David S. Miller [Wed, 9 Jan 2008 13:09:06 +0000 (05:09 -0800)]
[SPARC]: Make gettimeofday() monotonic again.
When we switched away from the optimized C version
things stopped being monotonic.
The problem is that if we run this with interrupts disabled, we can
see the interrupt pending because the counter reached the limit value.
When this happens the counter has bit 31 set, and the low bits start
counting again from zero.
Reported by Martin Habets.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 11 Jan 2008 19:48:00 +0000 (11:48 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Replace 40c7869b693b18412491fdcff64682215b739f9e kludge
[MIPS] Lasat: Fix built in separate object directory.
[MIPS] Malta: Fix software reset on big endian
[MIPS] pnx8xxx: move to clocksource
[MIPS] Wrong CONFIG option prevents setup of DMA zone.
This change avoids the deadlock by moving the acquire_console_sem()
out of ps3fb_sync(), and puts it into the two other callsites, leaving
ps3fb_release() to call ps3fb_sync() without the console semaphore.
[Geert]
- Corrected call sequence above
- ps3fb_release() may be called with and without console_sem held. This is an
inconsistency that should be fixed at the fb level, but for now, try to
acquire console_sem in ps3fb_release().
I think it's safer to let ps3fb_release() try to acquire console_sem and
not refresh the screen if it fails, than to call ps3fb_sync() without
holding console_sem, as ps3fb_par may be modified at the same time, causing
crashes or lockups.
Besides, ps3fb_release() only calls ps3fb_sync() to refresh the screen
when display flipping is disabled, which is an uncommon case (except during
shutdown/kexec).
Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeremy Kerr [Fri, 11 Jan 2008 13:27:10 +0000 (14:27 +0100)]
ps3fb: prevent use after free of fb_info
In ps3fb_shutdown, freeing the framebuffer will cause fb_info (in
dev->core.driver_data) to be free()ed, which we potentially access
from the ps3fbd kthread.
This change frees the framebuffer after stopping the ps3fbd kthread.
Linus Torvalds [Fri, 11 Jan 2008 19:44:59 +0000 (11:44 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
blktrace: kill the unneeded initcall
block: fix blktrace timestamps
loop: fix bad bio_alloc() nr_iovec request
Don't blatt first element of prv in sg_chain()
Massimo Cirillo [Fri, 11 Jan 2008 10:24:11 +0000 (10:24 +0000)]
cache invalidation error for buffered write
The bug causes corruptions of data read from flash.
The original code performs cache invalidation from "adr" to "adr + len"
in do_write_buffer(). Since len and adr could be updated in the code
before invalidation - it causes improper setting of cache invalidation
regions.
Signed-off-by: Massimo Cirillo <maxcir@gmail.com> Signed-off-by: Giuseppe D'Eliseo <giuseppedeliseo@gmail.com> Acked-by: Nicolas Pitre <nico@cam.org> Acked-by: Jörn Engel <joern@logfs.org> Signed-off-by: David Woohouse <dwmw2@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dmitri Vorobiev [Tue, 8 Jan 2008 03:44:00 +0000 (06:44 +0300)]
[MIPS] Malta: Fix software reset on big endian
I noticed that the commit f197465384bf7ef1af184c2ed1a4e268911a91e3
(MIPS Tech: Get rid of volatile in core code) broke the software
reset functionality for MIPS Malta boards in big-endian mode.
According to the MIPS Malta board user's manual, writing the magic
32-bit GORESET value into the SOFTRES register initiates board soft
reset. My experimentation has shown that the endianness of the GORESET
integer should thereby be the same as the endianness, which has been
set for the CPU itself. The writew() function used to write the magic
value in the code introduced by the commit mentioned above, however,
swaps bytes for big-endian kernels and transfers 16 bits instead of 32.
The patch below replaces the writew() function by the __raw_writel()
routine, which leaves the byte order intact and transfers the whole
MIPS machine word. Trivial code cleanup (replacing spaces by a tab
and cutting oversized lines to make checkpatch.pl happy) is also
included.
The patch was tested using a Malta evaluation board running in both
BE and LE modes. For both modes, software reset was fully functional
after the change.
P.S. I suspect that the same commit broke the "standby" functionality
for MIPS Atlas boards. However, I did not touch the Atlas code as I
don't have such board at my disposal and also because the linux-mips.org
Web site claims that Atlas support is scheduled for removal.
Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Hans Verkuil [Thu, 10 Jan 2008 21:33:16 +0000 (18:33 -0300)]
V4L/DVB (6999): ivtv: stick to udelay=10 after all
Using an udelay of 5 seems to result in problems for several people.
For now abandon the udelay value of 5 and stick to 10, even though this
will mean a longer load time of the cx2584x firmware.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Ingo Molnar [Fri, 11 Jan 2008 12:35:54 +0000 (13:35 +0100)]
block: fix blktrace timestamps
David Dillow reported broken blktrace timestamps. The reason
is cpu_clock() which is not a global time source.
Fix bkltrace timestamps by using ktime_get() like the networking
code does for packet timestamps. This also removes a whole lot
of complexity from bkltrace.c and shrinks the code by 500 bytes:
text data bss dec hex filename
2888 124 44 3056 bf0 blktrace.o.before
2390 116 44 2550 9f6 blktrace.o.after
This patch should fix the issue seen on Alpha with unaligned accesses in
the new readdir code. By aligning each dirent to sizeof(u64) we'll avoid
unaligned accesses. To make doubly sure we're not hitting problems also
rearrange struct hack_dirent to avoid holes.
Paul Mundt [Fri, 11 Jan 2008 04:18:16 +0000 (13:18 +0900)]
sh: Force __access_ok() to obey address space limit.
When the thread_info->addr_limit changes were introduced, __access_ok()
was missed in the conversion, allowing user processes to perform P1/P2
accesses under certain conditions.
This has already been corrected with the nommu refactoring in later
kernels.
Linus Torvalds [Thu, 10 Jan 2008 22:53:37 +0000 (14:53 -0800)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata and starting/stopping ATAPI floppy devices
sata_sil24: prevent hba lockup when pass-through ATA commands are used
Update kernel parameter document for libata DMA mode setting knobs.
libata: don't normalize UNKNOWN to NONE after reset
libata-pmp: propagate timeout to host link
libata-pmp: 4726 hates SRST
pata_ixp4xx_cf: fix compilation introduced by ata_port_desc() conversion
pata_pdc202xx_old: Further fixups
libata-sff: PCI IRQ handling fix
sata_qstor: use hardreset instead of softreset
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
trm290: do hook dma_host_{on,off} methods (take 2)
ide: fix cable detection for SATA bridges
ide: workaround suspend bug for ACPI IDE
Shaohua Li [Thu, 10 Jan 2008 22:03:42 +0000 (23:03 +0100)]
ide: workaround suspend bug for ACPI IDE
http://bugzilla.kernel.org/show_bug.cgi?id=9673
ACPI _PS3 cause S4 breaks in the second attempt. The system has a _PS3
method for IDE, which will call into SMM mode. Currently we haven't clue
why just the second attempt fails, as it's totally in BIOS code, so
blacklist the system so far for 2.6.24.
A possible suspect is ACPI NVS isn't save/restore, we will revisit the
bug after linux does ACPI NVS save/restore.
Signed-off-by: Shaohua Li <shaohua.li@intel.com> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Reported-by: Mikko Vinni <mmvinni@yahoo.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Gwendal Grignou [Thu, 10 Jan 2008 06:47:56 +0000 (15:47 +0900)]
sata_sil24: prevent hba lockup when pass-through ATA commands are used
Fix commands timeout with Sil3124/3132 based HBA when pass-through ATA
commands [where ATA_QCFLAG_RESULT_TF is set] are used while other
commands are active on other devices connected to the same port with a
Port Multiplier. Due to a hardware bug, these commands must be sent
alone, like ATAPI commands.
Tejun Heo [Tue, 8 Jan 2008 11:26:12 +0000 (20:26 +0900)]
libata: don't normalize UNKNOWN to NONE after reset
After non-classifying reset, ehc->classes[] could contain
ATA_DEV_UNKNOWN which used to be normalized to ATA_DEV_NONE for
consistency. However, this causes unfortunate side effect for drivers
which have non-classifying hardresets (e.g. sata_nv) by making
hardreset report ATA_DEV_NONE for non-classifying resets and thus
makes EH believe that the port is unoccupied and recovery can be
skipped. The end result is that after a device is swapped with
another one, the new device isn't attached after the old one is
detached.
This patch makes ata_eh_reset() not normalize UNKNOWN to NONE after
non-classifying resets. This fixes the above problem. As UNKNOWN and
NONE are handled differently by only EH hotplug logic, this doesn't
cause other behavior changes.
Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Robert Hancock <hancockr@shaw.ca> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Alan Cox [Fri, 4 Jan 2008 00:08:49 +0000 (00:08 +0000)]
pata_pdc202xx_old: Further fixups
Turns out distros always enabled burst mode and it is pretty essential so
do the same. Also sort out the post DMA mode restore properly.
My 20263 card now seems happy but needs some four drive tests done yet
(when I've persuaded the kernel not to hang in the edd boot code if I
plug them in ..)
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Alan Cox [Thu, 3 Jan 2008 17:22:28 +0000 (17:22 +0000)]
libata-sff: PCI IRQ handling fix
It is legitimate (although annoying and silly) for a PCI IDE controller
not to be assigned an interrupt and to be polled. The libata-sff code
should therefore not try and request IRQ 0 in this case.
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Tejun Heo [Thu, 3 Jan 2008 15:22:19 +0000 (00:22 +0900)]
sata_qstor: use hardreset instead of softreset
During conversion to new EH, sata_qstor was accidentaly changed to use
softreset, which is buggy on this chip, instead of hardreset. This
patch updates sata_qstor such that it uses hardreset again.
This fixes bugzilla bug 9631.
Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Mark Lord <mlord@pobox.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Herbert Xu [Thu, 10 Jan 2008 21:09:35 +0000 (08:09 +1100)]
[CRYPTO] padlock: Fix alignment fault in aes_crypt_copy
The previous patch fixed spurious read faults from occuring by copying
the data if we happen to have a single block at the end of a page. It
appears that gcc cannot guarantee 16-byte alignment in the kernel with
__attribute__. The following report from Torben Viets shows a buffer
that's only 8-byte aligned:
FUJITA Tomonori [Tue, 8 Jan 2008 14:07:01 +0000 (23:07 +0900)]
[SCSI] qla1280: fix 32 bit segment code
There's an error remaining in the 32 bit descriptor code after the
conversion to dma accessors: req_cnt is left uninitialised.
qla1280_32bit_start_scsi gives the following warnings:
drivers/scsi/qla1280.c: In function 'qla1280_32bit_start_scsi':
drivers/scsi/qla1280.c:3044: warning: unused variable 'dma_handle'
drivers/scsi/qla1280.c: In function 'qla1280_queuecommand':
drivers/scsi/qla1280.c:3060: warning: 'req_cnt' is used uninitialized in this function
drivers/scsi/qla1280.c:3042: note: 'req_cnt' was declared here
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (36 commits)
[ATM]: Check IP header validity in mpc_send_packet
[IPV6]: IPV6_MULTICAST_IF setting is ignored on link-local connect()
[CONNECTOR]: Don't touch queue dev after decrement of ref count.
[SOCK]: Adds a rcu_dereference() in sk_filter
[XFRM]: xfrm_algo_clone() allocates too much memory
[FORCEDETH]: Fix reversing the MAC address on suspend.
[NET]: mcs7830 passes msecs instead of jiffies to usb_control_msg
[LRO] Fix lro_mgr->features checks
[NET]: Clone the sk_buff 'iif' field in __skb_clone()
[IPV4] ROUTE: ip_rt_dump() is unecessary slow
[NET]: kaweth was forgotten in msec switchover of usb_start_wait_urb
[NET] Intel ethernet drivers: update MAINTAINERS
[NET]: Make ->poll() breakout consistent in Intel ethernet drivers.
[NET]: Stop polling when napi_disable() is pending.
[NET]: Fix drivers to handle napi_disable() disabling interrupts.
[NETXEN]: Fix ->poll() done logic.
mac80211: return an error when SIWRATE doesn't match any rate
ssb: Fix probing of PCI cores if PCI and PCIE core is available
[NET]: Do not check netif_running() and carrier state in ->poll()
[NET]: Add NAPI_STATE_DISABLE.
...
Roland McGrath [Wed, 9 Jan 2008 08:03:23 +0000 (00:03 -0800)]
show_task: real_parent
The show_task function invoked by sysrq-t et al displays the
pid and parent's pid of each task. It seems more useful to
show the actual process hierarchy here than who is using
ptrace on each process.
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Herbert Xu [Wed, 9 Jan 2008 11:51:59 +0000 (03:51 -0800)]
[ATM]: Check IP header validity in mpc_send_packet
Al went through the ip_fast_csum callers and found this piece of code
that did not validate the IP header. While root crashing the machine
by sending bogus packets through raw or AF_PACKET sockets isn't that
serious, it is still nice to react gracefully.
This patch ensures that the skb has enough data for an IP header and
that the header length field is valid.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Either we need a rcu_dereference(), either a comment should explain why we
dont need it. I vote for the former.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 9 Jan 2008 07:39:06 +0000 (23:39 -0800)]
[XFRM]: xfrm_algo_clone() allocates too much memory
alg_key_len is the length in bits of the key, not in bytes.
Best way to fix this is to move alg_len() function from net/xfrm/xfrm_user.c
to include/net/xfrm.h, and to use it in xfrm_algo_clone()
alg_len() is renamed to xfrm_alg_len() because of its global exposition.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
[FORCEDETH]: Fix reversing the MAC address on suspend.
For cards that initially have the MAC address stored in reverse order,
the forcedeth driver uses a flag to signal whether the address was
already corrected, so that it is not reversed again on a subsequent
probe.
Unfortunately this flag, which is stored in a register of the card,
seems to get lost during suspend, resulting in the MAC address being
reversed again. To fix that, the MAC address needs to be written back
in reversed order before we suspend and the flag needs to be reset.
The flag is still required because at least kexec will never write
back the reversed address and thus needs to know what state the card
is in.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Brice Goglin [Tue, 8 Jan 2008 06:09:08 +0000 (22:09 -0800)]
[LRO] Fix lro_mgr->features checks
lro_mgr->features contains a bitmask of LRO_F_* values which are
defined as power of two, not as bit indexes.
They must be checked with x&LRO_F_FOO, not with test_bit(LRO_F_FOO,&x).
Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr> Acked-by: Andrew Gallatin <gallatin@myri.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Tue, 8 Jan 2008 05:56:41 +0000 (21:56 -0800)]
[NET]: Clone the sk_buff 'iif' field in __skb_clone()
Both NetLabel and SELinux (other LSMs may grow to use it as well) rely
on the 'iif' field to determine the receiving network interface of
inbound packets. Unfortunately, at present this field is not
preserved across a skb clone operation which can lead to garbage
values if the cloned skb is sent back through the network stack. This
patch corrects this problem by properly copying the 'iif' field in
__skb_clone() and removing the 'iif' field assignment from
skb_act_clone() since it is no longer needed.
Also, while we are here, put the assignments in the same order as the
offsets to reduce cacheline bounces.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 8 Jan 2008 05:06:12 +0000 (21:06 -0800)]
[NET]: Make ->poll() breakout consistent in Intel ethernet drivers.
This makes the ->poll() routines of the E100, E1000, E1000E, IXGB, and
IXGBE drivers complete ->poll() consistently.
Now they will all break out when the amount of RX work done is less
than 'budget'.
At a later time, we may want put back code to include the TX work as
well (as at least one other NAPI driver does, but by in large NAPI
drivers do not do this). But if so, it should be done consistently
across the board to all of these drivers.
Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Auke Kok <auke-jan.h.kok@intel.com>
David S. Miller [Tue, 8 Jan 2008 04:53:33 +0000 (20:53 -0800)]
[NET]: Fix drivers to handle napi_disable() disabling interrupts.
When we add the generic napi_disable_pending() breakout
logic to net_rx_action() it means that napi_disable()
can cause NAPI poll interrupt events to be disabled.
And this is exactly what we want. If a napi_disable()
is pending, and we are looping in the ->poll(), we want
->poll() event interrupts to stay disabled and we want
to complete the NAPI poll ASAP.
When ->poll() break out during device down was being handled on a
per-driver basis, often these drivers would turn interrupts back on
when '!netif_running()' was detected.
And this would just cause a reschedule of the NAPI ->poll() in the
interrupt handler before the napi_disable() could get in there and
grab the NAPI_STATE_SCHED bit.
The vast majority of drivers don't care if napi_disable() might have
the side effect of disabling NAPI ->poll() event interrupts. In all
such cases, when a napi_disable() is performed, the driver just
disabled interrupts or is about to.
However there were three exceptions to this in PCNET32, R8169, and
SKY2. To fix those cases, at the subsequent napi_enable() points, I
added code to ensure that the ->poll() interrupt events are enabled in
the hardware.
Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Don Fry <pcnet32@verizon.net>
David S. Miller [Tue, 8 Jan 2008 04:35:07 +0000 (20:35 -0800)]
[NET]: Add NAPI_STATE_DISABLE.
Create a bit to signal that a napi_disable() is in progress.
This sets up infrastructure such that net_rx_action() can generically
break out of the ->poll() loop on a NAPI context that has a pending
napi_disable() yet is being bombed with packets (and thus would
otherwise poll endlessly and not allow the napi_disable() to finish).
Now, what napi_disable() does is first set the NAPI_STATE_DISABLE bit
(to indicate that a disable is pending), then it polls for the
NAPI_STATE_SCHED bit, and once the NAPI_STATE_SCHED bit is acquired
the NAPI_STATE_DISABLE bit is cleared. Here, the test_and_set_bit()
provides the necessary memory barrier between the various bitops.
napi_schedule_prep() now tests for a pending disable as it's first
action and won't try to obtain the NAPI_STATE_SCHED bit if a disable
is pending.
As a result, we can remove the netif_running() check in
netif_rx_schedule_prep() because the NAPI disable pending state serves
this purpose. And, it does so in a NAPI centric manner which is what
we really want.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 8 Jan 2008 04:26:59 +0000 (20:26 -0800)]
[NET]: Do not grab device reference when scheduling a NAPI poll.
It is pointless, because everything that can make a device go away
will do a napi_disable() first.
The main impetus behind this is that now we can legally do a NAPI
completion in generic code like net_rx_action() which a following
changeset needs to do. net_rx_action() can only perform actions
in NAPI centric ways, because there may be a one to many mapping
between NAPI contexts and network devices (SKY2 is one example).
We also want to get rid of this because it's an extra atomic in the
NAPI paths, and also because it is one of the last instances where the
NAPI interfaces care about net devices.
The one remaining netdev detail the NAPI stuff cares about is the
netif_running() check which will be killed off in a subsequent
changeset.
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Buesch [Wed, 2 Jan 2008 17:55:53 +0000 (18:55 +0100)]
b43: Fix rxheader channel parsing
This patch fixes the parsing of the RX data header channel field.
The current code parses the header incorrectly and passes a wrong
channel number and frequency for each frame to mac80211.
The FIXMEs added by this patch don't matter for now as the code
where they live won't get executed anyway. They will be fixed later.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Vlad Yasevich [Mon, 7 Jan 2008 08:28:16 +0000 (00:28 -0800)]
[SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT.
Some recent changes completely removed accounting for the FORWARD_TSN
parameter length in the INIT and INIT-ACK chunk. This is wrong and
should be restored.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Mon, 7 Jan 2008 08:27:45 +0000 (00:27 -0800)]
[SCTP]: Correctly handle AUTH parameters in unexpected INIT
When processing an unexpected INIT chunk, we do not need to
do any preservation of the old AUTH parameters. In fact,
doing such preservations will nullify AUTH and allow connection
stealing.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
meth didn't set a valid mac address during probing, but later during
open. Newer kernel refuse to open device with 00:00:00:00:00:00 as mac
address -> dead ethernet. This patch sets the mac address in the probe
function and uses only the mac address from the netdevice struct when
setting up the hardware.
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Amos Waterland [Sun, 6 Jan 2008 07:23:06 +0000 (23:23 -0800)]
[IPV4] ipconfig: Fix regression in ip command line processing
The recent changes for ip command line processing fixed some problems
but unfortunately broke some common usage scenarios. In current
2.6.24-rc6 the following command line results in no IP address
assignment, which is surely a regression:
ip=10.0.2.15::10.0.2.2:255.255.255.0::eth0:off
Please find below a patch that works for all cases I can find.
Signed-off-by: Amos Waterland <apw@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 6 Jan 2008 07:14:44 +0000 (23:14 -0800)]
[IPV4] raw: Strengthen check on validity of iph->ihl
We currently check that iph->ihl is bounded by the real length and that
the real length is greater than the minimum IP header length. However,
we did not check the caes where iph->ihl is less than the minimum IP
header length.
This breaks because some ip_fast_csum implementations assume that which
is quite reasonable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
It is possible for the TX ring to have packets sit in it for unbounded
amounts of time.
The only way to defer TX interrupts in the chip is to periodically set
"mark" bits, when processing of a TX descriptor with the mark bit set
is complete it triggers the interrupt for the TX queue's LDG.
A consequence of this kind of scheme is that if packet flow suddenly
stops, the remaining TX packets will just sit there.
If this happens, since those packets could be charged to TCP socket
send queues, such sockets could get stuck.
The simplest solution is to divorce the socket ownership of the packet
once the device takes the SKB, by using skb_orphan() in
niu_start_xmit().
In hindsight, it would have been much nicer if the chip provided two
interrupt sources for TX (like basically every other ethernet chip
does). Namely, keep the "mark" bit, but also signal the LDG when the
TX queue becomes completely empty. That way there is no need to have
a deadlock breaker like this.
Signed-off-by: David S. Miller <davem@davemloft.net>
Matheos Worku [Sat, 5 Jan 2008 07:48:26 +0000 (23:48 -0800)]
[NIU]: Fix slowpath interrupt handling.
niu_slowpath_interrupt() expects values to be setup in lp->{v0,v1,v2}
but they aren't. That's only done by niu_schedule_napi() which is
done later in the interrupt path.
If niu_rx_error() returns zero, and v0 is clear, hit the
RX_DMA_CTL_STATE register with a RX_DMA_CTL_STAT_MEX.
Only emit verbose RX error logs if a fatal channel or port error is
signalled. Other cases will be recorded into statistics by
niu_log_rxchan_errors().
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Gleixner [Tue, 8 Jan 2008 18:47:38 +0000 (19:47 +0100)]
futex: Prevent stale futex owner when interrupted/timeout
Roland Westrelin did a great analysis of a long standing thinko in the
return path of futex_lock_pi.
While we fixed the lock steal case long ago, which was easy to trigger,
we never had a test case which exposed this problem and stupidly never
thought about the reverse lock stealing scenario and the return to user
space with a stale state.
When a blocked tasks returns from rt_mutex_timed_locked without holding
the rt_mutex (due to a signal or timeout) and at the same time the task
holding the futex is releasing the futex and assigning the ownership of
the futex to the returning task, then it might happen that a third task
acquires the rt_mutex before the final rt_mutex_trylock() of the
returning task happens under the futex hash bucket lock. The returning
task returns to user space with ETIMEOUT or EINTR, but the user space
futex value is assigned to this task. The task which acquired the
rt_mutex fixes the user space futex value right after the hash bucket
lock has been released by the returning task, but for a short period of
time the user space value is wrong.
The fix for this is the same as we do when the rt_mutex was acquired by
a higher priority task via lock stealing from the designated new owner.
In that case we already fix the user space value and the internal
pi_state up before we return. This mechanism can be used to fixup the
above corner case as well. When the returning task, which failed to
acquire the rt_mutex, notices that it is the designated owner of the
futex, then it fixes up the stale user space value and the pi_state,
before returning to user space. This happens with the futex hash bucket
lock held, so the task which acquired the rt_mutex is guaranteed to be
blocked on the hash bucket lock. We can access the rt_mutex owner, which
gives us the pid of the new owner, safely here as the owner is not able
to modify (release) it while waiting on the hash bucket lock.
Rename the "curr" argument of fixup_pi_state_owner() to "newowner" to
avoid confusion with current and add the check for the stale state into
the failure path of rt_mutex_trylock() in the return path of
unlock_futex_pi(). If the situation is detected use
fixup_pi_state_owner() to assign everything to the owner of the
rt_mutex.
Pointed-out-and-tested-by: Roland Westrelin <roland.westrelin@sun.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alan Cox [Tue, 8 Jan 2008 14:55:51 +0000 (14:55 +0000)]
pl2303: Fix mode switching regression
Cleaning out all the incorrect 'no change made' checks for termios
settings showed up a problem with the PL2303. The hardware here seems to
lose sync and bits if you tell it to make no changes. This shows up with
a real world application.
To fix this the driver check for meaningful hardware changes is restored
but doing the tests correctly and as a tty layer function so it doesn't
get duplicated wrongly everywhere if other drivers turn out to need it.
Eric Sandeen [Tue, 8 Jan 2008 23:33:20 +0000 (15:33 -0800)]
hfs: handle more on-disk corruptions without oopsing
hfs seems prone to bad things when it encounters on disk corruption. Many
values are read from disk, and used as lengths to memcpy, as an example.
This patch fixes up several of these problematic cases.
o sanity check the on-disk maximum key lengths on mount
(these are set to a defined value at mkfs time and shouldn't differ)
o check on-disk node keylens against the maximum key length for each tree
o fix hfs_btree_open so that going out via free_tree: doesn't wind
up in hfs_releasepage, which wants to follow the very pointer
we were trying to set up:
HFS_SB(sb)->cat_tree = hfs_btree_open()
...
failure gets to hfs_releasepage and tries
to follow HFS_SB(sb)->cat_tree
Tested with the fsfuzzer; it survives more than it used to.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: Roman Zippel <zippel@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix crash with FLAT_MEMORY and ARCH_PFN_OFFSET != 0
When using FLAT_MEMORY and ARCH_PFN_OFFSET is not 0, the kernel crashes in
memmap_init_zone(). This bug got introduced by commit c713216deebd95d2b0ab38fef8bb2361c0180c2d
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Acked-by: Mel Gorman <mel@csn.ul.ie> Cc: Bob Picco <bob.picco@hp.com> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: Andy Whitcroft <apw@shadowen.org> Cc: Andi Kleen <ak@muc.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: "Keith Mannthey" <kmannth@gmail.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jean Delvare [Tue, 8 Jan 2008 23:33:08 +0000 (15:33 -0800)]
dmi-id: fix for __you_cannot_kmalloc_that_much failure
gcc 3.2 has a hard time coping with the code in dmi_id_init():
drivers/built-in.o(.init.text+0x789e): In function `dmi_id_init':
: undefined reference to `__you_cannot_kmalloc_that_much'
make: *** [.tmp_vmlinux1] Error 1
Moving half of the code to a separate function seems to help. This is a
no-op for gcc 4.1 which will successfully inline the code anyway.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Dave Airlie <airlied@linux.ie> Tested-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
vmcoreinfo: add the array length of "free_list" for filtering free pages
This patch adds the array length of "free_area.free_list" to the vmcoreinfo
data so that makedumpfile (dump filtering command) can exclude all free pages
in linux-2.6.24.
makedumpfile creates a small dumpfile by excluding unnecessary pages for the
analysis. To distinguish unnecessary pages, makedumpfile gets the vmcoreinfo
data which has the minimum debugging information only for dump filtering.
In 2.6.24-rc1 or later, the free_area.free_list is an array which has one list
for each migrate types instead of a single list. makedumpfile needs the array
length of "free_area.free_list" and the vmcoreinfo data should contain it.
Signed-off-by: Huang Ying <ying.huang@intel.com> Tested-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp> Acked-by: Simon Horman <horms@verge.net.au> Cc: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Halcrow [Tue, 8 Jan 2008 23:33:02 +0000 (15:33 -0800)]
eCryptfs: fix dentry handling on create error, unlink, and inode destroy
This patch corrects some erroneous dentry handling in eCryptfs.
If there is a problem creating the lower file, then there is nothing that
the persistent lower file can do to really help us. This patch makes a
vfs_create() failure in the lower filesystem always lead to an
unconditional do_create failure in eCryptfs.
Under certain sequences of operations, the eCryptfs dentry can remain in
the dcache after an unlink. This patch calls d_drop() on the eCryptfs
dentry to correct this.
eCryptfs has no business calling d_delete() directly on a lower
filesystem's dentry. This patch removes the call to d_delete() on the
lower persistent file's dentry in ecryptfs_destroy_inode().
(Thanks to David Kleikamp, Eric Sandeen, and Jeff Moyer for helping
identify and resolve this issue)
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Cc: Eric Sandeen <sandeen@redhat.com> Cc: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Williams [Tue, 8 Jan 2008 23:32:53 +0000 (15:32 -0800)]
md: fix data corruption when a degraded raid5 array is reshaped
We currently do not wait for the block from the missing device to be
computed from parity before copying data to the new stripe layout.
The change in the raid6 code is not techincally needed as we don't delay
data block recovery in the same way for raid6 yet. But making the change
now is safer long-term.
This bug exists in 2.6.23 and 2.6.24-rc
Cc: <stable@kernel.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 664cceb0093b755739e56572b836a99104ee8a75 changed the parameters of
the function make_key_ref(). The macros that are used in case CONFIG_KEY
is not defined did not change.
Cc: David Howells <dhowells@redhat.com> Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
OGAWA Hirofumi [Tue, 8 Jan 2008 23:32:41 +0000 (15:32 -0800)]
fat: optimize fat_count_free_clusters()
On large partition, scanning the free clusters is very slow if users
doesn't use "usefree" option.
For optimizing it, this patch uses sb_breadahead() to read of FAT
sectors. On some user's 15GB partition, this patch improved it very
much (1min => 600ms).
The following is the result of 2GB partition on my machine.
without patch:
root@devron (/)# time df -h > /dev/null
real 0m1.202s
user 0m0.000s
sys 0m0.440s
with patch:
root@devron (/)# time df -h > /dev/null
Linus Torvalds [Tue, 8 Jan 2008 20:29:52 +0000 (12:29 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/srp: Release transport before removing host
IB/mlx4: Fix value of pkey_index in QP1 completions
MAINTAINERS: Update Sean Hefty's email address
Dave Dillow [Fri, 4 Jan 2008 03:35:41 +0000 (22:35 -0500)]
IB/srp: Release transport before removing host
The documented call sequence for removing a host is to call the
transport xxx_remove_host() prior to scsi_remove_host(). The SRP
transport used to crash when that order was followed, but as it is now
fixed, use the documented order.
Signed-off-by: David Dillow <dillowda@ornl.gov> Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Dotan Barak [Mon, 7 Jan 2008 07:01:25 +0000 (09:01 +0200)]
IB/mlx4: Fix value of pkey_index in QP1 completions
Fix the value of pkey_index in completions to get a valid value for
GSI QPs. Without this fix, incoming GSI packets on port 2 get an
invalid P_Key index in the completion, which prevents the MAD layer
from sending back a response, which can make the second port of
ConnectX HCAs completely useless.
Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Harald Dunkel reports that it broke sound for him:
"Alsa stopped working for me. I still can access /dev/dsp, change the
volume and so on, but the speakers are quiet."