David Brownell [Thu, 7 Dec 2006 04:38:36 +0000 (20:38 -0800)]
[PATCH] add rtc-omap driver
This creates a new RTC-framework driver for the RTC/calendar module found
in various OMAP1 chips. (OMAP2 and OMAP3 use external RTCs, like those in
TI's multifunction PM companion chips.) It's been in the Linux-OMAP tree
for several months now, and other trees before that, so it's quite stable.
The most notable issue is that the OMAP IRQ code doesn't yet support the
RTC IRQ as a wakeup event. Once that's fixed, a patch will be needed.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Thu, 7 Dec 2006 04:38:35 +0000 (20:38 -0800)]
[PATCH] agp-amd64: section mismatches with HOTPLUG=n
When CONFIG_HOTPLUG=n, agp_amd64_resume() calls nforce3_agp_init(), which is
__devinit == __init, so has been discarded and is not usable for resume.
WARNING: drivers/char/agp/amd64-agp.o - Section mismatch: reference to .init.text: from .text between 'agp_amd64_resume' (at offset 0x249) and 'amd64_tlbflush'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Thu, 7 Dec 2006 04:38:33 +0000 (20:38 -0800)]
[PATCH] parport: section mismatches with HOTPLUG=n
When CONFIG_HOTPLUG=n, parport_pc calls some __devinit == __init code that
could be discarded. These calls are made from parport_irq_probe(), which is
called from parport_pc_probe_port(), which is an exported symbol, so the calls
could (possibly) happen after init time.
WARNING: drivers/parport/parport_pc.o - Section mismatch: reference to .init.text: from .text between 'parport_irq_probe' (at offset 0x31d) and 'parport_pc_probe_port'
WARNING: drivers/parport/parport_pc.o - Section mismatch: reference to .init.text: from .text between 'parport_irq_probe' (at offset 0x346) and 'parport_pc_probe_port'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Adrian Bunk [Thu, 7 Dec 2006 04:38:31 +0000 (20:38 -0800)]
[PATCH] make fs/proc/base.c:proc_pid_instantiate() static
Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mingming Cao [Thu, 7 Dec 2006 04:38:19 +0000 (20:38 -0800)]
[PATCH] ext4: fix reservation extension
Hugh Dickins wrote:
> Not found anything relevant, but I keep noticing these lines
> in ext2_try_to_allocate_with_rsv(), ext3 and ext4 similar:
>
> } else if (grp_goal > 0 &&
> (my_rsv->rsv_end - grp_goal + 1) < *count)
> try_to_extend_reservation(my_rsv, sb,
> *count-my_rsv->rsv_end + grp_goal - 1);
>
> They're wrong, a no-op in most groups, aren't they? rsv_end is an
> absolute block number, whereas grp_goal is group-relative, so the
> calculation ought to bring in group_first_block? Or I'm confused.
>
Signed-off-by: Mingming Cao <cmm@us.ibm.com> Cc: "linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mingming Cao [Thu, 7 Dec 2006 04:38:18 +0000 (20:38 -0800)]
[PATCH] ext3: fix reservation extension
Hugh Dickins wrote:
> Not found anything relevant, but I keep noticing these lines
> in ext2_try_to_allocate_with_rsv(), ext3 and ext4 similar:
>
> } else if (grp_goal > 0 &&
> (my_rsv->rsv_end - grp_goal + 1) < *count)
> try_to_extend_reservation(my_rsv, sb,
> *count-my_rsv->rsv_end + grp_goal - 1);
>
> They're wrong, a no-op in most groups, aren't they? rsv_end is an
> absolute block number, whereas grp_goal is group-relative, so the
> calculation ought to bring in group_first_block? Or I'm confused.
>
Signed-off-by: Mingming Cao <cmm@us.ibm.com> Cc: "linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ingo Molnar [Thu, 7 Dec 2006 04:38:17 +0000 (20:38 -0800)]
[PATCH] hotplug CPU: clean up hotcpu_notifier() use
There was lots of #ifdef noise in the kernel due to hotcpu_notifier(fn,
prio) not correctly marking 'fn' as used in the !HOTPLUG_CPU case, and thus
generating compiler warnings of unused symbols, hence forcing people to add
#ifdefs.
the compiler can skip truly unused functions just fine:
[PATCH] kprobes: enable booster on the preemptible kernel
When we are unregistering a kprobe-booster, we can't release its
instruction buffer immediately on the preemptive kernel, because some
processes might be preempted on the buffer. The freeze_processes() and
thaw_processes() functions can clean most of processes up from the buffer.
There are still some non-frozen threads who have the PF_NOFREEZE flag. If
those threads are sleeping (not preempted) at the known place outside the
buffer, we can ensure safety of freeing.
However, the processing of this check routine takes a long time. So, this
patch introduces the garbage collection mechanism of insn_slot. It also
introduces the "dirty" flag to free_insn_slot because of efficiency.
The "clean" instruction slots (dirty flag is cleared) are released
immediately. But the "dirty" slots which are used by boosted kprobes, are
marked as garbages. collect_garbage_slots() will be invoked to release
"dirty" slots if there are more than INSNS_PER_PAGE garbage slots or if
there are no unused slots.
Linas Vepstas [Thu, 7 Dec 2006 04:38:07 +0000 (20:38 -0800)]
[PATCH] HVCS char driver janitoring: move block of code
Move a block of code from the bottom of the file to the top, which is needed
to enable the cleanup.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com> Cc: Ryan S. Arnold <rsa@us.ibm.com> Cc: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Magnus Damm [Thu, 7 Dec 2006 04:38:00 +0000 (20:38 -0800)]
[PATCH] elf: fix kcore note size calculation
- Define "CORE" string as CORE_STR in single common place.
- Include terminating zero in CORE_STR length calculation for elf_buflen.
- Use roundup(,4) to include alignment in elf_buflen calculation.
[akpm@osdl.org: simplification suggested by Roland] Signed-off-by: Magnus Damm <magnus@valinux.co.jp> Cc: Daniel Jacobowitz <drow@false.org> Cc: Roland McGrath <roland@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Magnus Damm [Thu, 7 Dec 2006 04:37:56 +0000 (20:37 -0800)]
[PATCH] elf: include terminating zero in n_namesz
The ELF32 spec says we should plus we include the zero on other platforms.
Signed-off-by: Magnus Damm <magnus@valinux.co.jp> Cc: Daniel Jacobowitz <drow@false.org> Cc: Roland McGrath <roland@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Magnus Damm [Thu, 7 Dec 2006 04:37:53 +0000 (20:37 -0800)]
[PATCH] elf: Always define elf_addr_t in linux/elf.h
Define elf_addr_t in linux/elf.h. The size of the type is determined using
ELF_CLASS. This allows us to remove the defines that today are spread all
over .c and .h files.
Signed-off-by: Magnus Damm <magnus@valinux.co.jp> Cc: Daniel Jacobowitz <drow@false.org> Cc: Roland McGrath <roland@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
suzuki [Thu, 7 Dec 2006 04:37:48 +0000 (20:37 -0800)]
[PATCH] Fix the size limit of compat space msgsize
Currently we allocate 64k space on the user stack and use it the msgbuf for
sys_{msgrcv,msgsnd} for compat and the results are later copied in user [
by copy_in_user]. This patch introduces helper routines for
sys_{msgrcv,msgsnd} as below:
do_msgsnd() : Accepts the mtype and user space ptr to the buffer along with
the msqid and msgflg.
do_msgrcv() : Accepts a kernel space ptr to mtype and a userspace ptr to
the buffer. The mtype has to be copied back the user space msgbuf by the
caller.
These changes avoid the need to allocate the msgsize on the userspace (
thus removing the size limt ) and the overhead of an extra copy_in_user().
Signed-off-by: Suzuki K P <suzuki@in.ibm.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
scripts/ver_linux needed some minor clean-ups, as follows:
1) Add reporting of actual oprofile release
2) Add reporting of actual wireless-tools release
3) Add reporting of actual pcmciautils release
Thomas Gleixner [Thu, 7 Dec 2006 04:37:38 +0000 (20:37 -0800)]
[PATCH] ktime: Fix signed / unsigned mismatch in ktime_to_ns
The 32 bit implementation of ktime_to_ns returns unsigned value, while the
64 bit version correctly returns an signed value. There is no current user
affected by this, but it has to be fixed, as ktime values can be negative.
Pointed-out-by: Helmut Duregger <Helmut.Duregger@student.uibk.ac.at> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] retries in ext4_prepare_write() violate ordering requirements
In journal=ordered or journal=data mode retry in ext4_prepare_write()
breaks the requirements of journaling of data with respect to metadata.
The fix is to call commit_write to commit allocated zero blocks before
retry.
[PATCH] retries in ext3_prepare_write() violate ordering requirements
In journal=ordered or journal=data mode retry in ext3_prepare_write()
breaks the requirements of journaling of data with respect to metadata.
The fix is to call commit_write to commit allocated zero blocks before
retry.
All modifications of ->i_flags in inodes that might be visible to somebody
else must be under ->i_mutex. That patch fixes ext2 ioctl() setting S_APPEND.
Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Arnd Bergmann [Thu, 7 Dec 2006 04:37:29 +0000 (20:37 -0800)]
[PATCH] remove kernel syscalls
The last thing we agreed on was to remove the macros entirely for 2.6.19,
on all architectures. Unfortunately, I think nobody actually _did_ that,
so they are still there.
[akpm@osdl.org: x86_64 fix] Cc: David Woodhouse <dwmw2@infradead.org> Cc: Greg Schafer <gschafer@zip.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
A driver for the PCEngines WRAP boards (http://www.pcengines.ch), which are
very similar to the Soekris net4801 (same NS SC1100 geode reference
design).
The LEDs on the WRAP are on different GPIO lines and I have modified and
copied the net48xx error led support for this. It also includes support
for an "extra" led (in addition to error). The three LEDs on the WRAP are
at GPIO lines 2,3,18 (WRAP LEDs from left to right). This driver gives
access to the second and third LEDs by twiddling GPIO lines 3 & 18.
Because these boards are so similar to the net48xx, I basically sed-ed that
driver to form the basis for leds-wrap.c. The only changes from
leds-net48xx.c are:
- #define WRAP_EXTRA_LED_GPIO
- name changes
- duplicate relevant sections to provide support for the "extra" led
- reverse the various *_led_set values. The WRAP is "backwards" from the
net48xx, and these needed to be updated for that.
[akpm@osdl.org: build fix] Signed-off-by: Kristian Kielhofner <kris@krisk.org> Acked-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alan Cox [Thu, 7 Dec 2006 04:37:27 +0000 (20:37 -0800)]
[PATCH] HZ: 300Hz support
Fix two things. Firstly the unit is "Hz" not "HZ". Secondly it is useful
to have 300Hz support when doing multimedia work. 250 is fine for us in
Europe but the US frame rate is 30fps (29.99 blah for pedants). 300 gives
us a tick divisible by both 25 and 30, and for interlace work 50 and 60.
It's also giving similar performance to 250Hz.
I'd argue we should remove 250 and add 300, but that might be excess
disruption for now.
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ingo Molnar [Thu, 7 Dec 2006 04:37:24 +0000 (20:37 -0800)]
[PATCH] sleep profiling
Implement prof=sleep profiling. TASK_UNINTERRUPTIBLE sleeps will be taken
as a profile hit, and every millisecond spent sleeping causes a profile-hit
for the call site that initiated the sleep.
Phillip Lougher [Thu, 7 Dec 2006 04:37:20 +0000 (20:37 -0800)]
[PATCH] corrupted cramfs filesystems cause kernel oops
Steve Grubb's fzfuzzer tool (http://people.redhat.com/sgrubb/files/
fsfuzzer-0.6.tar.gz) generates corrupt Cramfs filesystems which cause
Cramfs to kernel oops in cramfs_uncompress_block(). The cause of the oops
is an unchecked corrupted block length field read by cramfs_readpage().
This patch adds a sanity check to cramfs_readpage() which checks that the
block length field is sensible. The (PAGE_CACHE_SIZE << 1) size check is
intentional, even though the uncompressed data is not going to be larger
than PAGE_CACHE_SIZE, gzip sometimes generates compressed data larger than
the original source data. Mkcramfs checks that the compressed size is
always less than or equal to PAGE_CACHE_SIZE << 1. Of course Cramfs could
use the original uncompressed data in this case, but it doesn't.
[PATCH] Make initramfs printk a warning on incorrect cpio type
It turns out that the "-c" option of cpio is highly unportable even between
distros let alone unix variants, and may actually make the wrong type of
cpio archive. I just wasted quite some time on this, and the kernel can
detect this and warn about it (it's __init memory so it gets thrown away
and thus there is no runtime overhead)
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
In file included from drivers/char/ip2/ip2main.c:285:
drivers/char/ip2/i2lib.c: In function `i2Output':
drivers/char/ip2/i2lib.c:1019: warning: unused variable `rc'
Derek Fults [Thu, 7 Dec 2006 04:37:11 +0000 (20:37 -0800)]
[PATCH] get_options to allow a hypenated range for isolcpus
This allows a hyphenated range of positive numbers in the string passed
to command line helper function, get_options.
Currently the command line option "isolcpus=" takes as its argument a
list of cpus.
Format: <cpu number>,...,<cpu number>
Valid values of <cpu_number> include all cpus, 0 to "number of CPUs in
system - 1". This can get extremely long when isolating the majority of
cpus on a large system. The kernel isolcpus code would not need any
changing to use this feature. To use it, the change would be in the
command line format for 'isolcpus='
Format:
<cpu number>,...,<cpu number>
or
<cpu number>-<cpu number> (must be a positive range in ascending
order.)
or a mixture
<cpu number>,...,<cpu number>-<cpu number>
Neil Horman [Thu, 7 Dec 2006 04:37:08 +0000 (20:37 -0800)]
[PATCH] Correct misc_register return code handling in several drivers
Clean up several code points in which the return code from misc_register is
not handled properly.
Several modules failed to deregister various hooks when misc_register fails,
and this patch cleans them up. Also there are a few modules that legitimately
don't care about the failure status of misc register. These drivers however
unilaterally call misc_deregister on module unload.
Since misc_register doesn't initialize the list_head in the init_routine if it
fails, the deregister operation is at risk for oopsing when list_del is
called. The initial solution was to manually init the list in the miscdev
structure in each of those modules, but the consensus in this thread was to
consolodate and do that universally inside misc_register.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Cc: Bjorn Helgaas <bjorn.helgaas@hp.com> Cc: Kylene Jo Hall <kjhall@us.ibm.com> Cc: Dmitry Torokhov <dtor@mail.ru> Cc: Olaf Hering <olh@suse.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Thu, 7 Dec 2006 04:37:05 +0000 (20:37 -0800)]
[PATCH] hpfs: fix printk format warnings
Fix hpfs printk warnings:
fs/hpfs/dir.c:87: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'long unsigned int'
fs/hpfs/dir.c:147: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'long int'
fs/hpfs/dir.c:148: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'long int'
fs/hpfs/dnode.c:537: warning: format '%08x' expects type 'unsigned int', but argument 5 has type 'long unsigned int'
fs/hpfs/dnode.c:854: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'loff_t'
fs/hpfs/ea.c:247: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'long unsigned int'
fs/hpfs/inode.c:254: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'long unsigned int'
fs/hpfs/map.c:129: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'ino_t'
fs/hpfs/map.c:135: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'ino_t'
fs/hpfs/map.c:140: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'ino_t'
fs/hpfs/map.c:147: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'ino_t'
fs/hpfs/map.c:154: warning: format '%08x' expects type 'unsigned int', but argument 3 has type 'ino_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This is on our "Envoy" boxes which we have, according to the documentation, an
"Exar ST16C554/554D Quad UART with 16-byte Fifo's". The box also has two
other "on-board" serial ports and a modem chip.
The two on-board serial UARTs were being detected along with the first two
Exar UARTs. The last two Exar UARTs were not showing up and neither was the
modem.
This patch was the only way I could the kernel to see beyond the standard four
serial ports and get all four of the Exar UARTs to show up.
[akpm@osdl.org: build fix] Signed-off-by: Paul B Schroeder <pschroeder@uplogix.com> Cc: Lennart Sorensen <lsorense@csclub.uwaterloo.ca> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexey Dobriyan [Thu, 7 Dec 2006 04:36:56 +0000 (20:36 -0800)]
[PATCH] Compile-time check re world-writeable module params
One of the mistakes a module_param() user can make is to supply default
value of module parameter as the last argument. module_param() accepts
permissions instead. If default value is, say, 3 (-------wx), parameter
becomes world-writeable.
So far, the only remedy was to apply grep(1) and read drivers submitted
to -mm. BTDT.
With this patch applied, compiler will finally do some job.
*) bounds checking on permissions
*) world-writeable bit checking on permissions
*) compile breakage if checks trigger
First version of this check (only "& 2" part) directly caught 4 out of 7
places during my last grep.
Oleg Nesterov [Thu, 7 Dec 2006 04:36:55 +0000 (20:36 -0800)]
[PATCH] taskstats: cleanup reply assembling
Thomas Graf wrote:
>
> nla_nest_start() may return NULL, either rely on prepare_reply() to be
> correct and BUG() on failure or do proper error handling for all
> functions.
nla_put() in taskstat.c can fail only if the 'size' argument of alloc_skb()
was not right. This is a kernel bug, we should not hide it. So add 'BUG()'
on error path and check for 'na == NULL'.
> genlmsg_cancel() is only required in error paths for dumping
> procedures.
So we can remove 'genlmsg_cancel()' calls and 'void *reply' (saves 227 bytes).
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Thomas Graf <tgraf@suug.ch> Cc: Shailabh Nagar <nagar@watson.ibm.com> Cc: Balbir Singh <balbir@in.ibm.com> Cc: Jay Lan <jlan@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Allocate ->signal->stats on demand in taskstats_exit(), this allows us to
remove taskstats_tgid_alloc() (the last non-trivial inline) from taskstat's
public interface.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Balbir Singh <balbir@in.ibm.com> Cc: Shailabh Nagar <nagar@watson.ibm.com> Cc: Jay Lan <jlan@engr.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Oleg Nesterov [Thu, 7 Dec 2006 04:36:50 +0000 (20:36 -0800)]
[PATCH] taskstats_exit_alloc: optimize/simplify
If there are no listeners, every task does unneeded kmem_cache alloc/free on
exit. We don't need listeners->sem for 'if (!list_empty())' check. Yes, we may
have a false positive, but this doesn't differ from the case when the listener
is unregistered after we drop the semaphore. So we don't need to do allocation
beforehand.
Roland McGrath [Thu, 7 Dec 2006 04:36:34 +0000 (20:36 -0800)]
[PATCH] Disable CLONE_CHILD_CLEARTID for abnormal exit
The CLONE_CHILD_CLEARTID flag is used by NPTL to have its threads
communicate via memory/futex when they exit, so pthread_join can
synchronize using a simple futex wait. The word of user memory where NPTL
stores a thread's own TID is what it passes; this gets reset to zero at
thread exit.
It is not desireable to touch this user memory when threads are dying due
to a fatal signal. A core dump is more usefully representative of the
dying program state if the threads live at the time of the crash have their
NPTL data structures unperturbed. The userland expectation of
CLONE_CHILD_CLEARTID has only ever been that it works for a thread making
an _exit system call.
This problem was identified by Ernie Petrides <petrides@redhat.com>.
Signed-off-by: Roland McGrath <roland@redhat.com> Cc: Ernie Petrides <petrides@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Ulrich Drepper <drepper@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mika Kukkonen [Thu, 7 Dec 2006 04:36:29 +0000 (20:36 -0800)]
[PATCH] Function v9fs_get_idpool returns int, not u32 as called twice in fs/9p/vfs_inode.c
Function v9fs_get_idpool returns int, not u32. Actually it returns -1 on
errors, and these two callers check if the value is smaller than 0, which
was caught by gcc with extra warning flags. Compile tested only but should
be OK, as the value computed in v9fs_get_idpool() is also int.
Signed-of-by: Mika Kukkonen <mikukkon@iki.fi> Cc: Eric Van Hensbergen <ericvh@gmail.com> Cc: Ron Minnich <rminnich@lanl.gov> Cc: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Eric Sandeen [Thu, 7 Dec 2006 04:36:28 +0000 (20:36 -0800)]
[PATCH] handle ext4 directory corruption better
I've been using Steve Grubb's purely evil "fsfuzzer" tool, at
http://people.redhat.com/sgrubb/files/fsfuzzer-0.4.tar.gz
Basically it makes a filesystem, splats some random bits over it, then
tries to mount it and do some simple filesystem actions.
At best, the filesystem catches the corruption gracefully. At worst,
things spin out of control.
As you might guess, we found a couple places in ext4 where things spin out
of control :)
First, we had a corrupted directory that was never checked for
consistency... it was corrupt, and pointed to another bad "entry" of
length 0. The for() loop looped forever, since the length of
ext4_next_entry(de) was 0, and we kept looking at the same pointer over and
over and over and over... I modeled this check and subsequent action on
what is done for other directory types in ext4_readdir...
(adding this check adds some computational expense; I am testing a followup
patch to reduce the number of times we check and re-check these directory
entries, in all cases. Thanks for the idea, Andreas).
Next we had a root directory inode which had a corrupted size, claimed to
be > 200M on a 4M filesystem. There was only really 1 block in the
directory, but because the size was so large, readdir kept coming back for
more, spewing thousands of printk's along the way.
Per Andreas' suggestion, if we're in this read error condition and we're
trying to read an offset which is greater than i_blocks worth of bytes,
stop trying, and break out of the loop.
With these two changes fsfuzz test survives quite well on ext4.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: <linux-ext4@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Eric Sandeen [Thu, 7 Dec 2006 04:36:26 +0000 (20:36 -0800)]
[PATCH] handle ext3 directory corruption better
I've been using Steve Grubb's purely evil "fsfuzzer" tool, at
http://people.redhat.com/sgrubb/files/fsfuzzer-0.4.tar.gz
Basically it makes a filesystem, splats some random bits over it, then
tries to mount it and do some simple filesystem actions.
At best, the filesystem catches the corruption gracefully. At worst,
things spin out of control.
As you might guess, we found a couple places in ext3 where things spin out
of control :)
First, we had a corrupted directory that was never checked for
consistency... it was corrupt, and pointed to another bad "entry" of
length 0. The for() loop looped forever, since the length of
ext3_next_entry(de) was 0, and we kept looking at the same pointer over and
over and over and over... I modeled this check and subsequent action on
what is done for other directory types in ext3_readdir...
(adding this check adds some computational expense; I am testing a followup
patch to reduce the number of times we check and re-check these directory
entries, in all cases. Thanks for the idea, Andreas).
Next we had a root directory inode which had a corrupted size, claimed to
be > 200M on a 4M filesystem. There was only really 1 block in the
directory, but because the size was so large, readdir kept coming back for
more, spewing thousands of printk's along the way.
Per Andreas' suggestion, if we're in this read error condition and we're
trying to read an offset which is greater than i_blocks worth of bytes,
stop trying, and break out of the loop.
With these two changes fsfuzz test survives quite well on ext3.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: <linux-ext4@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Marcus Meissner [Thu, 7 Dec 2006 04:36:24 +0000 (20:36 -0800)]
[PATCH] binfmt_elf: randomize PIE binaries (2nd try)
Randomizes -pie compiled binaries from 64k (0x10000) up to ELF_ET_DYN_BASE.
0 -> 64k is excluded to allow NULL ptr accesses to fail.
Signed-off-by: Marcus Meissner <meissner@suse.de> Cc: Ingo Molnar <mingo@elte.hu> Cc: Dave Jones <davej@codemonkey.org.uk> Cc: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexey Dobriyan [Thu, 7 Dec 2006 04:36:20 +0000 (20:36 -0800)]
[PATCH] paride: rename pi_register() and pi_unregister()
We're about to change the semantics of pi_register()'s return value, so
rename it to something else first, so that any unconverted code reliaby
breaks.
[PATCH] spi: set kset of master class dev explicitly
<quote Imre Deak from Thu, 12 Jan 2006 21:18:54 +0200>
In order for spi_busnum_to_master to work spi master devices must be linked
into the spi_master_class.subsys.kset list. At the moment the default
class_obj_subsys.kset is used and we can't enumerate the master devices.
</quote>
Signed-off-by: Hans-Christian Egtvedt <hcegtvedt@atmel.com> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jan Engelhardt [Thu, 7 Dec 2006 04:36:14 +0000 (20:36 -0800)]
[PATCH] pull in necessary header files for cdev.h
linux/cdev.h uses struct kobject and other structs and should therefore
include them. Currently, a module either needs to add the missing includes
itself, or, in case a module includes other headers already, needs to put
<linux/cdev.h> last, which goes against a alphabetically-sorted include
list.
Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Peter Zijlstra [Thu, 7 Dec 2006 04:36:13 +0000 (20:36 -0800)]
[PATCH] lockdep: fix ide/proc interaction
rmmod/3080 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
(proc_subdir_lock){--..}, at: [<c04a33b0>] remove_proc_entry+0x40/0x191
and this task is already holding:
(ide_lock){++..}, at: [<c05651a2>] ide_unregister_subdriver+0x39/0xc8
which would create a new lock dependency:
(ide_lock){++..} -> (proc_subdir_lock){--..}
but this new dependency connects a hard-irq-safe lock:
(ide_lock){++..}
... which became hard-irq-safe at:
[<c043c458>] lock_acquire+0x4b/0x6b
[<c06129d7>] _spin_lock_irqsave+0x22/0x32
[<c0567870>] ide_intr+0x17/0x1a9
[<c044eb31>] handle_IRQ_event+0x20/0x4d
[<c044ebf2>] __do_IRQ+0x94/0xef
[<c0406771>] do_IRQ+0x9e/0xbd
to a hard-irq-unsafe lock:
(proc_subdir_lock){--..}
... which became hard-irq-unsafe at:
... [<c043c458>] lock_acquire+0x4b/0x6b
[<c06126ab>] _spin_lock+0x19/0x28
[<c04a32f2>] xlate_proc_name+0x1b/0x99
[<c04a3547>] proc_create+0x46/0xdf
[<c04a3642>] create_proc_entry+0x62/0xa5
[<c07c1972>] proc_misc_init+0x1c/0x1d2
[<c07c1844>] proc_root_init+0x4c/0xe9
[<c07ad703>] start_kernel+0x294/0x3b3
Move ide_remove_proc_entries() out from under ide_lock; there is nothing
that indicates that this is needed.
In specific, the call to ide_add_proc_entries() is unprotected, and there
is nothing else in the file using the respective ->proc fields. Also the
lock order around destroy_proc_ide_interface() suggests this.
Alan sayeth:
proc_ide_write_settings walks the setting list under ide_setting_sem, read
ditto. remove_proc_entry is doing proc side housekeeping.
Looks fine to me, although that old code is such a mess anything could be
going on.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff noted that the via driver returned an error to an unsigned int in a
a case where errors are not permitted. Move the check down earlier so we
can handle it properly. Not as pretty but it works this way and avoids
hacking up ugly stuff in the legacy ide core.
Signed-off-by: Alan Cox <alan@redhat.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
/* we cannot restart while nested */
if (th->t_refcount > 1) { <<- Path is not released in this case!
return 0;
}
pathrelse(path); <<- Path released here.
[...]
This could happen in such a situation :
In reiserfs/inode.c: reiserfs_get_block() ::
if (repeat == NO_DISK_SPACE || repeat == QUOTA_EXCEEDED) {
/* restart the transaction to give the journal a chance to free
** some blocks. releases the path, so we have to go back to
** research if we succeed on the second try
*/
SB_JOURNAL(inode->i_sb)->j_next_async_flush = 1;
failure:
[...]
reiserfs_check_path(&path); << Panics here !
Attached here is a patch which could fix the issue.
fix reiserfs/inode.c : restart_transaction() to release the path in all
cases.
The restart_transaction() doesn't release the path when the the journal
handle has a refcount > 1. This would trigger a reiserfs_panic() if we
encounter an -ENOSPC / -EDQUOT in reiserfs_get_block().
Signed-off-by: Suzuki K P <suzuki@in.ibm.com> Cc: "Vladimir V. Saveliev" <vs@namesys.com> Cc: <reiserfs-dev@namesys.com> Cc: Jeff Mahoney <jeffm@suse.com> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ralf Baechle [Thu, 7 Dec 2006 04:36:06 +0000 (20:36 -0800)]
[PATCH] Export pm_suspend for the shared APM emulation
The new shared APM emulation just like its ARM and MIPS predecessors uses
pm_suspend() which was only exported on SH. Move export to close to it's
definition where it really should be anyway.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Tejun Heo [Thu, 7 Dec 2006 04:36:01 +0000 (20:36 -0800)]
[PATCH] file: kill unnecessary timer in fdtable_defer
free_fdtable_rc() schedules timer to reschedule fddef->wq if
schedule_work() on it returns 0. However, schedule_work() guarantees that
the target work is executed at least once after the scheduling regardless
of its return value. 0 return simply means that the work was already
pending and thus no further action was required.
Another problem is that it used contant '5' as @expires argument to
mod_timer().