There is an off by one problem with idr_get_new_above.
The comment and function name suggest that it will return an id >
starting_id, but it actually returned an id >= starting_id, and kernel
callers other than inotify treated it as such.
The patch below fixes the comment, and fixes inotifys usage. The
function name still doesn't match the behaviour, but it never did.
Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Fri, 26 Aug 2005 17:49:22 +0000 (10:49 -0700)]
Ignore disabled ROM resources at setup
Writing even a disabled value seems to mess up some matrox graphics
cards. It may be a card-related issue, but we may also be writing
reserved low bits in the result.
This was a fall-out of switching x86 over to the generic PCI resource
allocation code, and needs more debugging. In particular, the old x86
code defaulted to not doing any resource allocations at all for ROM
resources.
In the meantime, this has been reported to make X happier by Helge
Hafting <helgehaf@aitel.hist.no>.
Linus Torvalds [Fri, 26 Aug 2005 17:40:10 +0000 (10:40 -0700)]
Only pre-allocate 256 bytes of cardbio IO range
It may seem small, but most cards need much less, if any, and this not
only makes the code adhere to the comment, it seems to fix a boot-time
lockup on a ThinkPad 380XD laptop reported by Tero Roponen <teanropo@cc.jyu.fi>
Jens Axboe [Wed, 24 Aug 2005 12:57:54 +0000 (14:57 +0200)]
[PATCH] cfq-iosched.c: minor fixes
One critical fix and two minor fixes for 2.6.13-rc7:
- Max depth must currently be 2 to allow barriers to function on SCSI
- Prefer sync request over async in choosing the next request
- Never allow async request to preempt or disturb the "anticipation" for
a single cfq process context. This is as-designed, the code right now
is buggy in that area.
Keith Owens [Wed, 24 Aug 2005 06:06:25 +0000 (16:06 +1000)]
[PATCH] Export pcibios_bus_to_resource
pcibios_bus_to_resource is exported on all architectures except ia64
and sparc. Add exports for the two missing architectures. Needed when
Yenta socket support is compiled as a module.
Signed-off-by: Keith Owens <kaos@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I mistakedly disabled fusion support in an earlier update. Fusion
is commonly used on many x86-64 systems, so this was a problem.
This patch fixes that.
Signed-off-by: And Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] ppc64: Export machine_power_off for therm_pm72 module
This patch puts back the export of machine_power_off() that was removed
by some janitor as it's used for emergency shutdown by the G5 thermal
control driver. Wether that driver should use kernel_power_off() instead
is debatable and a post-2.6.13 decision. In the meantime, please commit
that patch that fixes the driver for now.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Paul Jackson [Wed, 24 Aug 2005 11:15:10 +0000 (04:15 -0700)]
[PATCH] cpu_exclusive sched domains build fix
As reported by Paul Mackerras <paulus@samba.org>, the previous patch
"cpu_exclusive sched domains fix" broke the ppc64 build with
CONFIC_CPUSET, yielding error messages:
kernel/cpuset.c: In function 'update_cpu_domains':
kernel/cpuset.c:648: error: invalid lvalue in unary '&'
kernel/cpuset.c:648: error: invalid lvalue in unary '&'
On some arch's, the node_to_cpumask() is a function, returning
a cpumask_t. But the for_each_cpu_mask() requires an lvalue mask.
The following patch fixes this build failure by making a copy
of the cpumask_t on the stack.
Signed-off-by: Paul Jackson <pj@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Paul Jackson [Tue, 23 Aug 2005 08:04:27 +0000 (01:04 -0700)]
[PATCH] cpu_exclusive sched domains on partial nodes temp fix
This keeps the kernel/cpuset.c routine update_cpu_domains() from
invoking the sched.c routine partition_sched_domains() if the cpuset in
question doesn't fall on node boundaries.
I have boot tested this on an SN2, and with the help of a couple of ad
hoc printk's, determined that it does indeed avoid calling the
partition_sched_domains() routine on partial nodes.
I did not directly verify that this avoids setting up bogus sched
domains or avoids the oops that Hawkes saw.
This patch imposes a silent artificial constraint on which cpusets can
be used to define dynamic sched domains.
This patch should allow proceeding with this new feature in 2.6.13 for
the configurations in which it is useful (node alligned sched domains)
while avoiding trying to setup sched domains in the less useful cases
that can cause the kernel corruption and oops.
Signed-off-by: Paul Jackson <pj@sgi.com> Acked-by: Ingo Molnar <mingo@elte.hu> Acked-by: Dinakar Guniguntala <dino@in.ibm.com> Acked-by: John Hawkes <hawkes@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andi Kleen [Tue, 23 Aug 2005 01:14:27 +0000 (03:14 +0200)]
[PATCH] x86_64: Don't oops at boot when empty Opteron node has IO
The code to detect IO links on Opteron would not check
if the node had actually memory. This could lead to pci_bus_to_node
returning an invalid node, which might cause crashes later
when dma_alloc_coherent passes it to page_alloc_node().
The bug has been there forever but for some reason
it is causing now crashes.
lepton [Tue, 23 Aug 2005 00:06:14 +0000 (17:06 -0700)]
[PATCH] usbnet oops fix
There's a "return the wrong SKB" error in the GL620A cable minidriver
(for "usbnet") which can oops. This would not appear when talking
Linux-to-Linux, only Linux-to-Windows (for recent Linuxes).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Chuck Ebbert [Wed, 24 Aug 2005 01:36:40 +0000 (21:36 -0400)]
[PATCH] i386: fix incorrect FP signal code
i386 floating-point exception handling has a bug that can cause error
code 0 to be sent instead of the proper code during signal delivery.
This is caused by unconditionally checking the IS and c1 bits from the
FPU status word when they are not always relevant. The IS bit tells
whether an exception is a stack fault and is only relevant when the
exception is IE (invalid operation.) The C1 bit determines whether a
stack fault is overflow or underflow and is only relevant when IS and IE
are set.
Al Viro [Tue, 23 Aug 2005 21:47:32 +0000 (22:47 +0100)]
[PATCH] broken inline asm on s390 (misuse of labels)
use of explicit labels in inline asm is a Bad Idea(tm), since gcc can
decide to inline the function in several places. Fixed by use of 1f/f:
instead of .Lfitsin/.Lfitsin:
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:47:22 +0000 (22:47 +0100)]
[PATCH] m32r icu_data gcc4 fixes
either icu_data declaration for SMP case should be taken out of m32102.h,
or its declarations for m32700ut and opsput should not be static for SMP.
Patch does the latter - judging by comments in m32102.h it is intended to
be non-static.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:47:12 +0000 (22:47 +0100)]
[PATCH] alpha spinlock code and bogus constraints
"=m" (lock->lock) / "1" (lock->lock) makes gcc4 unhappy; fixed by s/1/m/,
same as in case of i386 rwsem.h where such variant had been accepted
by both Linus and rth.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:47:07 +0000 (22:47 +0100)]
[PATCH] alpha xchg fix
alpha xchg has to be a macro - alpha disables always_inline and if that
puppy does not get inlined, we immediately blow up on undefined reference.
Happens even on gcc3; with gcc4 that happens a _lot_.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
since sparc32 Kconfig includes drivers/char/Kconfig (instead of duplicating
its parts) we need several new dependencies there to exclude the stuff
broken on sparc32 and not excluded by existing dependencies.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:45:56 +0000 (22:45 +0100)]
[PATCH] Kconfig fix (airo_cs on m32r)
airo_cs is broken on m32r; marked as such. [Proper fix would involve
separating PCI-dependent parts and making sure they don't get in the
way _and_ arranging for asm/scatterlist.h getting picked on m32r]
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:45:46 +0000 (22:45 +0100)]
[PATCH] Kconfig fix (arv)
arv uses constants provided only by include/asm-m32r/m32700ut/m32700ut_lan.h
It won't build for any subarchitecture other than M32700UT; marked as such.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Tue, 23 Aug 2005 21:45:36 +0000 (22:45 +0100)]
[PATCH] Kconfig fix (DEBUG_PAGEALLOC on m32r)
DEBUG_PAGEALLOC is broken on m32r - the option had been blindly copied from
i386; kernel_map_pages() had not and that's what is needed for DEBUG_PAGEALLOC
to work (or link, while we are at it).
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
NeilBrown [Mon, 22 Aug 2005 20:11:08 +0000 (13:11 -0700)]
[PATCH] md: make sure resync gets started when array starts.
We weren't actually waking up the md thread after setting
MD_RECOVERY_NEEDED when assembling an array, so it is possible to lose a
race and not actually start resync.
So add a call to md_wakeup_thread, and while we are at it, remove all the
"if (mddev->thread)" guards as md_wake_thread does its own checking.
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Meybohm [Mon, 22 Aug 2005 20:11:08 +0000 (13:11 -0700)]
[PATCH] preempt race in getppid
With CONFIG_PREEMPT && !CONFIG_SMP, it's possible for sys_getppid to
return a bogus value if the parent's task_struct gets reallocated after
current->group_leader->real_parent is read:
asmlinkage long sys_getppid(void)
{
int pid;
struct task_struct *me = current;
struct task_struct *parent;
parent = me->group_leader->real_parent;
RACE HERE => for (;;) {
pid = parent->tgid;
#ifdef CONFIG_SMP
{
struct task_struct *old = parent;
/*
* Make sure we read the pid before re-reading the
* parent pointer:
*/
smp_rmb();
parent = me->group_leader->real_parent;
if (old != parent)
continue;
}
#endif
break;
}
return pid;
}
If the process gets preempted at the indicated point, the parent process
can go ahead and call exit() and then get wait()'d on to reap its
task_struct. When the preempted process gets resumed, it will not do any
further checks of the parent pointer on !CONFIG_SMP: it will read the
bad pid and return.
So, the same algorithm used when SMP is enabled should be used when
preempt is enabled, which will recheck ->real_parent in this case.
Signed-off-by: David Meybohm <dmeybohmlkml@bellsouth.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Tue, 23 Aug 2005 17:13:06 +0000 (10:13 -0700)]
[TCP]: Unconditionally clear TCP_NAGLE_PUSH in skb_entail().
Intention of this bit is to force pushing of the existing
send queue when TCP_CORK or TCP_NODELAY state changes via
setsockopt().
But it's easy to create a situation where the bit never
clears. For example, if the send queue starts empty:
1) set TCP_NODELAY
2) clear TCP_NODELAY
3) set TCP_CORK
4) do small write()
The current code will leave TCP_NAGLE_PUSH set after that
sequence. Unconditionally clearing the bit when new data
is added via skb_entail() solves the problem.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 23 Aug 2005 17:12:44 +0000 (10:12 -0700)]
[PKT_SCHED]: Fix missing qdisc_destroy() in qdisc_create_dflt()
qdisc_create_dflt() is missing to destroy the newly allocated
default qdisc if the initialization fails resulting in leaks
of all kinds. The only caller in mainline which may trigger
this bug is sch_tbf.c in tbf_create_dflt_qdisc().
Note: qdisc_create_dflt() doesn't fulfill the official locking
requirements of qdisc_destroy() but since the qdisc could
never be seen by the outside world this doesn't matter
and it can stay as-is until the locking of pkt_sched
is cleaned up.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 23 Aug 2005 17:12:04 +0000 (10:12 -0700)]
[SCTP]: Add SENTINEL to SCTP MIB stats
Add SNMP_MIB_SENTINEL to the definition of the sctp_snmp_list so that
the output routine in proc correctly terminates. This was causing some
problems running on ia64 systems.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Ralf Baechle [Tue, 23 Aug 2005 17:11:45 +0000 (10:11 -0700)]
[AX25]: UID fixes
o Brown paperbag bug - ax25_findbyuid() was always returning a NULL pointer
as the result. Breaks ROSE completly and AX.25 if UID policy set to deny.
o While the list structure of AX.25's UID to callsign mapping table was
properly protected by a spinlock, it's elements were not refcounted
resulting in a race between removal and usage of an element.
Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Ralf Baechle [Tue, 23 Aug 2005 17:11:30 +0000 (10:11 -0700)]
[NET]: Fix socket bitop damage
The socket flag cleanups that went into 2.6.12-rc1 are basically oring
the flags of an old socket into the socket just being created.
Unfortunately that one was just initialized by sock_init_data(), so already
has SOCK_ZAPPED set. As the result zapped sockets are created and all
incoming connection will fail due to this bug which again was carefully
replicated to at least AX.25, NET/ROM or ROSE.
In order to keep the abstraction alive I've introduced sock_copy_flags()
to copy the socket flags from one sockets to another and used that
instead of the bitwise copy thing. Anyway, the idea here has probably
been to copy all flags, so sock_copy_flags() should be the right thing.
With this the ham radio protocols are usable again, so I hope this will
make it into 2.6.13.
Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Dave Johnson [Tue, 23 Aug 2005 17:10:15 +0000 (10:10 -0700)]
[IPV4]: Fix negative timer loop with lots of ipv4 peers.
From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
Found this bug while doing some scaling testing that created 500K inet
peers.
peer_check_expire() in net/ipv4/inetpeer.c isn't using inet_peer_gc_mintime
correctly and will end up creating an expire timer with less than the
minimum duration, and even zero/negative if enough active peers are
present.
If >65K peers, the timer will be less than inet_peer_gc_mintime, and with
>70K peers, the timer duration will reach zero and go negative.
The timer handler will continue to schedule another zero/negative timer in
a loop until peers can be aged. This can continue for at least a few
minutes or even longer if the peers remain active due to arriving packets
while the loop is occurring.
Bug is present in both 2.4 and 2.6. Same patch will apply to both just
fine.
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 23 Aug 2005 17:09:53 +0000 (10:09 -0700)]
[RPC]: Kill bogus kmap in krb5
While I was going through the crypto users recently, I noticed this
bogus kmap in sunrpc. It's totally unnecessary since the crypto
layer will do its own kmap before touching the data. Besides, the
kmap is throwing the return value away.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Yusupov [Tue, 23 Aug 2005 17:09:27 +0000 (10:09 -0700)]
[TCP]: Do TSO deferral even if tail SKB can go out now.
If the tail SKB fits into the window, it is still
benefitical to defer until the goal percentage of
the window is available. This give the application
time to feed more data into the send queue and thus
results in larger TSO frames going out.
Patch from Dmitry Yusupov <dima@neterion.com>.
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Chubb [Tue, 23 Aug 2005 00:50:00 +0000 (17:50 -0700)]
[IA64] Fix simulator boot (for real this time).
Thanks to Stephane, we've now worked out the real cause of the
`Linux will not boot on simulator' problem. Turns out it's a stack
overflow because the stack pointer wasn't being initialised properly
in boot_head.S (it was being initialised to the lowest instead of the
highest address of the stack, so the first push started to overwrite
data in the BSS).
Signed-off-by: Peter Chubb <peterc@gelato.unsw.edu.au> Signed-off-by: Tony Luck <tony.luck@intel.com>
Andi Kleen [Fri, 19 Aug 2005 04:56:40 +0000 (06:56 +0200)]
[PATCH] x86_64: Fix race in TSC synchronization
Plug a race in TSC synchronization
We need to do tsc_sync_wait() before the CPU is set online to prevent
multiple CPUs from doing it in parallel - which won't work because TSC
sync has global unprotected state.
Steven Rostedt [Sat, 20 Aug 2005 00:57:46 +0000 (17:57 -0700)]
[PATCH] Mobil Pentium 4 HT and the NMI
I'm trying to get the nmi working with my laptop (IBM ThinkPad G41) and after
debugging it a while, I found that the nmi code doesn't want to set it up for
this particular CPU.
Here I have:
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Mobile Intel(R) Pentium(R) 4 CPU 3.33GHz
stepping : 1
cpu MHz : 3320.084
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 3
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pni
monitor ds_cpl est tm2 cid xtpr
bogomips : 6642.39
processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Mobile Intel(R) Pentium(R) 4 CPU 3.33GHz
stepping : 1
cpu MHz : 3320.084
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 3
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pni
monitor ds_cpl est tm2 cid xtpr
bogomips : 6637.46
And the following code shows:
$ cat linux-2.6.13-rc6/arch/i386/kernel/nmi.c
[...]
void setup_apic_nmi_watchdog (void)
{
switch (boot_cpu_data.x86_vendor) {
case X86_VENDOR_AMD:
if (boot_cpu_data.x86 != 6 && boot_cpu_data.x86 != 15)
return;
setup_k7_watchdog();
break;
case X86_VENDOR_INTEL:
switch (boot_cpu_data.x86) {
case 6:
if (boot_cpu_data.x86_model > 0xd)
return;
setup_p6_watchdog();
break;
case 15:
if (boot_cpu_data.x86_model > 0x3)
return;
Here I get boot_cpu_data.x86_model == 0x4. So I decided to change it and
reboot. I now seem to have a working NMI. So, unless there's something know
to be bad about this processor and the NMI. I'm submitting the following
patch.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Acked-by: Zwane Mwaikambo <zwane@arm.linux.org.uk> Acked-by: Mikael Pettersson <mikpe@csd.uu.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Sat, 20 Aug 2005 01:02:56 +0000 (18:02 -0700)]
Fix nasty ncpfs symlink handling bug.
This bug could cause oopses and page state corruption, because ncpfs
used the generic page-cache symlink handlign functions. But those
functions only work if the page cache is guaranteed to be "stable", ie a
page that was installed when the symlink walk was started has to still
be installed in the page cache at the end of the walk.
We could have fixed ncpfs to not use the generic helper routines, but it
is in many ways much cleaner to instead improve on the symlink walking
helper routines so that they don't require that absolute stability.
We do this by allowing "follow_link()" to return a error-pointer as a
cookie, which is fed back to the cleanup "put_link()" routine. This
also simplifies NFS symlink handling.
Al Viro [Fri, 19 Aug 2005 21:42:16 +0000 (22:42 +0100)]
[PATCH] jffs2: fix symlink error handling
The current calling conventions for ->follow_link() are already fairly
complex.
What we have is
1) you can return -error; then you must release nameidata yourself
and ->put_link() will _not_ be called.
2) you can do nd_set_link(nd, ERR_PTR(-error)) and return 0
3) you can do nd_set_link(nd, path) and return 0
4) you can return 0 (after having moved nameidata yourself)
jffs2 follow_link() is broken - it has an exit where it returns
-EIO and leaks nameidata.
Al Viro [Fri, 19 Aug 2005 22:56:37 +0000 (15:56 -0700)]
[SPARC]: Fix weak aliases
sparc_ksyms.c used to declare weak alias to several gcc intrinsics. It
doesn't work with gcc4 anymore - it wants a declaration for the thing
we are aliasing to and that's not going to happen for something like
.mul, etc. Replaced with direct injection of weak alias on the assembler
level - .weak <alias> followed by <alias> = <aliased>; that works on all
gcc versions.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net>