It's wrong. We had a lengthy analysis of this piece of code
several months ago, and it is correct.
Consider, if we run the loop and we get an error
the following happens:
1) attempt of ifb_init_one(i) fails, therefore we should
not try to "ifb_free_one()" on "i" since it failed
2) the loop iteration first increments "i", then it
check for error
Therefore we must decrement "i" twice before the first
free during the cleanup. One to "undo" the for() loop
increment, and one to "skip" the ifb_init_one() case which
failed."
Reported-by: David Miller <davem@davemloft.net> Acked-by: Jeff Garzik <jgarzik@pobox.com> Cc: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Serge E. Hallyn [Tue, 30 Jan 2007 21:28:23 +0000 (15:28 -0600)]
[PATCH] namespaces: fix task exit disaster
This is based on a patch by Eric W. Biederman, who pointed out that pid
namespaces are still fake, and we only have one ever active.
So for the time being, we can modify any code which could access
tsk->nsproxy->pid_ns during task exit to just use &init_pid_ns instead,
and move the exit_task_namespaces call in do_exit() back above
exit_notify(), so that an exiting nfs server has a valid tsk->sighand to
work with.
Long term, pulling pid_ns out of nsproxy might be the cleanest solution.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
[ Eric's patch fixed to take care of free_pid() too ]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 30 Jan 2007 21:35:18 +0000 (13:35 -0800)]
Revert "[PATCH] namespaces: fix exit race by splitting exit"
This reverts commit 7a238fcba0629b6f2edbcd37458bae56fcf36be5 in
preparation for a better and simpler fix proposed by Eric Biederman
(and fixed up by Serge Hallyn)
Acked-by: Serge E. Hallyn <serue@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 30 Jan 2007 16:46:17 +0000 (08:46 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: fix translation for START STOP UNIT
libata-scsi: ata_task_ioctl should return ATA registers from sense data
pata_platform: set_mode fix
ata_if_xfermask() word 51 fix
pata_sil680: PIO1 taskfile transfers overclocking fix (repost)
libata: fix ata_eh_suspend() return value
ahci: port_no should be used when clearing IRQ in ahci_thaw()
Fix trivial conflict in drivers/ata/pata_platform.c manually
* master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart:
[AGPGART] Add new IDs to VIA AGP.
[AGPGART] Remove pointless assignment.
[AGPGART] Remove pointless typedef in ati-agp
[AGPGART] Prevent (unlikely) memory leak in amd_create_gatt_pages()
[AGPGART] intel_agp: restore graphics device's pci space early in resume
* master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6:
via82cxxx/pata_via: correct PCI_DEVICE_ID_VIA_SATA_EIDE ID and add support for CX700 and 8237S
ide: unregister idepnp driver on unload
ide: add missing __init tags to IDE PCI host drivers
ia64: add pci_get_legacy_ide_irq()
ide/generic: Jmicron has its own drivers now
atiixp.c: add cable detection support for ATI IDE
atiixp.c: sb600 ide only has one channel
atiixp.c: remove unused code
jmicron: fix warning
ide: update MAINTAINERS entry
Al Viro [Tue, 30 Jan 2007 13:23:40 +0000 (13:23 +0000)]
[PATCH] fix indentation-related breakage in Kconfig.i386
Kconfig recognizes the end of help text by receding indentation depth.
Recent patch had broken HOST_VMSPLIT_... choice in arch/um/Kconfig.i386 -
all alternatives are interpreted as part of help text now.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
What DMA for 16bit pcmcia card, anyway? We never do request_dma()
there and ->dma_channel never changes since initialization to -1.
IOW, that call is dead code.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 30 Jan 2007 16:35:12 +0000 (08:35 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix typo of "CONFIG_MT_SMP".
[MIPS] Ocelot G: Fix a few misspellings of CONFIG_GALILEO_GT64240_ETH
[PATCH] Malta: Fix build if CONFIG_MTD is diabled.
Hugh Dickins [Mon, 29 Jan 2007 21:24:08 +0000 (21:24 +0000)]
[PATCH] mm: mremap correct rmap accounting
Nick Piggin points out that page accounting on MIPS multiple ZERO_PAGEs
is not maintained by its move_pte, and could lead to freeing a ZERO_PAGE.
Instead of complicating that move_pte, just forget the minor optimization
when mremapping, and change the one thing which needed it for correctness
- filemap_xip use ZERO_PAGE(0) throughout instead of according to address.
[ "There is no block device driver one could use for XIP on mips
platforms" - Carsten Otte ]
[PATCH] i386: In assign_irq_vector look at all vectors before giving up
When the world was a simple and static place setting up irqs was easy.
It sufficed to allocate a linux irq number and a find a free cpu
vector we could receive that linux irq on. In those days it was
a safe assumption that any allocated vector was actually in use
so after one global pass through all of the vectors we would have
none left.
These days things are much more dynamic with interrupt controllers
(in the form of MSI or MSI-X) appearing on plug in cards and linux
irqs appearing and disappearing. As these irqs come and go vectors
are allocated and freed, invalidating the ancient assumption that all
allocated vectors stayed in use forever.
So this patch modifies the vector allocator to walk through every
possible vector before giving up, and to check to see if a vector
is in use before assigning it. With these changes we stop leaking
freed vectors and it becomes possible to allocate and free irq vectors
all day long.
This changed was modeled after the vector allocator on x86_64 where
this limitation has already been removed. In essence we don't update
the static variables that hold the position of the last vector we
allocated until have successfully allocated another vector. This
allows us to detect if we have completed one complete scan through
all of the possible vectors.
Acked-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 30 Jan 2007 16:29:05 +0000 (08:29 -0800)]
Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 4117/1: S3C2412: Fix writel() usage in selection code
[ARM] 4111/1: Allow VFP to work with thread migration on SMP
[ARM] 4112/1: Only ioremap to supersections if DOMAIN_IO is zero
[ARM] 4106/1: S3C2410: typo fixes in register definitions
[ARM] 4102/1: Allow for PHYS_OFFSET on any valid 2MiB address
[ARM] Fix AMBA serial drivers for non-first serial ports
[ARM] 4100/1: iop3xx: fix cpu mask for iop333
[ARM] Update mach-types
[ARM] Fix show_mem() for discontigmem
[ARM] 4096/1: S3C24XX: change return code form s3c2410_gpio_getcfg()
[ARM] 4095/1: S3C24XX: Fix GPIO set for Bank A
[ARM] 4092/1: i.MX/MX1 CPU Frequency scaling latency definition
[ARM] 4089/1: AT91: GPIO wake IRQ cleanup
[ARM] 4088/1: AT91: Unbalanced IRQ in serial driver suspend/resume
[ARM] 4087/1: AT91: CPU reset for SAM9x processors
[ARM] 4086/1: AT91: Whitespace cleanup
[ARM] 4085/1: AT91: Header fixes.
[ARM] 4084/1: Remove CONFIG_DEBUG_WAITQ
[PATCH] `make help' in build tree doesn't show headers_* targets
`make help' in the build tree doesn't show the help texts about the
`headers_install' and `headers_check' targets because it looks for
include/asm-$(ARCH)/Kbuild in the wrong place.
Add the missing `$(srctree)' prefixes to fix this.
Also move the printing of the default install path for the headers inside the
`if/fi', where it belongs.
During ufs_trunc_direct which is subroutine of ufs::truncate, we try the first
of all free parts of block and then whole blocks. But we calculate size of
block's part to free in the wrong way.
This may cause bad update of used blocks and fragments statistic, and you can
got report that you have free 32T on 1Gb partition.
These series of patches result of UFS1 write support stress testing, like
running fsx-linux, untar and build linux kernel etc
We pass from ufs::get_block_t to levels below: pointer to the current page, to
make possible things like reallocation of blocks on the fly, and we also uses
this pointer for indication, what actually we allocate data block or meta data
block, but currently we make decision about what we allocate on the wrong
level, this may and cause oops if we allocate blocks in some special order.
Miklos Szeredi [Mon, 29 Jan 2007 21:19:54 +0000 (13:19 -0800)]
[PATCH] fuse: fix bug in control filesystem mount
The BUG in fuse_ctl_add_dentry() could be triggered if the control
filesystem was unmounted and mounted again while one or more fuse
filesystems were present.
The fix is to reset the dentry counter in fuse_ctl_kill_sb().
Andrew Morton [Mon, 29 Jan 2007 21:19:50 +0000 (13:19 -0800)]
[PATCH] m68k: uaccess.h needs sched.h
In file included from include/linux/crypto.h:26,
from crypto/cipher.c:17:
include/linux/uaccess.h: In function 'pagefault_disable':
include/linux/uaccess.h:18: error: dereferencing pointer to incomplete type
include/linux/uaccess.h: In function 'pagefault_enable':
include/linux/uaccess.h:33: error: dereferencing pointer to incomplete type
video_buf need PCI.
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Roman Zippel <zippel@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Robert P. J. Day [Mon, 29 Jan 2007 21:19:50 +0000 (13:19 -0800)]
[PATCH] Fix "CONFIG_X86_64_" typo in drivers/kvm/svm.c
Fix what looks like an obvious typo in the file drivers/kvm/svm.c.
Signed-off-by: Robert P. J. Day <rpjday@mindspring.com> Acked-by: Avi Kivity <avi@qumranet.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix UML hostfs mknod(): userspace has differernt dev_t size and encoding
than kernel, so extract major/minor and reencode using glibc makedev()
macro.
Signed-off-by: Johannes Stezenbach <js@linuxtv.org> Acked-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Serge E. Hallyn [Mon, 29 Jan 2007 21:19:40 +0000 (13:19 -0800)]
[PATCH] namespaces: fix exit race by splitting exit
Fix exit race by splitting the nsproxy putting into two pieces. First
piece reduces the nsproxy refcount. If we dropped the last reference, then
it puts the mnt_ns, and returns the nsproxy as a hint to the caller. Else
it returns NULL. The second piece of exiting task namespaces sets
tsk->nsproxy to NULL, and drops the references to other namespaces and
frees the nsproxy only if an nsproxy was passed in.
A little awkward and should probably be reworked, but hopefully it fixes
the NFS oops.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Cedric Le Goater <clg@fr.ibm.com> Cc: Daniel Hokka Zakrisson <daniel@hozac.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andy Gospodarek [Mon, 29 Jan 2007 20:08:38 +0000 (12:08 -0800)]
bonding: ARP monitoring broken on x86_64
While working with the latest bonding code I noticed a nasty problem that
will prevent arp monitoring from always functioning correctly on x86_64
systems. Comparing ints to longs and expecting reliable results on x86_64
is a bad idea. With this patch, arp monitoring works correctly again.
Signed-off-by: Andy Gospodarek <andy@greyhouse.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Stephen Hemminger <shemminger@osdl.org> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Andrew Morton [Sat, 27 Jan 2007 08:00:04 +0000 (00:00 -0800)]
82596 warning fixes
drivers/net/82596.c: In function 'i596_start_xmit':
drivers/net/82596.c:1069: warning: cast from pointer to integer of different size
drivers/net/82596.c: In function 'i82596_probe':
drivers/net/82596.c:1249: warning: format '%d' expects type 'int', but argument 4 has type 'long unsigned int'
Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Vitaly Bordug [Sat, 27 Jan 2007 08:00:04 +0000 (00:00 -0800)]
FS_ENET: OF-related fixup for FEC and SCC MAC's
Updated direct resource pass with ioremap call, make it grant proper IRQ
mapping, stuff incompatible with the new approach were respectively put
under #ifndef CONFIG_PPC_MERGE. It is required so that both ppc and
powerpc could utilize fs_enet effectively.
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
The b44 chip occasionally needs to be reset when ISTAT_ERRORS are
encountered. The reset sequence includes a PHY reset that will take many
seconds to complete and cause the link to go down and up. By skipping the
PHY reset, it will greatly reduce the interruption when ISTAT_ERRORS are
encountered.
Change the full_reset parameter to reset_kind parameter in b44_init_hw().
This will allow PHY reset to be skipped when ISTAT_ERRORS are encountered.
Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Robert Hancock [Tue, 30 Jan 2007 08:59:18 +0000 (00:59 -0800)]
libata: fix translation for START STOP UNIT
libata's SCSI translation for the SCSI START STOP UNIT command with the
START bit clear (i.e. stopping the drive) appears to be incorrect. It
sends an ATA STANDBY command with the time period set to 0, which the code
comment says means "now", but the ATA standard says this means disable the
standby timer, which effectively does nothing. Change this to issue a
STANDBY IMMEDIATE command which will actually spin the drive down. The SAT
(SCSI/ATA Translation) standard revision 9 concurs with this choice.
Signed-off-by: Robert Hancock <hancockr@shaw.ca> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
David Milburn [Tue, 30 Jan 2007 08:59:15 +0000 (00:59 -0800)]
libata-scsi: ata_task_ioctl should return ATA registers from sense data
User applications using the HDIO_DRIVE_TASK ioctl through libata expect
specific ATA registers to be returned to userspace. Verified that
ata_task_ioctl correctly returns register values to the smartctl
application.
Signed-off-by: David Milburn <dmilburn@redhat.com> Acked-by: Tejun Heo <htejun@gmail.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Andrew Morton [Tue, 30 Jan 2007 08:59:14 +0000 (00:59 -0800)]
pata_platform: set_mode fix
drivers/ata/pata_platform.c:85: warning: initialization from incompatible pointer type
Cc: Jeff Garzik <jeff@garzik.org> Cc: Tejun Heo <htejun@gmail.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
If word 53 bit 1 isn't set, the maximum PIO mode is indicated by
the upper 8 bits of word 51, not the lower 8 bits. Fixes PIO mode
detection on old Compact Flash cards.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix PIO mode 1 overclocked taskfile transfers -- probably a typo carried over
from drivers/ide/pci/siimage.c where I've found it by documentation check...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Mike Christie [Tue, 30 Jan 2007 02:18:38 +0000 (21:18 -0500)]
[PATCH] Fix SG_IO timeout jiffy conversion
Commit 85e04e371b5a321b5df2bc3f8e0099a64fb087d7 cleaned up the timeout
conversion, but did it exactly the wrong way. We get msecs from user
space, and should convert them into jiffies. Not the other way around.
Here is a fix with the overflow check sg.c has added in. This fixes DVD
burnign with Nero.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
[ "you'll be wanting a comma there" - Andrew ] Cc: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 30 Jan 2007 00:37:38 +0000 (16:37 -0800)]
Fix balance_dirty_page() calculations with CONFIG_HIGHMEM
This makes balance_dirty_page() always base its calculations on the
amount of non-highmem memory in the machine, rather than try to base it
on total memory and then falling back on non-highmem memory if the
mapping it was writing wasn't highmem capable.
This not only fixes a situation where two different writers can have
wildly different notions about what is a "balanced" dirty state, but it
also means that people with highmem machines don't run into an OOM
situation when regular memory fills up with dirty pages.
We used to try to handle the latter case by scaling down the dirty_ratio
if the machine had a lot of highmem pages in page_writeback_init(), but
it wasn't aggressive enough for some situations, and since basing the
dirty ratio on highmem memory was broken in the first place, let's just
stop doing so.
(A variation of this theme fixed Justin Piszcz's OOM problem when
copying an 18GB file on a RAID setup).
Acked-by: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Justin Piszcz <jpiszcz@lucidpixels.com> Cc: Andrew Morton <akpm@osdl.org> Cc: Neil Brown <neilb@suse.de> Cc: Ingo Molnar <mingo@elte.hu> Cc: Randy Dunlap <rdunlap@xenotime.net> Cc: Christoph Lameter <clameter@sgi.com> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Takashi Iwai [Fri, 26 Jan 2007 11:40:31 +0000 (12:40 +0100)]
[PATCH] ALSA: Fix sysfs breakage
The recent change for a new sysfs tree with card* object breaks the
/sys/class/sound tree if CONFIG_SYSFS_DEPRECATED is enabled.
The device in each entry doesn't point the correct device object:
Also, this change breaks some drivers (like sound/arm/*) referring
card->dev directly to obtain the device object for memory handling.
This patch reverts the semantics of card->dev to the former version,
which points to a real device object. The card* object is stored in a
new card->card_dev field, instead. The device parent is chosen either
card->dev or card->card_dev according to CONFIG_SYSFS_DEPRECATED to
keep the tree compatibility.
Also, card* isn't created if CONFIG_SYSFS_DEPRECATED is enabled. The
reason of card* object is a root of all beloing devices, and it makes
little sense if each sound device points to the real device object
directly.
Dave Jones [Mon, 29 Jan 2007 05:07:04 +0000 (00:07 -0500)]
[CPUFREQ] Remove unneeded errata workaround from p4-clockmod.
This workaround unnecessarily cripples functionality to work
around an errata that doesn't seem possible to hit due to
us using the automatic clock throttling in the p4 mcheck code.
See http://lkml.org/lkml/2006/10/28/148 for complete reasoning
and lack of disconsent.
A stupid bug has been plaguing the sys_pciconfig_iobase on ppc64. It wasn't
noticed until recently as it seems to not affect G5s but it's been causing
problems running X servers on some other machines recently. The bus number
matching was bogus.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Josepch Chan [Sat, 27 Jan 2007 12:47:08 +0000 (13:47 +0100)]
via82cxxx/pata_via: correct PCI_DEVICE_ID_VIA_SATA_EIDE ID and add support for CX700 and 8237S
This patch:
* Corrects the wrong device ID of PCI_DEVICE_ID_VIA_SATA_EIDE
from 0x0581 to 0x5324.
* Adds VIA CX700 and VT8237S support in drivers/ide/pci/via82cxxx.c
* Adds VIA VT8237S support in drivers/ata/pata_via.c
Tejun Heo [Sat, 27 Jan 2007 12:47:02 +0000 (13:47 +0100)]
ide: unregister idepnp driver on unload
idepnp driver is registered as a pnp driver on ide init but doesn't
get unregistered on ide unload causing driver list corruption and
eventually oops. Fix it.
Alan Cox [Sat, 27 Jan 2007 12:46:45 +0000 (13:46 +0100)]
ide/generic: Jmicron has its own drivers now
Drop ide-generic support for Jmicron identifiers as we now trust Jmicron.c for
this with drivers/ide. The code check remains for the all-generic-ide case.
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Tejun Heo [Sat, 27 Jan 2007 02:04:26 +0000 (11:04 +0900)]
ahci: port_no should be used when clearing IRQ in ahci_thaw()
ap->id is logcial port ID which is unique among all ATA ports and
doesn't have anything to do with hardware port index. ap->port_no is
the hardware port index and thus should be used when clearing IRQ mask
in ahci_thaw().
This problem has been spotted by Jeff Garzik <jgarzik@pobox.com>.
Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
When main table is just a single leaf this gets printed as belonging to the
local table in /proc/net/fib_trie. A fix is below.
Signed-off-by: Robert Olsson <robert.olsson@its.uu.se> Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 27 Jan 2007 02:48:16 +0000 (18:48 -0800)]
[SPARC64]: Set g4/g5 properly in sun4v dtlb-prot handling.
Mirror the logic in the sun4u handler, we have to update
both registers even when we branch out to window fault
fixup handling.
The way it works is that if we are in etrap processing a
fault already, g4/g5 holds the original fault information.
If we take a window spill fault while doing etrap, then
we put the window spill fault info into g4/g5 and this is
what the top-level fault handler ends up processing first.
Then we retry the originally faulting instruction, and
process the original fault at that time.
This is all necessary because of how constrained the trap
registers are in these code paths. These cases trigger
very rarely, so even if there is some performance implication
it's doesn't happen very often. In fact the rarity is why
it took so long to trigger and find this particular bug.
Signed-off-by: David S. Miller <davem@davemloft.net>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NETFILTER]: nf_conntrack_pptp: fix NAT setup of expected GRE connections
[NETFILTER]: nf_nat_pptp: fix expectation removal
[NETFILTER]: nf_nat: fix ICMP translation with statically linked conntrack
[TCP]: Restore SKB socket owner setting in tcp_transmit_skb().
[AF_PACKET]: Check device down state before hard header callbacks.
[DECNET]: Handle a failure in neigh_parms_alloc (take 2)
[BNX2]: Fix 2nd port's MAC address.
[TCP]: Fix sorting of SACK blocks.
[AF_PACKET]: Fix BPF handling.
[IPV4]: Fix the fib trie iterator to work with a single entry routing tables
Linus Torvalds [Fri, 26 Jan 2007 22:45:18 +0000 (14:45 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
Fix Maple PATA IRQ assignment.
ahci: use 0x80 as wait stat value instead of 0xff
sata_via: style clean up, no indirect method call in LLD
ahci: fix endianness in spurious interrupt message
libata-sff: Don't call bmdma_stop on non DMA capable controllers
libata: implement ATA_FLAG_IGN_SIMPLEX and use it in sata_uli
ahci: improve and limit spurious interrupt messages, take#3
sata_via: don't diddle with ATA_NIEN in ->freeze
libata: set_mode, Fix the FIXME
libata hpt3xn: Hopefully sort out the DPLL logic versus the vendor code
libata cmd64x: whack into a shape that looks like the documentation
David Woodhouse [Mon, 1 Jan 2007 19:31:15 +0000 (19:31 +0000)]
Fix Maple PATA IRQ assignment.
On the Maple board, the AMD8111 IDE is in legacy mode... except that it
appears on IRQ 20 instead of IRQ 15. For drivers/ide this was handled by
the architecture's "pci_get_legacy_ide_irq()" function, but in libata we
just hard-code the numbers 14 and 15.
This patch provides asm-powerpc/libata-portmap.h which maps the IRQ as
appropriate, having added a pci_dev argument to the
ATA_{PRIM,SECOND}ARY_IRQ macros.
There's probably a better way to do this -- especially if we observe
that the _only_ case in which this seemingly-generic
"pci_get_legacy_ide_irq()" function returns anything other than 14 and
15 for primary and secondary respectively is the case of the AMD8111 on
the Maple board -- couldn't we handle that with a special case in the
pata_amd driver, or perhaps with a PCI quirk for Maple to switch it into
native mode during early boot and assign resources properly?
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Tejun Heo [Fri, 26 Jan 2007 06:37:20 +0000 (15:37 +0900)]
ahci: use 0x80 as wait stat value instead of 0xff
Before hardreset, ahci initialized stat part of received FIS area to
0xff to wait for the first D2H Reg FIS which would change the value to
device ready state. This used to work but now libata considers status
value of 0xff as device not present making this wait prone to failure.
This patch makes ahci use 0x80 for the wait stat value instead of
0xff to fix the above problem.
Matt Domsch [Fri, 26 Jan 2007 08:57:18 +0000 (00:57 -0800)]
[PATCH] Fix race in efi variable delete code
Fix race when deleting an EFI variable and issuing another EFI command on
the same variable. The removal of the variable from the efivars_list
should be done in efivar_delete and not delayed until the kobject release.
Furthermore, remove the item from the list at module unload time, and use
list_for_each_entry_safe() rather than list_for_each_safe() for
readability.
Tested on ia64.
Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Matt Domsch <Matt_Domsch@dell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexey Dobriyan [Fri, 26 Jan 2007 08:57:16 +0000 (00:57 -0800)]
[PATCH] core-dumping unreadable binaries via PT_INTERP
Proposed patch to fix #5 in
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
aka
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073
To reproduce, do
* grab poc at the end of advisory.
* add line "eph.p_memsz = 4096;" after "eph.p_filesz = 4096;"
where first "4096" is something equal to or greater than 4096.
* ./poc /usr/bin/sudo && ls -l
Here I get with 2.6.20-rc5:
-rw------- 1 ad ad 102400 2007-01-15 19:17 core
---s--x--x 2 root root 101820 2007-01-15 19:15 /usr/bin/sudo
NeilBrown [Fri, 26 Jan 2007 08:57:14 +0000 (00:57 -0800)]
[PATCH] md: remove unnecessary printk when raid5 gets an unaligned read.
raid5_mergeable_bvec tries to ensure that raid5 never sees a read request
that does not fit within just one chunk. However as we must always accept
a single-page read, that is not always possible.
So when "in_chunk_boundary" fails, it might be unusual, but it is not a
problem and printing a message every time is a bad idea.
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Fri, 26 Jan 2007 08:57:12 +0000 (00:57 -0800)]
[PATCH] Fix UML on non-standard VM split hosts
This fixes UML on hosts with non-standard VM splits. We had changed the
config variable that controls UML behavior on such hosts, but not
propogated the change everywhere. In particular, the values of STUB_CODE
and STUB_DATA relied on the old variable.
I also reformatted the HOST_VMSPLIT_3G help to make it more standard.
Spotted by uml@flonatel.org.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Blaisorblade <blaisorblade@yahoo.it> Cc: Pravin <shindepravin@gmail.com> Cc: <uml@flonatel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>