Gerald Schaefer [Mon, 5 Feb 2007 20:18:17 +0000 (21:18 +0100)]
[S390] noexec protection
This provides a noexec protection on s390 hardware. Our hardware does
not have any bits left in the pte for a hw noexec bit, so this is a
different approach using shadow page tables and a special addressing
mode that allows separate address spaces for code and data.
As a special feature of our "secondary-space" addressing mode, separate
page tables can be specified for the translation of data addresses
(storage operands) and instruction addresses. The shadow page table is
used for the instruction addresses and the standard page table for the
data addresses.
The shadow page table is linked to the standard page table by a pointer
in page->lru.next of the struct page corresponding to the page that
contains the standard page table (since page->private is not really
private with the pte_lock and the page table pages are not in the LRU
list).
Depending on the software bits of a pte, it is either inserted into
both page tables or just into the standard (data) page table. Pages of
a vma that does not have the VM_EXEC bit set get mapped only in the
data address space. Any try to execute code on such a page will cause a
page translation exception. The standard reaction to this is a SIGSEGV
with two exceptions: the two system call opcodes 0x0a77 (sys_sigreturn)
and 0x0aad (sys_rt_sigreturn) are allowed. They are stored by the
kernel to the signal stack frame. Unfortunately, the signal return
mechanism cannot be modified to use an SA_RESTORER because the
exception unwinding code depends on the system call opcode stored
behind the signal stack frame.
This feature requires that user space is executed in secondary-space
mode and the kernel in home-space mode, which means that the addressing
modes need to be switched and that the noexec protection only works
for user space.
After switching the addressing modes, we cannot use the mvcp/mvcs
instructions anymore to copy between kernel and user space. A new
mvcos instruction has been added to the z9 EC/BC hardware which allows
to copy between arbitrary address spaces, but on older hardware the
page tables need to be walked manually.
Signed-off-by: Gerald Schaefer <geraldsc@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Jan Glauber [Mon, 5 Feb 2007 20:18:14 +0000 (21:18 +0100)]
[S390] move crypto options and some cleanup.
This patch moves the config options for the s390 crypto instructions
to the standard "Hardware crypto devices" menu. In addition some
cleanup has been done: use a flag for supported keylengths, add a
warning about machien limitation, return ENOTSUPP in case the
hardware has no support, remove superfluous printks and update
email addresses.
Signed-off-by: Jan Glauber <jan.glauber@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 5 Feb 2007 20:17:38 +0000 (21:17 +0100)]
[S390] Add set_fs(USER_DS) to start_thread().
Currently works anyway since search_binary_handler has a
set_fs(USER_DS). But start_thread() is the place where this should be
done. Following all other architectures...
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cornelia Huck [Mon, 5 Feb 2007 20:17:36 +0000 (21:17 +0100)]
[S390] cio: Catch operand exceptions on stsch.
If we have a subchannel id which has been generated via
for_each_subchannel(), it might contain an invalid subchannel set id.
We need to catch the ensuing operand exception by using stsch_err()
instead of stsch() in all possible cases.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 5 Feb 2007 20:17:34 +0000 (21:17 +0100)]
[S390] Fix register usage description.
Fix description of register usage as pointed out by Andreas Krebbel.
Since this document is completely outdated and would need a lot of
fixing, it might be worth considering to get rid of it...
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 5 Feb 2007 20:17:32 +0000 (21:17 +0100)]
[S390] kretprobe_trampoline_holder() in wrong section.
kretprobe_trampoline_holder() is in kprobes section but used to
register a kprobe in arch_init_kprobes(). Hence register_kprobe()
and therefore arch_init_kprobes() will fail.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Horst Hummel [Mon, 5 Feb 2007 20:17:24 +0000 (21:17 +0100)]
[S390] dasd: fix unconditional reserve handling.
The reserve/release IOCTLs sometimes do not work. If second system
does a 'steal lock' the pending unit check (Format 3 Msg F) is
delivered. Since ERP is disabled for reserve/release, the IOCTL call
fails. We have to allow basic ERP (retries) for reserve/release IOCTLs.
Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 5 Feb 2007 20:17:20 +0000 (21:17 +0100)]
[S390] Small barrier() and cpu_relax() cleanup.
cpu_relax() has barrier() semantics hence there is no need to use both
of them in conjunction in sclp_sync_wait(). Also change cpu_relax()
so it's more obvious that it has barrier semantics.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cornelia Huck [Mon, 5 Feb 2007 20:17:09 +0000 (21:17 +0100)]
[S390] cio: Restart path verification after unsolicited interrupt.
If we try to start path verification when an unsolicited interrupt
is already pending, stctl shows status pending and we delay path
verification again. We need to check for the doverify bit when the
unsolicited interrupt comes in and then do path verification.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 5 Feb 2007 20:17:07 +0000 (21:17 +0100)]
[S390] Fix FCP dump feature detection.
FCP dump feature detection works only if the sclp command in head.S
was succesful. Since the sclp command is skipped if diag260 works,
we don't have any dump feature detection anymore.
Bug was introduced with d57de5a36791cb1b7285649c62f183b0d3505f7d.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
[S390] dasd: fix bug in dasd initialization cleanup
The initialization of the dasd_eer code is one of the last steps of the
dasd driver initialization. When initialization fails in one of the
earlier steps, the dasd_exit function is called to clean up what has been
done so far. So the dasd_eer_exit function may be called, although the
dasd_eer_init function wasn't called before and dasd_eer_exit tries to
unregister a misc device that wasn't registered, which results in a BUG.
Make sure that dasd_eer_exit can be called without initialization. Use a
dynamically allocated struct miscdevice instead of a static one, so we
only try to unregister the device if it exists and was actually registered.
Signed-off-by: Stefan Weinhuber <wein@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
[S390] sclp: invalid handling of temporary 'not operational' status
Requests are aborted when the sclp interface reports 'not operational'
even though they may still be active at the sclp, leading to concurrent
writes to request memory by both the kernel and the sclp interface.
Do not abort requests for which the sclp interface reports not
operational status during request retry.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>5A Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Change the bounce buffer logic of cpcmd. diag8 needs _real_ memory below
2GB. Therefore vmalloced data does not work. As the data might cross a
page boundary, we cannot use virt_to_page either. The solution is to use
virt_to_page only in the check for a bounce buffer.
There was a redundant check for response==NULL. response < 2GB contains
this check as well.
I also removed the rlen==0 check, since rlen=0 and response!=NULL would
be a caller bug and response==NULL is already checked.
Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Frédéric Riss [Tue, 30 Jan 2007 20:41:17 +0000 (21:41 +0100)]
[PATCH] EFI x86: pass firmware call parameters on the stack
When calling into the EFI firmware, the parameters need to be passed on
the stack. The recent change to use -mregparm=3 breaks x86 EFI support.
This patch is needed to allow the new Intel-based Macs to suspend to ram
(efi.get_time is called during the suspend phase).
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] sd: udev accessing an uninitialized scsi_disk field results in a crash
[SCSI] st: A MTIOCTOP/MTWEOF within the early warning will cause the file number to be incorrect
[SCSI] qla4xxx: bug fixes
[SCSI] Fix scsi_add_device() for async scanning
John Keller [Sat, 3 Feb 2007 09:14:02 +0000 (01:14 -0800)]
[PATCH] Altix: more ACPI PRT support
The SN Altix platform does not conform to the IOSAPIC IRQ routing model.
Add code in acpi_unregister_gsi() to check if (acpi_irq_model ==
ACPI_IRQ_MODEL_PLATFORM) and return.
Due to an oversight, this code was not added previously when
similar code was added to acpi_register_gsi().
Signed-off-by: John Keller <jpk@sgi.com> Acked-by: Len Brown <lenb@kernel.org> Cc: "Luck, Tony" <tony.luck@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Sat, 3 Feb 2007 09:14:01 +0000 (01:14 -0800)]
[PATCH] revert blockdev direct io back to 2.6.19 version
Andrew Vasquez is reporting as-iosched oopses and a 65% throughput
slowdown due to the recent special-casing of direct-io against
blockdevs. We don't know why either of these things are occurring.
The patch minimally reverts us back to the 2.6.19 code for a 2.6.20
release.
Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Cc: Ken Chen <kenchen@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mike Frysinger [Sat, 3 Feb 2007 09:13:55 +0000 (01:13 -0800)]
[PATCH] alpha: fix epoll syscall enumerations
We went and named them __NR_sys_foo instead of __NR_foo.
It may be too late to change this, but we can at least add the proper names
now.
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Magnus Damm [Sat, 3 Feb 2007 09:13:48 +0000 (01:13 -0800)]
[PATCH] kexec: Avoid migration of already disabled irqs (ia64)
This patch fixes up ia64 kexec support for HP rx2620 hardware. It does
this by skipping migration of already disabled irqs. This is most likely a
problem on other ia64 platforms as well, but I've only been able to
reproduce it on one machine so far.
The full story is that handle_bad_irq() gets invoked before starting the
new kernel without this patch. This seems to happen when fixup_irqs()
calls generic_handle_irq() on already migrated (and disabled) irqs. So by
avoiding migration of disabled irqs we stay away of handle_bad_irq().
The code has been tested on three different ia64 machines, all with good
results. It is possible to trigger the same bug by offlining a processor
using echo 0 > /sys/devices/system/cpu/cpuX/online.
More detailed information is available in the following mail thread:
http://lists.osdl.org/pipermail/fastboot/2007-January/thread.html#5774
Signed-off-by: Magnus Damm <magnus@valinux.co.jp> Acked-by: Simon Horman <horms@verge.net.au> Acked-by: Zou, Nanhai <nanhai.zou@intel.com> Acked-by: Jay Lan <jlan@sgi.com> Acked-by: "Luck, Tony" <tony.luck@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
See report: http://marc.theaimsgroup.com/?l=linux-kernel&m=116599593200888&w=2
flush_workqueue() is not allowed to be called in the softirq context.
However, aio_complete() called from I/O interrupt can potentially call
put_ioctx with last ref count on ioctx and triggers bug. It is simply
incorrect to perform ioctx freeing from aio_complete.
The bug is trigger-able from a race between io_destroy() and aio_complete().
A possible scenario:
The real problem is that the condition check of ctx->reqs_active in
wait_for_all_aios() is incorrect that access to reqs_active is not
being properly protected by spin lock.
This patch adds that protective spin lock, and at the same time removes
all duplicate ref counting for each kiocb as reqs_active is already used
as a ref count for each active ioctx. This also ensures that buggy call
to flush_workqueue() in softirq context is eliminated.
Signed-off-by: "Ken Chen" <kenchen@google.com> Cc: Zach Brown <zach.brown@oracle.com> Cc: Suparna Bhattacharya <suparna@in.ibm.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Badari Pulavarty <pbadari@us.ibm.com> Cc: <stable@kernel.org> Acked-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Patrick McHardy [Sat, 3 Feb 2007 03:33:11 +0000 (19:33 -0800)]
[NETFILTER]: ctnetlink: fix compile failure with NF_CONNTRACK_MARK=n
CC net/netfilter/nf_conntrack_netlink.o
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_conntrack_event':
net/netfilter/nf_conntrack_netlink.c:392: error: 'struct nf_conn' has no member named 'mark'
make[3]: *** [net/netfilter/nf_conntrack_netlink.o] Error 1
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
[SCSI] sd: udev accessing an uninitialized scsi_disk field results in a crash
sd_probe() calls class_device_add() even before initializing the
sdkp->device variable. class_device_add() eventually results in the user mode
udev program to be called. udev program can read the the allow_restart
attribute of the newly created scsi device. This is resulting in a crash as
the show function for allow_restart (i.e sd_show_allow_restart) returns the
attribute value by reading the sdkp->device->allow_restart variable. As the
sdkp->device is not initialized before calling the user mode hotplug helper,
this results in a crash.
The patch below solves it by calling class_device_add() only after the
necessary fields in the scsi_disk structure are initialized properly.
Signed-off-by: Nagendra Singh Tomar <nagendra_tomar@adaptec.com> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Brian King [Tue, 30 Jan 2007 17:32:26 +0000 (11:32 -0600)]
libata: Initialize nbytes for internal sg commands
Some LLDDs, like ipr, use nbytes and pad_len to determine
the total data transfer length of a command. Make sure
nbytes gets initialized for internally generated commands.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Alan [Wed, 31 Jan 2007 17:47:24 +0000 (17:47 +0000)]
libata: Fix ata_busy_wait() kernel docs
> Looks like you should use ata_busy_wait() here, rather than reproducing
> the same code again.
It waits in 10uS chunks while 1uS chunks were used in the workaround.
Could indeed do that once I know the fix is right. While I'm at it the
ata_busy_wait kerneldoc is borked so here's a fix
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Tejun Heo [Fri, 2 Feb 2007 05:51:09 +0000 (14:51 +0900)]
ahci/pata_jmicron: fix JMicron quirk
For all JMicrons except for 361 and 368, AHCI mode enable bits in the
Control(1) should be set. This used to be done in both ahci and
pata_jmicron but while moving programming to PCI quirk, it was removed
from ahci part while still left in pata_jmicron.
The implemented JMicron PCI quirk was incorrect in that it didn't
program AHCI mode enable bits. If pata_jmicron is loaded first and
programs those bits, the ahci ports work; otherwise, ahci device
detection fails miserably.
This patch makes JMicron PCI quirk clear SATA IDE mode bits and set
AHCI mode bits and remove the respective part from pata_jmicron.
Tested on JMB361, 363 and 368.
Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
It's not wrong, but it's not right either, and everybody seems to agree
that the right fix is probably to do the ccr3 write after the ccr4 one
(and that we also should clean it up a bit). And after that we need to
really validate that all the bits that we write to ccr4 actually do
work.
The old 2.6.19 code was insane, and basically didn't change ccr4 at all
(even though it certainly looks like it was the *intent* to do so). So
let's revert the change that may fix things, just because it's not what
was actually ever tested when the code was written, even if it _was_ the
intent.
There's a discussion on http://lkml.org/lkml/2007/1/9/63 that was
started by the patch that now gets reverted, and that discussion may
well contain the proper long-term fix.
Suggested-by: Adrian Bunk <bunk@stusta.de> Acked-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jens Osterkamp [Thu, 1 Feb 2007 11:07:47 +0000 (12:07 +0100)]
spidernet : fix memory leak in spider_net_stop
We forget to call spider_net_free_rx_chain_contents which does the
actual dev_kfree_skb. New skbs are allocated from skbuff_head_cache
on each "ifconfig up" letting the cache grow infinitely.
This patch fixes it.
Signed-off-by: Jens Osterkamp <jens@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Wed, 31 Jan 2007 19:02:46 +0000 (11:02 -0800)]
e100: fix napi ifdefs removing needed code
e100: fix napi ifdefs removing needed code
From: Auke Kok <auke-jan.h.kok@intel.com>
The e100 driver is NAPI mode only. We need to netif_poll_disable
during suspend and shutdown. The non-NAPI driver code was removed
and is only avaiable in the out-of-tree e100 kernel driver.
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Patrick McHardy [Fri, 2 Feb 2007 08:40:36 +0000 (00:40 -0800)]
[NET_SCHED]: act_ipt: fix regression in ipt action
The x_tables patch broke target module autoloading in the ipt action
by replacing the ipt_find_target call (which does autoloading) by
xt_find_target (which doesn't do autoloading). Additionally xt_find_target
may return ERR_PTR values in case of an error, which are not handled.
Use xt_request_find_target, which does both autoloading and ERR_PTR
handling properly. Also don't forget to drop the target module reference
again when xt_check_target fails.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
avr32@atmel.com is a technical support address and is not really
appropriate for sending patches. Lots of annoying automatics getting
in the way.
I'm still the maintainer of all the entries touched by this patch, so
nothing changes with regard to the "Supported" status of the AVR32
architecture or the macb driver.
Randy Dunlap [Thu, 1 Feb 2007 07:48:17 +0000 (23:48 -0800)]
[PATCH] sysrq: showBlockedTasks is sysrq-W
Change SysRq showBlockedTasks from sysrq-X to sysrq-W and show that in the
Help message.
It was previously done via X, but X is already used for Xmon on ppc & powerpc
platforms and this collision needs to be avoided.
All callers of register_sysrq_key() are now marked in the sysrq op/key table.
I didn't mark 'h' as Help because Help is just printed for any unknown key,
such as '?'.
Added some omitted sysrq key entries in the sysrq.txt file.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Avi Kivity [Thu, 1 Feb 2007 07:48:13 +0000 (23:48 -0800)]
[PATCH] KVM: fix lockup on 32-bit intel hosts with nx disabled in the bios
Intel hosts, without long mode, and with nx support disabled in the bios
have an efer that is readable but not writable. This causes a lockup on
switch to guest mode (even though it should exit with reason 34 according
to the documentation).
Signed-off-by: Avi Kivity <avi@qumranet.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Thu, 1 Feb 2007 07:48:13 +0000 (23:48 -0800)]
[PATCH] pci: remove warning messages
Remove these recently-added warnings. They don't tell us anythng very
interesting and Kumar says "On an embedded PPC reference system I see this
message 6 times when I've got no cards in the PCI slots."
Acked-by: Kumar Gala <galak@kernel.crashing.org> Acked-by: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jean Delvare [Thu, 1 Feb 2007 07:48:12 +0000 (23:48 -0800)]
[PATCH] via quirk update
Add special handling for the VT82C686.
Signed-off-by: Jean Delvare <jdelvare@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Thu, 1 Feb 2007 13:52:33 +0000 (13:52 +0000)]
[PATCH] sanitize sections for sparc32 smp
a) sun4d_boot_one_cpu() should be __cpuinit (called only from
__cpuinit __cpu_up(), for one thing, leads to calls of __cpuinit
functions for another).
b) got externs in arch/sparc/kernel/smp.c to match reality.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Thu, 1 Feb 2007 13:52:23 +0000 (13:52 +0000)]
[PATCH] __crc_... is intended to be absolute
i386 boot/compressed/relocs checks for absolute symbols and warns about
unexpected ones. If you build with modversions, you get ~2500 warnings
about __crc_<symbol>. These suckers are really absolute symbols - we
do _not_ want to modify them on relocation.
They are generated by genksyms - EXPORT_... generates a weak alias, then
genksyms produces an ld script with __crc_<symbol> = <checksum> and it's
fed to ld to produce the final object file. Their only use is to match
kernel and module at modprobe time; they _must_ be absolute.
boot/compressed/relocs has a whitelist of known absolute symbols, but
it doesn't know about __crc_... stuff. As the result, we get shitloads
of false positives on any ld(1) version.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Thu, 1 Feb 2007 13:08:45 +0000 (13:08 +0000)]
[PATCH] fix frv headers_check
a) registers.h is really needed there
b) include of asm-generic/termios should be under __KERNEL__
c) includes of asm-generic/{memory_model,page} should be under
__KERNEL (nothing in there that would work in userland)
d) a lot of stuff in ptrace.h should be under __KERNEL__.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NETFILTER]: xt_hashlimit: fix ip6tables dependency
[SCTP]: Force update of the rto when processing HB-ACK
[IPV6]: fix BUG of ndisc_send_redirect()
[IPV6]: Fix up some CONFIG typos
[NETFILTER]: SIP conntrack: fix out of bounds memory access
[NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers
[NETFILTER]: xt_connbytes: fix division by zero
[MAINTAINERS]: netfilter@ is subscribers-only
IP6_NF_IPTABLES=m, CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y results in a
linker error since ipv6_find_hdr is defined in ip6_tables.c. Fix similar
to Adrian Bunk's H.323 conntrack patch: selecting ip6_tables to be build
as module requires hashlimit to be built as module as well.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 31 Jan 2007 01:02:08 +0000 (17:02 -0800)]
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid:
HID: fix pb_fnmode and move it to generic HID
HID: fix hid-input mapping for Firefly Mini Remote Control
USB HID: fix hid_blacklist clash for 0x08ca/0x0010
HID: fix memleaking of collection
David Barksdale [Tue, 30 Jan 2007 22:36:25 +0000 (14:36 -0800)]
[PATCH] IPMI: fix timeout list handling
Fix a dangling pointer bug in ipmi_timeout_handler. A list of timedout
messages is not re-initialized before reuse, causing the head of the list
to point to freed memory.
Signed-off-by: David Barksdale <amatus@ocgnet.org> Signed-off-by: Corey Minyard <minyard@acm.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 30 Jan 2007 22:36:17 +0000 (14:36 -0800)]
[PATCH] uml: fix signal frame alignment
Use the same signal frame alignment calculations as the underlying
architecture. x86_64 appeared to do this, but the "- 8" was really
subtracting 8 * sizeof(struct rt_sigframe) rather than 8 bytes.
UML/i386 might have been OK, but I changed the calculation to match
i386 just to be sure.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: <stable@kernel.org> Cc: Adrian Bunk <bunk@stusta.de> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Antoine Martin <antoine@nagafix.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
My understanding is that pci_find_present() doesn't work yet at the time
the quirks are run. So I used a two-step quirk as is done for some other
quirks already. First we detect the VIA south bridges and set the right
low and high device limits, then we are ready to actually run the quirks on
the affected devices.
Signed-off-by: Jean Delvare <jdelvare@suse.de> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Masami Hiramatsu [Tue, 30 Jan 2007 22:36:06 +0000 (14:36 -0800)]
[PATCH] kprobes: replace magic numbers with enum
Replace the magic numbers with an enum, and gets rid of a warning on the
specific architectures (ex. powerpc) on which the compiler considers
'char' as 'unsigned char'.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Prasanna S Panchamukhi <prasanna@in.ibm.com> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Neil Brown [Tue, 30 Jan 2007 22:36:01 +0000 (14:36 -0800)]
[PATCH] Remove warning: VFS is out of sync with lock manager
But keep it as a dprintk
The message can be generated in a quite normal situation:
If a 'lock' request is interrupted, then the lock client needs to
record that the server has the lock, incase it does.
When we come the unlock, the server might say it doesn't, even
though we think it does (or might) and this generates the message.
Signed-off-by: Neil Brown <neilb@suse.de> Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mike Frysinger [Tue, 30 Jan 2007 22:35:55 +0000 (14:35 -0800)]
[PATCH] translate dashes in filenames for headers install
The current filename->define translation does not scrub dashes so when
creating stub defines for like asm-x86_64/ptrace-abi.h, we get: #define
__ASM_STUB_PTRACE-ABI_H
gcc just hates that sort of thing :)
trivial attached patch adds - to the tr list to scrub it to _
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adam Litke [Tue, 30 Jan 2007 22:35:39 +0000 (14:35 -0800)]
[PATCH] Don't allow the stack to grow into hugetlb reserved regions
When expanding the stack, we don't currently check if the VMA will cross
into an area of the address space that is reserved for hugetlb pages.
Subsequent faults on the expanded portion of such a VMA will confuse the
low-level MMU code, resulting in an OOPS. Check for this.
Signed-off-by: Adam Litke <agl@us.ibm.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: William Lee Irwin III <wli@holomorphy.com> Cc: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vlad Yasevich [Tue, 30 Jan 2007 22:36:14 +0000 (14:36 -0800)]
[SCTP]: Force update of the rto when processing HB-ACK
When processing a HEARTBEAT-ACK it's possible that the transport rto
timers will not be updated because a prior T3-RTX processing would
have cleared the rto_pending flag on the transport. However, if
we received a valid HEARTBEAT-ACK, we want to force update the
rto variables, so re-set the rto_pending flag before calling
sctp_transport_update_rto().
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Li Yewang [Tue, 30 Jan 2007 22:33:20 +0000 (14:33 -0800)]
[IPV6]: fix BUG of ndisc_send_redirect()
When I tested IPv6 redirect function about kernel 2.6.19.1, and found
that the kernel can send redirect packets whose target address is global
address, and the target is not the actual endpoint of communication.
But the criteria conform to RFC2461, the target address defines as
following:
Target Address An IP address that is a better first hop to use for
he ICMP Destination Address. When the target is
the actual endpoint of communication, i.e., the
destination is a neighbor, the Target Address field
MUST contain the same value as the ICMP Destination
Address field. Otherwise the target is a better
first-hop router and the Target Address MUST be the
router's link-local address so that hosts can
uniquely identify routers.
According to this definition, when a router redirect to a host, the
target address either the better first-hop router's link-local address
or the same as the ICMP destination address field. But the function of
ndisc_send_redirect() in net/ipv6/ndisc.c, does not check the target
address correctly.
There is another definition about receive Redirect message in RFC2461:
8.1. Validation of Redirect Messages
A host MUST silently discard any received Redirect message that does
not satisfy all of the following validity checks:
......
- The ICMP Target Address is either a link-local address (when
redirected to a router) or the same as the ICMP Destination
Address (when redirected to the on-link destination).
......
And the receive redirect function of ndisc_redirect_rcv() implemented
this definition, checks the target address correctly.
if (ipv6_addr_equal(dest, target)) {
on_link = 1;
} else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
ND_PRINTK2(KERN_WARNING
"ICMPv6 Redirect: target address is not link-local.\n");
return;
}
So, I think the send redirect function must check the target address
also.
Signed-off-by: Li Yewang <lyw@nanjing-fnst.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Lars Immisch [Tue, 30 Jan 2007 22:24:57 +0000 (14:24 -0800)]
[NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers
When trying to skip over the username in the Contact header, stop at the
end of the line if no @ is found to avoid mangling following headers.
We don't need to worry about continuation lines because we search inside
a SIP URI.
Fixes Netfilter Bugzilla #532.
Signed-off-by: Lars Immisch <lars@ibp.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 30 Jan 2007 22:24:29 +0000 (14:24 -0800)]
[NETFILTER]: xt_connbytes: fix division by zero
When the packet counter of a connection is zero a division by zero
occurs in div64_64(). Fix that by using zero as average value, which
is correct as long as the packet counter didn't overflow, at which
point we have lost anyway.
Additionally we're probably going to go back to 64 bit counters
in 2.6.21.
Based on patch from Jonas Berlin <xkr47@outerspace.dyndns.org>,
with suggestions from KOVACS Krisztian <hidden@balabit.hu>.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
It's wrong. We had a lengthy analysis of this piece of code
several months ago, and it is correct.
Consider, if we run the loop and we get an error
the following happens:
1) attempt of ifb_init_one(i) fails, therefore we should
not try to "ifb_free_one()" on "i" since it failed
2) the loop iteration first increments "i", then it
check for error
Therefore we must decrement "i" twice before the first
free during the cleanup. One to "undo" the for() loop
increment, and one to "skip" the ifb_init_one() case which
failed."
Reported-by: David Miller <davem@davemloft.net> Acked-by: Jeff Garzik <jgarzik@pobox.com> Cc: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>