There is a race condition that showed up in a threaded JIT environment.
The situation is that a process with a JIT code page forks, so the page is
marked read-only, then some threads are created in the child. One of the
threads attempts to add a new code block to the JIT page, so a
copy-on-write fault is taken, and the kernel allocates a new page, copies
the data, installs the new pte, and then calls lazy_mmu_prot_update() to
flush caches to make sure that the icache and dcache are in sync.
Unfortunately, the other thread runs right after the new pte is installed,
but before the caches have been flushed. It tries to execute some old JIT
code that was already in this page, but it sees some garbage in the i-cache
from the previous users of the new physical page.
Fix: we must make the caches consistent before installing the pte. This is
an ia64 only fix because lazy_mmu_prot_update() is a no-op on all other
architectures.
Signed-off-by: Anil Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Tony Luck <tony.luck@intel.com> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jan Kiszka [Fri, 14 Jul 2006 07:23:56 +0000 (00:23 -0700)]
[PATCH] mm: fix oom roll-back of __vmalloc_area_node
__vunmap must not rely on area->nr_pages when picking the release methode
for area->pages. It may be too small when __vmalloc_area_node failed early
due to lacking memory. Instead, use a flag in vmstruct to differentiate.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ib_fmr_pool_map_phys gets the virtual address by pointer but never writes
there, and users (e.g. srp) seem to assume this and ignore the value
returned. This patch cleans up the API to get the VA by value, and updates
all users.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Acked-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ira Weiny [Fri, 14 Jul 2006 07:23:54 +0000 (00:23 -0700)]
[PATCH] IB/cm: set private data length for reject messages
Set private data length for reject messages to the correct size. Fix from
openib svn r8483.
Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Vu Pham [Fri, 14 Jul 2006 07:23:53 +0000 (00:23 -0700)]
[PATCH] srp: fix fmr error handling
srp_unmap_data assumes req->fmr is NULL if the request is not mapped, so we
must clean it out in case of an error.
Signed-off-by: Vu Pham <vu@mellanox.com> Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Acked-by: Roland Dreier <rolandd@cisco.com> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The device address contains unsigned character arrays, which contain raw GID
addresses. The GIDs may not be naturally aligned, so do not cast them to
structures or unions.
Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
If a user of the IB CM returns -ENOMEM from their connection callback, simply
drop the incoming REQ - do not attempt to send a reject. This should allow
the sender to retry the request.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Signed-off-by: Sean Hefty <sean.hefty@intel.com> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
After recent changes, mthca_wq_init does not actually initialize the WQ as it
used to - it simply resets all index fields to their initial values. So,
let's rename it to mthca_wq_reset.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Cc: Roland Dreier <rolandd@cisco.com> Acked-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jack Morgenstein [Fri, 14 Jul 2006 07:23:50 +0000 (00:23 -0700)]
[PATCH] IB/mthca: fix static rate returned by mthca_ah_query
mthca_ah_query returs the static rate of the address handle in internal mthc
format. fix it to use rate encoding from enum ib_rate, which is what users
expect.
Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il> Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status. This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (53 commits)
[MIPS] sparsemem: fix crash in show_mem
[MIPS] vr41xx: Update workpad setup function
[MIPS] vr41xx: Update e55 setup function
[MIPS] vr41xx: Removed old v2.4 VRC4173 driver
[MIPS] vr41xx: Move IRQ numbers to asm-mips/vr41xx/irq.h
[MIPS] MIPSsim: Build fix, rename sim_timer_setup -> plat_timer_setup.
[MIPS] Remove unused code.
[MIPS] IP22 Fix brown paper bag in RTC code.
[MIPS] Atlas, Malta, SEAD: Don't disable interrupts in mips_time_init().
[MIPS] Replace board_timer_setup function pointer by plat_timer_setup.
[MIPS] Nuke redeclarations of board_time_init.
[MIPS] Remove redeclarations of setup_irq().
[MIPS] Nuke redeclarations of board_timer_setup.
[MIPS] Print out TLB handler assembly for debugging.
[MIPS] SMTC: Reformat to Linux style.
[MIPS] MIPSsim: Delete redeclaration of ll_local_timer_interrupt.
[MIPS] IP27: Reformatting.
[MIPS] IP27: Invoke setup_irq for timer interrupt so proc stats will be shown.
[MIPS] IP27: irq_chip startup method returns unsigned int.
[MIPS] IP27: struct irq_desc member handler was renamed to chip.
...
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] arch/arm/kernel/bios32.c: no need to set isa_bridge
[ARM] 3729/3: EABI padding rules necessitate the packed attribute of floatx80
[ARM] 3725/1: sharpsl_pm: warn about wrong temperature
[ARM] 3723/1: collie charging
[ARM] 3728/1: Restore missing CPU Hotplug irq helper
[ARM] 3727/1: fix ucb initialization on collie
[ARM] Allow Versatile to be built for AB and PB
[ARM] 3726/1: update {ep93xx,ixp2000,ixp23xx,lpd270,onearm} defconfigs to 2.6.18-rc1
[ARM] 3721/1: Small cleanup for locomo.c
Chandra Seetharaman reported SLAB crashes caused by the slab.c lock
annotation patch. There is only one chunk of that patch that has a
material effect on the slab logic - this patch undoes that chunk.
This was confirmed to fix the slab problem by Chandra.
With some memory model other than FLATMEM, the single node can
contains some holes so there might be many invalid pages. For
example, with two 256M memory and one 256M hole, some variables
(num_physpage, totalpages, nr_kernel_pages, nr_all_pages, etc.) will
indicate that there are 768MB on this system. This is not desired
because, for example, alloc_large_system_hash() allocates too many
entries.
Use free_area_init_node() with counted zholes_size[] instead of
free_area_init().
For num_physpages, use number of ram pages instead of max_low_pfn.
1. MIPS should select SPARSEMEM_STATIC since allocating bootmem in
memory_present() will corrupt bootmap area.
2. pfn_valid() for SPARSEMEM is defined in linux/mmzone.h
Ralf Baechle [Thu, 22 Jun 2006 21:42:32 +0000 (22:42 +0100)]
[MIPS] Avoid interprocessor function calls.
On the 34K where multiple virtual processors are implemented in a single
core and share a single TLB, interprocessor function calls are not needed
to flush a cache, so avoid them.
Russell King [Thu, 13 Jul 2006 19:48:35 +0000 (20:48 +0100)]
[PATCH] Fix broken kernel headers preventing ARM build
As a result of 894673ee6122a3ce1958e1fe096901ba5356a96b, the ARM
architecture is more or less unbuildable - only one defconfig appears
to build, with all others erroring out with:
CC arch/arm/kernel/setup.o
In file included from /home/rmk/git/linux-2.6-rmk/arch/arm/kernel/setup.c:22:
/home/rmk/git/linux-2.6-rmk/include/linux/root_dev.h:7: warning: implicit declaration of function `MKDEV'
...
Essentially, root_dev.h uses MKDEV and dev_t, but does not include any
headers which provide either of these definitions. The reason it worked
previously is that linux/tty.h just happened to include the required
headers for linux/root_dev.h.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Arjan van de Ven [Thu, 13 Jul 2006 12:46:03 +0000 (14:46 +0200)]
[PATCH] lockdep: annotate mm/slab.c
mm/slab.c uses nested locking when dealing with 'off-slab'
caches, in that case it allocates the slab header from the
(on-slab) kmalloc caches. Teach the lock validator about
this by putting all on-slab caches into a separate class.
this patch has no effect on non-lockdep kernels.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Pierre Ossman [Tue, 11 Jul 2006 19:07:10 +0000 (21:07 +0200)]
[MMC] Change SDHCI version error to a warning
O2 Micro's controllers have a larger specification version value and are
therefore denied by the driver. When bypassing this check they seem to work
fine. This patch makes the code a bit more forgiving by changing the error
to a warning.
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[PATCH] m68knommu: fix result type in get_user() macro
Keep the result holder variable the same type as the quantity we are
retreiving in the get_user() macro - don't go through a pointer version
of the user space address type.
Using the address type causes problems if the address type was const
(newer versions of gcc quite rightly error out for that condition).
[PATCH] i386: system.h: remove extra semicolons and fix order
include/asm-i386/system.h has trailing semicolons in some of the
macros that cause legitimate code to fail compilation, so remove
them. Also remove extra blank lines within one group of macros.
And put stts() and clts() back together; they got separated somehow.
David S. Miller [Thu, 13 Jul 2006 06:19:31 +0000 (23:19 -0700)]
[SPARC]: Fix OF register translations under sub-PCI busses.
There is an implicit assumption in the code that ranges will translate
to something that can fit in 2 32-bit cells, or a 64-bit value. For
certain kinds of things below PCI this isn't necessarily true.
Here is what the relevant OF device hierarchy looks like for one of
the serial controllers on an Ultra5:
2) Pass-through "SUNW,simba" since it lacks ranges property
3) Match "82010814.00000000.f13083f8" to third ranges property of PCI
controller node 'SUNW,sabre', and we arrive at the final physical
MMIO address of "0x1fff13083f8".
Due to the 2-cell assumption, we couldn't translate to a PCI 3-cell
value, and we couldn't perform a pass-thru on it either.
It was easiest to just stop splitting the ranges application operation
between two methods, ->map and ->translate, and just let ->map do all
the work. That way it would work purely on 32-bit cell arrays instead
of having to "return" some value like a u64.
It's still not %100 correct because the out-of-range check is still
done using the 64 least significant bits of the range and address.
But it does work for all the cases I've thrown at it so far.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 12 Jul 2006 22:59:53 +0000 (15:59 -0700)]
[SPARC64]: Fix 2 bugs in sabre_irq_build()
When installing the IRQ pre-handler, we were not setting up the second
argument correctly. It should be a pointer to the sabre_irq_data, not
the config space PIO address.
Furthermore, we only need this pre-handler installed if the device
sits behind a PCI bridge that is not Sabre or Simba/APB.
Signed-off-by: David S. Miller <davem@davemloft.net>
David Woodhouse [Wed, 12 Jul 2006 20:56:53 +0000 (13:56 -0700)]
[SPARC64]: Fix make headers_install
A minor typo in the include/asm-sparc64/Kbuild file prevents the make
headers_install from building a useful tree of kernel headers for
sparc64.
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Merge commit master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 of HEAD
* HEAD:
[NET]: fix __sk_stream_mem_reclaim
[Bluetooth] Fix deadlock in the L2CAP layer
[Bluetooth] Let BT_HIDP depend on INPUT
[Bluetooth] Avoid NULL pointer dereference with tty->driver
[Bluetooth] Remaining transitions to use kzalloc()
[WAN]: converting generic HDLC to use netif_dormant*()
[IPV4]: Fix error handling for fib_insert_node call
[NETROM] lockdep: fix false positive
[ROSE] lockdep: fix false positive
[AX.25]: Optimize AX.25 socket list lock
[IPCOMP]: Fix truesize after decompression
[IPV6]: Use ipv6_addr_src_scope for link address sorting.
[TCP] tcp_highspeed: Fix AI updates.
[MAINTAINERS]: Add proper entry for TC classifier
[NETROM]: Drop lock before calling nr_destroy_socket
[NETROM]: Fix locking order when establishing a NETROM circuit.
[AX.25]: Fix locking of ax25 protocol function list.
[IPV6]: order addresses by scope
Merge commit master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6 of HEAD
* HEAD:
[PATCH] hwmon: Documentation update for abituguru
[PATCH] hwmon: Fix for first generation Abit uGuru chips
[PATCH] hwmon: New maintainer for w83791d
[PATCH] pca9539: Honor the force parameter
[PATCH] i2c-algo-bit: Wipe out dead code
[PATCH] i2c: Handle i2c_add_adapter failure in i2c algorithm drivers
[PATCH] i2c: New mailing list
[PATCH] i2c-ite: Plan for removal
[PATCH] i2c-powermac: Fix master_xfer return value
[PATCH] scx200_acb: Fix the block transactions
[PATCH] scx200_acb: Fix the state machine
[PATCH] i2c-iop3xx: Avoid addressing self
[PATCH] i2c: Fix 'ignore' module parameter handling in i2c-core
Len Brown [Thu, 13 Jul 2006 02:46:42 +0000 (22:46 -0400)]
[PATCH] Revert "ACPI: execute Notify() handlers on new thread"
This effectively reverts commit b8d35192c55fb055792ff0641408eaaec7c88988
by reverts acpi_os_queue_for_execution() to what it was before that,
except it changes the name to acpi_os_execute() to match ACPICA 20060512.
Signed-off-by: Len Brown <len.brown@intel.com>
[ The thread execution doesn't actually solve the bug it set out to
solve (see
http://bugzilla.kernel.org/show_bug.cgi?id=5534
for more details) because the new events can get caught behind the AML
semaphore or other serialization. And when that happens, the notify
threads keep on piling up until the system dies. ]
Ian McDonald [Thu, 13 Jul 2006 00:58:53 +0000 (17:58 -0700)]
[NET]: fix __sk_stream_mem_reclaim
__sk_stream_mem_reclaim is only called by sk_stream_mem_reclaim.
As such the check on sk->sk_forward_alloc is not needed and can be
removed.
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>