Paul Mackerras [Wed, 1 Nov 2006 22:44:37 +0000 (09:44 +1100)]
[PATCH] powerpc: Eliminate "exceeds stub group size" linker warning
It turns out that the linker warnings on 64-bit powerpc about "section
blah exceeds stub group size" were being triggered by conditional
branches in head_64.S branching to global symbols, whether in
head_64.S or in other files. This eliminates the warnings by making
some global symbols in head_64.S no longer global, and by rearranging
some branches.
Signed-off-by: Paul Mackerras <paulus@samba.org>
[ Yee-haa. Maybe I'll notice newly introduced real warnings now - Linus ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Wed, 1 Nov 2006 18:05:35 +0000 (10:05 -0800)]
i386: write IO APIC irq routing entries in correct order
Since the "mask" bit is in the low word, when we write a new entry, we
need to write the high word first, before we potentially unmask it.
The exception is when we actually want to mask the interrupt, in which
case we want to write the low word first to make sure that the high word
doesn't change while the interrupt routing is still active.
Yoichi Yuasa [Wed, 1 Nov 2006 09:55:22 +0000 (18:55 +0900)]
[MIPS] Fix warning in mips-boards generic PCI
arch/mips/mips-boards/generic/pci.c: In function `mips_pcibios_init':
arch/mips/mips-boards/generic/pci.c:227: warning: comparison of distinct pointer types lacks a cast
arch/mips/mips-boards/generic/pci.c:228: warning: comparison of distinct pointer types lacks a cast
Linus Torvalds [Wed, 1 Nov 2006 17:11:00 +0000 (09:11 -0800)]
i386: clean up io-apic accesses
This is preparation for fixing the ordering of the accesses that
got broken by the commit cf4c6a2f27f5db810b69dcb1da7f194489e8ff88 when
factoring out the "common" io apic routing entry accesses.
Move the accessor function (that were only used by io_apic.c) out
of a header file, and use proper memory-mapped accesses rather than
making up our own "volatile" pointers.
Linus Torvalds [Wed, 1 Nov 2006 14:38:20 +0000 (06:38 -0800)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Make alignment exception always check exception table
[POWERPC] Disallow kprobes on emulate_step and branch_taken
[POWERPC] Make mmiowb's io_sync preempt safe
[POWERPC] Make high hugepage areas preempt safe
[POWERPC] Make current preempt-safe
[POWERPC] qe_lib: qe_issue_cmd writes wrong value to CECDR
[POWERPC] Use 4kB iommu pages even on 64kB-page systems
[POWERPC] Fix oprofile support for e500 in arch/powerpc
[POWERPC] Fix rmb() for e500-based machines it
[POWERPC] Fix various offb issues
Linus Torvalds [Wed, 1 Nov 2006 05:17:23 +0000 (21:17 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[PATCH] ata_piix: allow 01b MAP for both ICH6M and ICH7M
[PATCH] libata: unexport ata_dev_revalidate()
[PATCH] Add 0x7110 piix to ata_piix.c
[PATCH] sata_sis: fix flags handling for the secondary port
[POWERPC] Make alignment exception always check exception table
The alignment exception used to only check the exception table for
-EFAULT, not for other errors. That opens an oops window if we can
coerce the kernel into getting an alignment exception for other reasons
in what would normally be a user-protected accessor, which can be done
via some of the futex ops. This fixes it by always checking the
exception tables.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Gui,Jian [Wed, 1 Nov 2006 02:50:15 +0000 (10:50 +0800)]
[POWERPC] Disallow kprobes on emulate_step and branch_taken
On powerpc, probing on emulate_step function will crash 2.6.18.1 when
it is triggered.
When kprobe is triggered, emulate_step() is on its kernel path and
will cause recursive kprobe fault. And branch_taken() is called
in emulate_step(). This disallows kprobes on both of them.
Hugh Dickins [Tue, 31 Oct 2006 18:41:51 +0000 (18:41 +0000)]
[POWERPC] Make mmiowb's io_sync preempt safe
If mmiowb() is always used prior to releasing spinlock as Doc suggests,
then it's safe against preemption; but I'm not convinced that's always
the case. If preemption occurs between sync and get_paca()->io_sync = 0,
I believe there's no problem. But in the unlikely event that gcc does
the store relative to another register than r13 (as it did with current),
then there's a small danger of setting another cpu's io_sync to 0, after
it had just set it to 1. Rewrite ppc64 mmiowb to prevent that.
The remaining io_sync assignments in io.h all get_paca()->io_sync = 1,
which is harmless even if preempted to the wrong cpu (the context switch
itself syncs); and those in spinlock.h are while preemption is disabled.
Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Hugh Dickins [Tue, 31 Oct 2006 18:40:39 +0000 (18:40 +0000)]
[POWERPC] Make high hugepage areas preempt safe
Checking source for other get_paca()->field preemption dangers found that
open_high_hpage_areas does a structure copy into its paca while preemption
is enabled: unsafe however gcc accomplishes it. Just remove that copy:
it's done safely afterwards by on_each_cpu, as in open_low_hpage_areas.
Signed-off-by: Hugh Dickins <hugh@veritas.com> Acked-by: David Gibson <dwg@au1.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Hugh Dickins [Tue, 31 Oct 2006 18:39:31 +0000 (18:39 +0000)]
[POWERPC] Make current preempt-safe
Repeated -j20 kernel builds on a G5 Quad running an SMP PREEMPT kernel
would often collapse within a day, some exec failing with "Bad address".
In each case examined, load_elf_binary was doing a kernel_read, but
generic_file_aio_read's access_ok saw current->thread.fs.seg as USER_DS
instead of KERNEL_DS.
objdump of filemap.o shows gcc 4.1.0 emitting "mr r5,r13 ... ld r9,416(r5)"
here for get_paca()->__current, instead of the expected and much more usual
"ld r9,416(r13)"; I've seen other gcc4s do the same, but perhaps not gcc3s.
So, if the task is preempted and rescheduled on a different cpu in between
the mr and the ld, r5 will be looking at a different paca_struct from the
one it's now on, pick up the wrong __current, and perhaps the wrong seg.
Presumably much worse could happen elsewhere, though that split is rare.
Other architectures appear to be safe (x86_64's read_pda is more limiting
than get_paca), but ppc64 needs to force "current" into one instruction.
Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Timur Tabi [Tue, 31 Oct 2006 09:53:42 +0000 (17:53 +0800)]
[POWERPC] qe_lib: qe_issue_cmd writes wrong value to CECDR
Changed qe_issue_cmd() to write cmd_input to the CECDR unmodified. It
was treating cmd_input as a virtual address and tried to convert it to
a physical address.
Signed-off-by: Timur Tabi <timur@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Linas Vepstas [Mon, 30 Oct 2006 05:15:59 +0000 (16:15 +1100)]
[POWERPC] Use 4kB iommu pages even on 64kB-page systems
The 10Gigabit ethernet device drivers appear to be able to chew
up all 256MB of TCE mappings on pSeries systems, as evidenced by
numerous error messages:
Some experimentation indicates that this is essentially because
one 1500 byte ethernet MTU gets mapped as a 64K DMA region when
the large 64K pages are enabled. Thus, it doesn't take much to
exhaust all of the available DMA mappings for a high-speed card.
This patch changes the iommu allocator to work with its own
unique, distinct page size. Although the patch is long, its
actually quite simple: it just #defines a distinct IOMMU_PAGE_SIZE
and then uses this in all the places that matter.
As a side effect, it also dramatically improves network performance
on platforms with H-calls on iommu translation inserts/removes (since
we no longer call it 16 times for a 1500 bytes packet when the iommu HW
is still 4k).
In the future, we might want to make the IOMMU_PAGE_SIZE a variable
in the iommu_table instance, thus allowing support for different HW
page sizes in the iommu itself.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Olof Johansson <olof@lixom.net> Acked-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
Andy Fleming [Fri, 27 Oct 2006 20:06:32 +0000 (15:06 -0500)]
[POWERPC] Fix oprofile support for e500 in arch/powerpc
Fixed a compile error in building the 85xx support with oprofile, and in
the process cleaned up some issues with the fsl_booke performance monitor
code.
* Reorganized FSL Book-E performance monitoring code so that the 7450
wouldn't be built if the e500 was, and cleaned it up so it was more
self-contained.
* Added a cpu_setup function for FSL Book-E. The original
cpu_setup function prototype had no arguments, assuming that
the reg_setup function would copy the required information into
variables which represented the registers. This was silly for
e500, since it has 1 register per counter (rather than 3 for
all counters), so the code has been restructured to have
cpu_setup take the current counter config array as an argument,
with op_powerpc_setup() invoking op_powerpc_cpu_setup() through
on_each_cpu(), and op_powerpc_cpu_setup() invoking the
model-specific cpu_setup function with an argument. The
argument is ignored on all other platforms at present.
* Fixed a confusing line where a trinary operator only had two
arguments
Signed-off-by: Andrew Fleming <afleming@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Andy Fleming [Fri, 27 Oct 2006 19:31:07 +0000 (14:31 -0500)]
[POWERPC] Fix rmb() for e500-based machines it
The e500 core generates an illegal instruction exception when it tries
to execute the lwsync instruction, which we currently use for rmb().
This fixes it by using the LWSYNC macro, which turns into a plain sync
on 32-bit machines.
Signed-off-by: Andrew Fleming <afleming@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
- A test was inverted causing the palette hack to never work
(no device node was passed down to the init function)
- Some cards seem to have their assigned-addresses property in a random
order, thus we need to try using of_get_pci_address() first, which will
fail if it's not a PCI device, and fallback to of_get_address() in that
case. of_get_pci_address() properly parsees assigned-addresses to test
the BAR number and thus will get it right whatever the order is.
- Some cards (like GXT4500) provide a linebytes of 0xffffffff in the
device-tree which does no good. This patch handles that by using the
screen width when that happens. (Also fixes btext.c while at it).
- Add detection of the GXT4500 in addition to the GXT2000 for the
palette hacks (we use the same hack, palette is linear in register space
at offset 0x6000).
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Tejun Heo [Mon, 9 Oct 2006 04:23:58 +0000 (13:23 +0900)]
[PATCH] ata_piix: allow 01b MAP for both ICH6M and ICH7M
ICH7M was separated from ICH6M to allow undocumented MAP value 01b
which was spotted on an ASUS notebook. However, there is also
notebooks with MAP value 01b on ICH6M. This patch re-merges ICH6M and
ICH7M entries and allows MAP value 01b for both.
This problem has been reported and initial patch provided by Jonathan
Dieter.
Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Jonathan Dieter <jdieter@gmail.com> Cc: Tom Deblauwe <tom.deblauwe@telenet.be> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Tejun Heo [Sat, 28 Oct 2006 02:08:47 +0000 (19:08 -0700)]
[PATCH] sata_sis: fix flags handling for the secondary port
sis_init_one() modifies probe_ent->port_flags after allocating and
initializing it using ata_pci_init_native_mode(). This makes port_flags
for the secondary port (probe_ent->pinfo2->flags) go out of sync resulting
in misdetection of device due to incorrectly initialized SCR access flag.
This patch make probe_ent alloc/init happen after the final port flags
value is determined. This is fragile but probe_ent and all the related
mess are scheduled to go away soon for exactly this reason. We just need
to hold everything together till then.
This has been spotted and diagnosed and tested by Patrick McHardy.
Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Patric McHardy <kaber@trash.net> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
The sky2 driver uses a single NAPI poll routine for both ports on dual ported
cards (because there is a single IRQ and status ring). Netpoll makes assumptions
about the relationship between network device and NAPI that aren't correct
on the second port, this will cause the port to never clear work.
Most systems, just have single port, so not a big issue.
The easy fix is just make the second port, not netpoll capable.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
I don't want my code to downgraded to GPLv3 because of
cut-n-pasted the comments. These files which I hold copyright
on were started before it was clear what GPLv3 was going to be.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
David Rientjes [Mon, 30 Oct 2006 22:19:25 +0000 (14:19 -0800)]
[PATCH] net s2io: return on NULL dev_alloc_skb()
Checks for NULL dev_alloc_skb() and returns on true to avoid subsequent
dereference.
Cc: Jeff Garzik <jgarzik@pobox.com> Cc: Christoph Hellwig <hch@infrared.org> Signed-off-by: David Rientjes <rientjes@cs.washington.edu> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Flooding the console with error messages for every RX FIFO overrun,
checksum error and framing error isn't very sensible. Each of these
errors can occur during normal operation, so stop printk'ing error
messages for RX errors at all.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
[PATCH] ep93xx_eth: fix RX/TXstatus ring full handling
Ray Lehtiniemi reported that an incoming UDP packet flood can lock up
the ep93xx ethernet driver. Herbert Valerio Riedel noted that due to
the way ep93xx_eth manages the RX/TXstatus rings, it cannot distinguish
a full ring from an empty one, and correctly suggested that this was
likely to be causing this lockup to occur.
Instead of looking at the hardware's RX/TXstatus ring write pointers
to determine when to stop reading from those rings, we should just check
every individual RX/TXstatus descriptor's valid bit instead, since there
is no other way to distinguish an empty ring from a full ring, and if
there is a descriptor waiting, we take the hit of reading the descriptor
from memory anyway.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Linus Torvalds [Wed, 1 Nov 2006 01:03:50 +0000 (17:03 -0800)]
Merge branch 'release' of master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Correct definition of handle_IPI
[IA64] move SAL_CACHE_FLUSH check later in boot
[IA64] MCA recovery: Montecito support
[IA64] cpu-hotplug: Fixing confliction between CPU hot-add and IPI
[IA64] don't double >> PAGE_SHIFT pointer for /dev/kmem access
Troy Heber [Wed, 25 Oct 2006 20:46:15 +0000 (14:46 -0600)]
[IA64] move SAL_CACHE_FLUSH check later in boot
The check to see if the firmware drops interrupts during a
SAL_CACHE_FLUSH is done to early in the boot. SAL_CACHE_FLUSH expects
to be able to make PAL calls in virtual mode, on some cell based
machines a fault occurs causing a MCA. This patch moves the check
after mmu_context_init so the TLB and VHPT are properly setup.
Signed-off-by Troy Heber <troy.heber@hp.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Russ Anderson [Wed, 25 Oct 2006 22:59:47 +0000 (17:59 -0500)]
[IA64] MCA recovery: Montecito support
The information in MCA records is filled in slightly differently on
Montecito than on Madison/McKinley. Usually, the cache check and bus
check target identifiers have the same address. On Montecito the
cache check and bus check target identifiers can be different if
a corrected error (ie SBE or unconsumed poison data) was encountered and
then an uncorrected error (ie DBE) was consumed. In that case, the
cache check target identifier is the physical address of the DBE (that
caused the MCA to surface) while the bus check target identifier is the
physical address of the SBE. This patch correctly finds the target
identifier that triggered the MCA.
If there are multiple valid cache target identifiers in the same
error record then use the one with the lowest cache level.
Signed-off-by: Russ Anderson (rja@sgi.com) Signed-off-by: Tony Luck <tony.luck@intel.com>
Atsushi Nemoto [Mon, 23 Oct 2006 15:21:27 +0000 (00:21 +0900)]
[MIPS] Fixup migration to GENERIC_TIME
Since we already moved to GENERIC_TIME, we should implement alternatives
of old do_gettimeoffset routines to get sub-jiffies resolution from
gettimeofday(). This patch includes:
* MIPS clocksource support (based on works by Manish Lachwani).
* remove unused gettimeoffset routines and related codes.
* remove unised 64bit do_div64_32().
* simplify mips_hpt_init. (no argument needed, __init tag)
* simplify c0_hpt_timer_init. (no need to write to c0_count)
* remove some hpt_init routines.
* mips_hpt_mask variable to specify bitmask of hpt value.
* convert jmr3927_do_gettimeoffset to jmr3927_hpt_read.
* convert ip27_do_gettimeoffset to ip27_hpt_read.
* convert bcm1480_do_gettimeoffset to bcm1480_hpt_read.
* simplify sb1250 hpt functions. (no need to subtract and shift)
In very rare circumstances would we be pruning a merged request and at
the same time delete the implicated cfqq from the rr_list, and not readd
it when the merged request got added. This could cause io stalls until
that process issued io again.
Fix it up by putting the rr_list add handling into cfq_add_rq_rb(),
identical to how pruning is handled in cfq_del_rq_rb(). This fixes a
hang reproducible with fsx-linux.
NeilBrown [Tue, 31 Oct 2006 06:07:21 +0000 (22:07 -0800)]
[PATCH] md: check bio address after mapping through partitions.
Partitions are not limited to live within a device. So we should range
check after partition mapping.
Note that 'maxsector' was being used for two different things. I have
split off the second usage into 'old_sector' so that maxsector can be still
be used for it's primary usage later in the function.
Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Michael Halcrow [Tue, 31 Oct 2006 06:07:19 +0000 (22:07 -0800)]
[PATCH] eCryptfs: Consolidate lower dentry_open's
Opens on lower dentry objects happen in several places in eCryptfs, and they
all involve the same steps (dget, mntget, dentry_open). This patch
consolidates the lower open events into a single function call.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Oleg Nesterov [Tue, 31 Oct 2006 06:07:15 +0000 (22:07 -0800)]
[PATCH] taskstats: fix sub-threads accounting
If there are no listeners, taskstats_exit_send() just returns because
taskstats_exit_alloc() didn't allocate *tidstats. This is wrong, each
sub-thread should do fill_tgid_exit() on exit, otherwise its ->delays is
not recorded in ->signal->stats and lost.
Q: We don't send TASKSTATS_TYPE_AGGR_TGID when single-threaded process
exits. Is it good? How can the listener figure out that it was actually a
process exit, not sub-thread?
Jeff Dike [Tue, 31 Oct 2006 06:07:14 +0000 (22:07 -0800)]
[PATCH] uml: add INITCALLS
This is the UML piece of the INITCALLS tidying.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Tue, 31 Oct 2006 06:07:13 +0000 (22:07 -0800)]
[PATCH] uml: add _text definition to linker scripts
kallsyms now refers to addresses as '_text + 0xADDRESS', rather than just
'0xADDRESS', so we need to define _text.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix a small memory leak in ubd_config, and clearify the confusion which lead
to it.
Then, some little changes not affecting operations -
* move init functions together,
* add a comment about a potential problem in case of some evolution in the block layer,
* mark all initcalls as static __init functions
* mark an used once little function as inline
* document that mconsole methods are all called in process context (was
triggered when checking ubd mconsole methods).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: do not store error codes as ->fd
To simplify error handling, make sure fd is saved into ubd_dev->fd only when
we are sure it is an fd and not an error code.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: use bitfields where possible
Use bitfields for boolean fields in ubd data structure.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Pure whitespace and style fixes split out from subsequent patch. Some changes
(err -> ret) don't make sense now, only later, but I split them out anyway
since they cluttered the patch.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: convert do_ubd to a boolean variable
do_ubd is actually just a boolean variable - the way it is used currently is a
leftover from the old 2.4 block layer, but it is still used; its use is
suspicious, but removing it would be too intrusive for now and needs more
thinking.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add some comments about requirements for ubd_io_lock and expand its use.
When an irq signals that the "controller" (i.e. another thread on the host,
which does the actual requests and is the only one blocked on I/O on the host)
has done some work, we call again the request function ourselves
(do_ubd_request).
We now do that with ubd_io_lock held - that's useful to protect against
concurrent calls to elv_next_request and so on.
XXX: Maybe we shouldn't call at all the request function. Input needed on
this. Are we supposed to plug and unplug the queue? That code "indirectly"
does that by setting a flag, called do_ubd, which makes the request function
return (it's a residual of 2.4 block layer interface).
Meanwhile, however, merge this patch, which improves things.
Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: change ubd_lock to be a mutex
This lock protects ubd setup and teardown, so is only used in process context;
beyond that, during such setup memory allocations must be performed and some
generic functions which can sleep must be called (such as add_disk()). So the
only correct solution is to make it a mutex instead of a spin_lock. No other
change is done - this lock must be acquired in different places but it's done
afterwards.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: give better names to some functions.
To rethink locking, I needed to understand well what each function does.
While doing this I renamed some:
* ubd_close -> ubd_close_dev (since it pairs with ubd_open_dev)
* ubd_new_disk -> ubd_disk_register (it handles registration with the block
layer - one hopes this makes clearer the difference with ubd_add())
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Rename the ubd_dev array to ubd_devs and then call any "struct ubd" ubd_dev
instead of dev, which doesn't make clear what we're treating (and no, it's not
hungarian notation - not any more than calling all vm_area_struct vma or all
inodes inode).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: document some struct fields
Add documentation about some fields in struct ubd, whose meaning is
non-obvious due to struct names (should change names altogether, I agree).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: allow using up to 16 UBD devices
With 256 minors and 16 minors used per each UBD device, we can allow the use
of up to 16 UBD devices per UML.
Also chnage parse_unit and leave to the caller (which already do it) the check
for excess numbers, since this is just supposed to do raw parsing.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Tue, 31 Oct 2006 06:07:03 +0000 (22:07 -0800)]
[PATCH] find_bd_holder() fix
fs/block_dev.c: In function 'find_bd_holder':
fs/block_dev.c:666: warning: return makes integer from pointer without a cast
fs/block_dev.c:669: warning: return makes integer from pointer without a cast
fs/block_dev.c: In function 'add_bd_holder':
fs/block_dev.c:685: warning: unused variable 'tmp'
fs/block_dev.c: In function 'bd_claim_by_kobject':
fs/block_dev.c:773: warning: assignment makes pointer from integer without a cast
James Morris [Tue, 31 Oct 2006 08:43:44 +0000 (00:43 -0800)]
[IPV6]: fix flowlabel seqfile handling
There's a bug in the seqfile show operation for flowlabel objects, where
each hash chain is traversed cumulatively for each element. The following
function is called for each element of each chain:
Thus, objects can appear mutliple times when reading
/proc/net/ip6_flowlabel, as the above is called for each element in the
chain.
The solution is to remove the while() loop from the above, and traverse
each chain exactly once, per the patch below. This also removes the
ip6fl_fl_seq_show() function, which does nothing else.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Jamie Lenehan [Tue, 31 Oct 2006 03:35:02 +0000 (12:35 +0900)]
sh: Fix IPR-IRQ's for IRQ-chip change breakage.
The conversion from IPR-IRQ to IRQ-chip resulted in the
ipr data being allocated in a local variable in
make_ipr_irq - breaking anything using IPR interrupts.
This changes all of the callers of make_ipr_irq to
allocate a static structure containing the IPR data which
is then passed to make_ipr_irq. This removes the need for
make_ipr_irq to allocate any additional space for the IPR
information.
Signed-off-by: Jamie Lenehan <lenehan@twibble.org> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
David S. Miller [Mon, 30 Oct 2006 00:32:31 +0000 (16:32 -0800)]
[SPARC64]: Fix Tomatillo/Schizo IRQ handling.
The code in schizo_irq_trans_init() should set irq_data->sync_reg
to the location of the SYNC register if this is Tomatillo, and set
it to zero otherwise. But that is not what it is doing.
As a result, non-Tomatillo systems were trying to access a
non-existent register resulting in bus errors at the first
PCI interrupt.
Thanks to Roland Stigge for the bug report.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 31 Oct 2006 03:31:20 +0000 (19:31 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] MIPS doesn't need compat_sys_getdents.
[MIPS] JMR3927: Fixup another victim of the irq pt_regs cleanup.
[MIPS] EMMA 2 / Markeins: struct resource takes physical addresses.
[MIPS] EMMA 2 / Markeins: Convert to name struct resource initialization.
[MIPS] EMMA 2 / Markeins: Formitting fixes split from actual address fixes.
[MIPS] EMMA 2 / Markeins: Fix build wreckage due to genirq wreckage.
[MIPS] Ocelot G: Fix build error and numerous warnings.
[MIPS] Fix return value of TXX9 SPI interrupt handler
[MIPS] Au1000: Fix warning about unused variable.
[MIPS] Wire up getcpu(2) and epoll_wait(2) syscalls.
[MIPS] Make SB1 cache flushes not to use on_each_cpu
[MIPS] Fix warning about unused definition in c-sb1.c
[MIPS] SMTC: Make 8 the default number of processors.
[MIPS] Oprofile: Fix MIPSxx counter number detection.
[MIPS] Au1xx0 code sets incorrect mips_hpt_frequency
[MIPS] Oprofile: fix on non-VSMP / non-SMTC SMP configurations.
Jun'ichi Nomura [Mon, 30 Oct 2006 21:23:56 +0000 (16:23 -0500)]
[PATCH] clean up add_bd_holder()
add_bd_holder() is called from bd_claim_by_kobject to put a given struct
bd_holder in the list if there is no matching entry.
There are 3 possible results of add_bd_holder():
1. there is no matching entry and add the given one to the list
2. there is matching entry, so just increment reference count of
the existing one
3. something failed during its course
1 and 2 are successful cases. But for case 2, someone has to free the
unused struct bd_holder.
The current code frees it inside of add_bd_holder and returns same value
0 for both cases 1 and 2. However, it's natural and less error-prone if
caller frees it since it's allocated by the caller.
James Morris [Tue, 31 Oct 2006 02:56:06 +0000 (18:56 -0800)]
[IPV6]: return EINVAL for invalid address with flowlabel lease request
Currently, when an application requests a lease for a flowlabel via the
IPV6_FLOWLABEL_MGR socket option, no error is returned if an invalid type
of destination address is supplied as part of the request, leading to a
silent failure. This patch ensures that EINVAL is returned to the
application in this case.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 31 Oct 2006 02:55:11 +0000 (18:55 -0800)]
[SCTP]: Remove temporary associations from backlog and hash.
Every time SCTP creates a temporary association, the stack hashes it,
puts it on a list of endpoint associations and increments the backlog.
However, the lifetime of a temporary association is the processing time
of a current packet and it's destroyed after that. In fact, we don't
really want anyone else finding this association. There is no reason to
do this extra work.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 31 Oct 2006 02:54:32 +0000 (18:54 -0800)]
[SCTP]: Correctly set IP id for SCTP traffic
Make SCTP 1-1 style and peeled-off associations behave like TCP when
setting IP id. In both cases, we set the inet_sk(sk)->daddr and initialize
inet_sk(sk)->id to a random value.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Mon, 30 Oct 2006 23:22:15 +0000 (15:22 -0800)]
[NetLabel]: protect the CIPSOv4 socket option from setsockopt()
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket. The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send. The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes bug in iptables modules refcounting on compat error way.
As we are getting modules in check_compat_entry_size_and_hooks(), in case of
later error, we should put them all in translate_compat_table(), not in the
compat_copy_entry_from_user() or compat_copy_match_from_user(), as it is now.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Vasily Averin <vvs@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Martin Josefsson [Mon, 30 Oct 2006 23:13:58 +0000 (15:13 -0800)]
[NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse()
Add missing unlock in get_next_corpse() in nf_conntrack. It was missed
during the removal of listhelp.h . Also remove an unneeded use of
nf_ct_tuplehash_to_ctrack() in the same function.
Should be applied before 2.6.19 is released.
Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Vasily Averin [Mon, 30 Oct 2006 23:13:28 +0000 (15:13 -0800)]
[NETFILTER]: ip_tables: compat error way cleanup
This patch adds forgotten compat_flush_offset() call to error way of
translate_compat_table(). May lead to table corruption on the next
compat_do_replace().
Signed-off-by: Vasily Averin <vvs@openvz.org> Acked-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Mishin [Mon, 30 Oct 2006 23:12:55 +0000 (15:12 -0800)]
[NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables
There is a number of issues in parsing user-provided table in
translate_table(). Malicious user with CAP_NET_ADMIN may crash system by
passing special-crafted table to the *_tables.
The first issue is that mark_source_chains() function is called before entry
content checks. In case of standard target, mark_source_chains() function
uses t->verdict field in order to determine new position. But the check, that
this field leads no further, than the table end, is in check_entry(), which
is called later, than mark_source_chains().
The second issue, that there is no check that target_offset points inside
entry. If so, *_ITERATE_MATCH macro will follow further, than the entry
ends. As a result, we'll have oops or memory disclosure.
And the third issue, that there is no check that the target is completely
inside entry. Results are the same, as in previous issue.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
James Morris [Mon, 30 Oct 2006 23:08:42 +0000 (15:08 -0800)]
[IPV6]: fix lockup via /proc/net/ip6_flowlabel
There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where,
after finding a flowlabel, the code will loop forever not finding any
further flowlabels, first traversing the rest of the hash bucket then just
looping.
This patch fixes the problem by breaking after the hash bucket has been
traversed.
Note that this bug can cause lockups and oopses, and is trivially invoked
by an unpriveleged user.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Mon, 30 Oct 2006 07:46:42 +0000 (23:46 -0800)]
[SCTP]: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550).
It turns out that SCTP wasn't written to handle skb fragments at
all. The absence of any calls to skb_may_pull is testament to
that.
It just so happens that Xen creates fragmented packets more often
than other scenarios (header & data split when going from domU to
dom0). That's what caused this bug to show up.
Until someone has the time sits down and audits the entire net/sctp
directory, here is a conservative and safe solution that simply
linearises all packets on input.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>