Bug 5747)
Fix on oops in intelfb. Not sure what's happening, looks like
dinfo->name pointer is invalidated after initialization. Remove
intelfb_get_fix, it's not needed and move the majority of the code to
the initialization routine.
The g5 thermal control for liquid cooled machines has a small bug, when
the temperatures gets too high, it boosts all fans to the max, but
incorrectly sets the liquids pump to the min instead of the max speed,
thus causing the overtemp condition not to clear and the machine to shut
down after a while. This fixes it to set the pumps to max speed instead.
This problem might explain some of the reports of random shutdowns that
some g5 users have been reporting in the past.
Many thanks to Marcus Rothe for spending a lot of time trying various
patches & sending log logs before I found out that typo. Note that
overtemp handling is still not perfect and the machine might still
shutdown, that patch should reduce if not eliminate such occcurences in
"normal" conditions with high load. I'll implement a better handling
with proper slowing down of the CPUs later.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Paul Mackerras [Tue, 20 Dec 2005 04:38:47 +0000 (15:38 +1100)]
powerpc: correct register usage in 64-bit syscall exit path
Since we don't restore the volatile registers in the syscall exit
path, we need to make sure we don't leak any potentially interesting
values from the kernel to userspace. This was already the case for
all except r11. This makes it use r11 for an MSR value, so r11 will
have an (uninteresting) MSR value in it on return to userspace.