xfrm_state_afinfo_lock can be read-locked from bh context, so take it
in a bh-safe manner in xfrm_state_register_afinfo() and
xfrm_state_unregister_afinfo(). Found by the lock validator.
Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Fri, 28 Apr 2006 22:22:13 +0000 (15:22 -0700)]
[IPSEC]: Fix IP ID selection
I was looking through the xfrm input/output code in order to abstract
out the address family specific encapsulation/decapsulation code. During
that process I found this bug in the IP ID selection code in xfrm4_output.c.
At that point dst is still the xfrm_dst for the current SA which
represents an internal flow as far as the IPsec tunnel is concerned.
Since the IP ID is going to sit on the outside of the encapsulated
packet, we obviously want the external flow which is just dst->child.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Convert inet_init to an fs_initcall to make sure its called before any
device driver's initcall.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
The following one line fix is needed to make loss function of
netem work right when doing loss on the local host.
Otherwise, higher layers just recover.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[X25]: fix for spinlock recurse and spinlock lockup with timer handler
When the sk_timer function x25_heartbeat_expiry() is called by the
kernel in a running/terminating process, spinlock-recursion and
spinlock-lockup locks up the kernel. This has happened with testing
on some distro's and the patch below fixed it.
Signed-off-by: Shaun Pereira <spereira@tusc.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
The FXSAVE information leak patch introduced a bug in FP exception
handling: it clears FP exceptions only when there are already
none outstanding. Mikael Pettersson reported that causes problems
with the Erlang runtime and has tested this fix.
[PATCH] spufs: Disable local interrupts for SPE hash_page calls.
This patch disables and saves local interrupts during
hash_page processing for SPE contexts.
We have to do it explicitly in the spu_irq_class_1_bottom
function. For the interrupt handlers, we get the behaviour
implicitly by using SA_INTERRUPT to disable interrupts while
in the handler.
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
[PATCH] suspend: Documentation update for IBM Thinkpad X30
As reported in Bugzilla Bug 6406, resume from S3 results in a blank screen.
For the IBM Thinkpad X30 using vesafb as the console driver, successful resume
from S3 requires option acpi_sleep=s3_bios,s3_mode. Update documentation.
I would presume that, in any hardware, using vesafb as the console driver will
require as a minimum s3_mode.
Generate new sysfs-attribute 'uid' that contains an device specific unique
identifier. This can be used to identity multiple ALIASES of the same
physical device (PAV). In addition the sysfs-attributes 'vendor' (containing
the manufacturer of the device) and 'alias' (identify alias or base device) is
added. This is first part of PAV support in LPAR (also valid on zVM).
Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add a read_mostly section and define __read_mostly to prevent cache line
pollution due to writes for mostly read variables. In addition fix the
incorrect alignment of the cache_line_aligned data section. s390 has a
cacheline size of 256 bytes.
Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
In case of an instruction processing damage (IPD) machine check in kernel mode
the resulting action is always to stop the kernel. This is not necessarily
the best solution since a retry of the failing instruction might succeed. Add
logic to retry the instruction if no more than 30 instruction processing
damage checks occured in the last 5 minutes.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
With CONFIG_SLAB_DEBUG=y networking over qeth doesn't work. The problem is
that the qib structure embedded in the qeth_irq structure needs an alignment
of 256 but kmalloc only guarantees an alignment of 8. When using SLAB
debugging the alignment of qeth_irq is not sufficient for the embedded qib
structure which causes all users of qdio (qeth and zfcp) to stop working.
Allocate qeth_irq structure with __get_free_page. That wastes a small amount
of memory (~2500 bytes) per online adapter.
Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The dasd state machine is not designed to enable an unformatted device, since
'unformatted' is a final state. The BIODASDENABLE ioctl calls
dasd_enable_device() which never returns if the device is in this special
state. Return -EPERM in dasd_increase_state for unformatted devices to make
dasd_enable_device terminate. Note: To get such an unformatted device online
it has to be re-analyzed. This means that the device needs to be disabled
prior to re-enablement.
Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andreas Herrmann [Fri, 28 Apr 2006 01:40:09 +0000 (18:40 -0700)]
[PATCH] s390: qdio memory allocations
Avoid memory allocation with GFP_KERNEL in qdio_establish/qdio_shutdown. Use
memory pool instead. (Otherwise this can lead to an I/O stall where qdio
waits for a free page and zfcp waits for end of error recovery in low memory
situations.)
Signed-off-by: Andreas Herrmann <aherrman@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
If a signal handler has been established with the SA_ONSTACK option but no
alternate stack is provided with sigaltstack(), the kernel still tries to
install the alternate stack. Also when setting an alternate stack with
sigalstack() and the SS_DISABLE flag, the kernel tries to install the
alternate stack on signal delivery. Use the correct conditions sas_ss_flags()
to check if the alternate stack has to be used.
Signed-off-by: Laurent Meyer <meyerlau@fr.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix a race condition in the I/O termination logic. The race can cause I/O to
a dasd device to fail with no retry left after turning one channel path to the
device off and on multiple times.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
When trap happens in user space, kprobe_exceptions_notify() funtion will
skip it. This patch deletes some unnecessary code for VM_MASK judgement in
eflags.
Signed-off-by: bibo, mao <bibo.mao@intel.com> Cc: Masami Hiramatsu <hiramatu@sdl.hitachi.co.jp> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Acked-by: "Keshavamurthy, Anil S" <anil.s.keshavamurthy@intel.com> Acked-by: Prasanna S Panchamukhi <prasanna@in.ibm.com> Cc: Jim Keniston <jkenisto@us.ibm.com> Cc: Yumiko Sugita <sugita@sdl.hitachi.co.jp> Cc: Satoshi Oshima <soshima@redhat.com> Cc: Hideo Aoki <haoki@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Running abnormal VM splits causes weird problems - people can set non-standard
splits by accident, then lots of time gets wasted diagnosing it - see the long
"[stable] 2.6.16.6 breaks java... sort of" email thread.
So we need to make this option harder to set. Use CONFIG_EMBEDDED for this.
CONFIG_EMBEDDED isn't really the right thing to use, but there's nothing else
obvious and avoiding these problems is more important than Kconfig purity.
Signed-off-by: Andi Kleen <ak@suse.de> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
CPU_HOTPLUG has race conditions when we use broadcast mode IPI.
- First we introduced no_broadcast option
(see include/asm-i386/mach-default/mach_ipi.h)
- x86_64 solved it by using physical flat mode (same as bigsmp on i386)
since this will not use broadcast shortcuts for IPI.
- We switched to use bigsmp on i386 so that we can have same handling as
x86_64, but apparently this caused an error message, if kernel was
compiled without X86_GENERICARCH, X86_BIGSMP. The message "You have >8
CPUS..." which was bogus and misleading, and only indicated one of the
above ARCH wasnt selected.
So we do not switch to automatic bigsmp for HOTPLUG_CPU support in i386
until the other related config dependencies for SMP_SUSPEND etc can be done
right.
Daniel Drake [Fri, 28 Apr 2006 01:39:19 +0000 (18:39 -0700)]
[PATCH] tipar oops fix
If compiled into the kernel, parport_register_driver() is called before the
parport driver has been initalised.
This means that it is expected that tp_count is 0 after the
parport_register_driver() call() - tipar's attach function will not be
called until later during bootup.
Signed-off-by: Daniel Drake <dsd@gentoo.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
dean gaudet [Fri, 28 Apr 2006 01:39:17 +0000 (18:39 -0700)]
[PATCH] off-by-1 in kernel/power/main.c
There's an off-by-1 in kernel/power/main.c:state_store() ... if your
kernel just happens to have some non-zero data at pm_states[PM_SUSPEND_MAX]
(i.e. one past the end of the array) then it'll let you write anything you
want to /sys/power/state and in response the box will enter S5.
Signed-off-by: dean gaudet <dean@arctic.org> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Current address translation methods can produce wrong results, because
virt_to_bus and vice versa may not produce correct offsets on dma-allocated
memory. The right way is, while tracking both phys and virt address of the
window that has been allocated for boffer descriptors, and use those
numbers to compute the offset and make translation properly.
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
[PATCH] ppc32: Update board-specific code of the CPM UART users
This has the relevant updates/additions to the BSP code so that proper
platform_info struct well be passed to the CPM UART drivers. The changes
covered mpc866ads, mpc885ads and mpc8272ads.
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
[PATCH] ppc32 CPM_UART: Convert to use platform devices
This is intended to make the driver code more generic and flexible,
to get rid of board-specific layouts within driver, and generic rehaul,
yet keeping compatibility with the existing stuff utilizing it, being
compatible with legacy behavior (but with complaints that legacy mode
used).
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Andreas Schwab [Thu, 27 Apr 2006 13:46:42 +0000 (15:46 +0200)]
[PATCH] powerpc: Wire up *at syscalls
Wire up *at syscalls.
This patch has been tested on ppc64 (using glibc's testsuite, both 32bit
and 64bit), and compile-tested for ppc32 (I have currently no ppc32 system
available, but I expect no problems).
Signed-off-by: Andreas Schwab <schwab@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
This patch adds workaround for PPC 440GX erratum 440_43. According to
this erratum spurious MachineChecks (caused by L1 cache parity) can
happen during DataTLB miss processing. We disable L1 cache parity
checking for 440GX rev.C and rev.F
Signed-off-by: Eugene Surovegin <ebs@ebshome.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
David Woodhouse [Mon, 24 Apr 2006 22:22:17 +0000 (23:22 +0100)]
[PATCH] powerpc: Use check_legacy_ioport() on ppc32 too.
Some people report that we die on some Macs when we are expecting to
catch machine checks after poking at some random I/O address. I'd seen
it happen on my dual G4 with serial ports until we fixed those to use
OF, but now other users are reporting it with i8042.
This expands the use of check_legacy_ioport() to avoid that situation
even on 32-bit kernels.
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Alan Modra [Mon, 24 Apr 2006 12:41:51 +0000 (22:11 +0930)]
[PATCH] powerpc64: Fix loading of modules without a .toc section
Normally, ppc64 module .ko files contain a table-of-contents (.toc)
section, but if the module doesn't reference any static or external
data or external procedures, it is possible for gcc/binutils to
generate a .ko that doesn't have a .toc. Currently the module
loader refuses to load such a module, since it needs the address
of the .toc section to use in relocations.
This patch fixes the problem by using the address of the .stubs
section instead, which is an acceptable substitute in this situation.
Paul Mackerras [Fri, 28 Apr 2006 06:28:35 +0000 (16:28 +1000)]
powerpc/pseries: Tell firmware our capabilities on new machines
This adds code to call a new firmware method to tell the firmware
what machines and capabilities (such as VMX/Altivec) we support.
This will be needed on POWER5+ and POWER6 machines, and it has no
effect on past and current machines.
David Gibson [Fri, 28 Apr 2006 05:02:51 +0000 (15:02 +1000)]
[PATCH] powerpc: Fix pagetable bloat for hugepages
At present, ARCH=powerpc kernels can waste considerable space in
pagetables when making large hugepage mappings. Hugepage PTEs go in
PMD pages, but each PMD page maps 256M and so contains only 16
hugepage PTEs (128 bytes of data), but takes up a 1024 byte
allocation. With CONFIG_PPC_64K_PAGES enabled (64k base page size),
the situation is worse. Now hugepage PTEs are at the PTE page level
(also mapping 256M), so we store 16 hugepage PTEs in a 64k allocation.
The PowerPC MMU already means that any 256M region is either all
hugepage, or all normal pages. Thus, with some care, we can use a
different allocation for the hugepage PTE tables and only allocate the
128 bytes necessary.
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] update sn2 defconfig
[IA64] Add mca recovery failure messages
[IA64-SGI] fix SGI Altix tioce_reserve_m32() bug
[IA64] enable dumps to capture second page of kernel stack
[IA64-SGI] - Reduce overhead of reading sn_topology
[IA64-SGI] - Fix discover of nearest cpu node to IO node
[IA64] IOC4 config option ordering
[IA64] Setup an IA64 specific reclaim distance
[IA64] eliminate compile time warnings
[IA64] eliminate compile time warnings
[IA64-SGI] SN SAL call to inject memory errors
[IA64] - Fix MAX_PXM_DOMAINS for systems with > 256 nodes
[IA64] Remove unused variable in sn_sal.h
[IA64] Remove redundant NULL checks before kfree
[IA64] wire up compat_sys_adjtimex()
Russ Anderson [Thu, 27 Apr 2006 15:07:08 +0000 (10:07 -0500)]
[IA64] Add mca recovery failure messages
When the mca recovery code encounters a condition that makes
the MCA non-recoverable, print the reason it could not recover.
This will make it easier to identify why the recovery code did
not recover.
Signed-off-by: Russ Anderson <rja@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Mike Habeck [Wed, 26 Apr 2006 17:05:50 +0000 (12:05 -0500)]
[IA64-SGI] fix SGI Altix tioce_reserve_m32() bug
The following patch fixes a bug in the SGI Altix tioce_reserve_m32()
code. The bug was that we could walking past the end of the CE ASIC
32/40bit PMU ATE Buffer, resulting in a PIO Reply Error.
Signed-off-by: Mike Habeck <habeck@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
[IA64] enable dumps to capture second page of kernel stack
In SLES10 (2.6.16) crash dumping (in my experience, LKCD) is unable to
capture the second page of the 2-page task/stack allocation.
This is particularly troublesome for dump analysis, as the stack traceback
cannot be done.
(A similar convention is probably needed throughout the kernel to make
kernel multi-page allocations detectable for dumping)
Multi-page kernel allocations are represented by the single page structure
associated with the first page of the allocation. The page structures
associated with the other pages are unintialized.
If the dumper is selecting only kernel pages it has no way to identify
any but the first page of the allocation.
The fix is to make the task/stack allocation a compound page.
Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Jack Steiner [Sat, 22 Apr 2006 14:37:19 +0000 (09:37 -0500)]
[IA64-SGI] - Reduce overhead of reading sn_topology
MPI programs using certain debug options have a long
startup time. This was traced to a "vmalloc/vfree" in
the code that reads /proc/sgi_sn/sn_topology. On large
systems, vfree requires an IPI to all cpus to do TLB
purging.
Replace the vmalloc/vfree with kmalloc/kfree. Although
the size of the structure being allocated is unknown, it
will not not exceed 96 bytes.
Signed-off-by: Jack Steiner <steiner@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6:
[PATCH] PCI quirk: VIA IRQ fixup should only run for VIA southbridges
[PATCH] PCI: fix potential resource leak in drivers/pci/msi.c
[PATCH] PCI: Documentation: no more device ids
[PATCH] PCI: fix via irq SATA patch
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
[PATCH] USB: ftdi_sio: add support for ASK RDR 400 series card reader
[PATCH] USB: ftdi_sio: Adds support for iPlus device.
[PATCH] USB: ftdi_sio vendor code for RR-CirKits LocoBuffer USB
[PATCH] USB: Use new PCI_CLASS_SERIAL_USB_* defines
[PATCH] USB: net2280: set driver data before it is used
[PATCH] USB: net2280: check for shared IRQs
[PATCH] USB: net2280: send 0-length packets for ep0
[PATCH] USB: net2280: Handle STALLs for 0-length control-IN requests
[PATCH] USB: storage: atmel unusual dev update
[PATCH] USB: Storage: unusual devs update
[PATCH] USB: add new iTegno usb CDMA 1x card support for pl2303
[PATCH] USB: Resource leak fix for whiteheat driver
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6:
[PATCH] Added URI of "linux kernel development process"
[PATCH] Kobject: possible cleanups
[PATCH] Fix OCFS2 warning when DEBUG_FS is not enabled
[PATCH] Kobject: fix build error
[PATCH] Frame buffer: remove cmap sysfs interface
Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block:
[PATCH] splice: make the read-side do batched page lookups
[PATCH] Add find_get_pages_contig(): contiguous variant of find_get_pages()
[PATCH] splice: switch to using page_cache_readahead()
Adrian Bunk [Sat, 22 Apr 2006 10:14:44 +0000 (12:14 +0200)]
[PATCH] Kobject: possible cleanups
This patch contains the following possible cleanups:
- #if 0 the following unused global function:
- subsys_remove_file()
- remove the following unused EXPORT_SYMBOL's:
- kset_find_obj
- subsystem_init
- remove the following unused EXPORT_SYMBOL_GPL:
- kobject_add_dir
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean Delvare [Wed, 19 Apr 2006 04:30:22 +0000 (21:30 -0700)]
[PATCH] Fix OCFS2 warning when DEBUG_FS is not enabled
Fix the following warning which happens when OCFS2_FS is enabled but
DEBUG_FS isn't:
fs/ocfs2/dlmglue.c: In function `ocfs2_dlm_init_debug':
fs/ocfs2/dlmglue.c:2036: warning: passing arg 5 of `debugfs_create_file' discards qualifiers from pointer target type
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Joel Becker <Joel.Becker@oracle.com> Acked-by: Mark Fasheh <mark.fasheh@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chris Wedgwood [Wed, 19 Apr 2006 06:57:09 +0000 (23:57 -0700)]
[PATCH] PCI quirk: VIA IRQ fixup should only run for VIA southbridges
Alan Cox pointed out that the VIA 'IRQ fixup' was erroneously running
on my system which has no VIA southbridge (but I do have a VIA IEEE
1394 device).
This should address that. I also changed "Via IRQ" to "VIA IRQ"
(initially I read Via as a capitalized via (by way/means of).
Signed-off-by: Chris Wedgwood <cw@f00f.org> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] PCI: fix potential resource leak in drivers/pci/msi.c
The coverity checker spotted (as entry #599) that we might leak `entry' in
drivers/pci/msi.c::msix_capability_init()
This patch should take care of that.
[PATCH] x86/PAE: Fix pte_clear for the >4GB RAM case
Proposed fix for ptep_get_and_clear_full PAE bug. Pte_clear had the same bug,
so use the same fix for both. Turns out pmd_clear had it as well, but pgds
are not affected.
The problem is rather intricate. Page table entries in PAE mode are 64-bits
wide, but the only atomic 8-byte write operation available in 32-bit mode is
cmpxchg8b, which is expensive (at least on P4), and thus avoided. But it can
happen that the processor may prefetch entries into the TLB in the middle of an
operation which clears a page table entry. So one must always clear the P-bit
in the low word of the page table entry first when clearing it.
Since the sequence *ptep = __pte(0) leaves the order of the write dependent on
the compiler, it must be coded explicitly as a clear of the low word followed
by a clear of the high word. Further, there must be a write memory barrier
here to enforce proper ordering by the compiler (and, in the future, by the
processor as well).
On > 4GB memory machines, the implementation of pte_clear for PAE was clearly
deficient, as it could leave virtual mappings of physical memory above 4GB
aliased to memory below 4GB in the TLB. The implementation of
ptep_get_and_clear_full has a similar bug, although not nearly as likely to
occur, since the mappings being cleared are in the process of being destroyed,
and should never be dereferenced again.
But, as luck would have it, it is possible to trigger bugs even without ever
dereferencing these bogus TLB mappings, even if the clear is followed fairly
soon after with a TLB flush or invalidation. The problem is that memory above
4GB may now be aliased into the first 4GB of memory, and in fact, may hit a
region of memory with non-memory semantics. These regions include AGP and PCI
space. As such, these memory regions are not cached by the processor. This
introduces the bug.
The processor can speculate memory operations, including memory writes, as long
as they are committed with the proper ordering. Speculating a memory write to
a linear address that has a bogus TLB mapping is possible. Normally, the
speculation is harmless. But for cached memory, it does leave the falsely
speculated cacheline unmodified, but in a dirty state. This cache line will be
eventually written back. If this cacheline happens to intersect a region of
memory that is not protected by the cache coherency protocol, it can corrupt
data in I/O memory, which is generally a very bad thing to do, and can cause
total system failure or just plain undefined behavior.
These bugs are extremely unlikely, but the severity is of such magnitude, and
the fix so simple that I think fixing them immediately is justified. Also,
they are nearly impossible to debug.
Ian Abbott [Wed, 12 Apr 2006 14:20:35 +0000 (15:20 +0100)]
[PATCH] USB: ftdi_sio: add support for ASK RDR 400 series card reader
This patch adds support for an ASK RDR 400 series contactless card
reader <http://www.ask.fr/uk/products_and_services/terminals.html> to
the ftdi_sio driver's device ID table. The product ID was supplied by
Adriano Couto on the ftdi-usb-sio-devel list.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean Delvare [Sun, 9 Apr 2006 18:07:35 +0000 (20:07 +0200)]
[PATCH] USB: Use new PCI_CLASS_SERIAL_USB_* defines
We could use the recently added PCI_CLASS_SERIAL_USB_UHCI,
PCI_CLASS_SERIAL_USB_OHCI and PCI_CLASS_SERIAL_USB_EHCI defines in
more places, for slightly shorter and clearer code.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Fri, 14 Apr 2006 20:46:28 +0000 (16:46 -0400)]
[PATCH] USB: net2280: set driver data before it is used
This patch (as671) fixes a bug in the error pathway for the net2280
probe routine. A failure during probe will cause the driver to call
pci_get_drvdata before the corresponding pci_set_drvdata has been set.
The patch also does a kzalloc conversion.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Fri, 14 Apr 2006 20:40:00 +0000 (16:40 -0400)]
[PATCH] USB: net2280: Handle STALLs for 0-length control-IN requests
This patch (as668) fixes a typo in net2280. The handler for 0-length
control-IN requests should check that the endpoint _isn't_ halted before
sending a 0-length packet.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Phil Dibowitz [Mon, 17 Apr 2006 02:18:36 +0000 (19:18 -0700)]
[PATCH] USB: Storage: unusual devs update
This patch removes the Protocol portion of the Iomega Click! device as it's not
needed. Not-needed message reported by Kenneth Crudup <kenny@panix.com>
Signed-off-by: Phil Dibowitz <phil@ipom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[MIPS] Fix branch emulation for floating-point exceptions.
In the branch emulation for floating-point exceptions, __compute_return_epc
must determine for bc1f et al which condition code bit to test. This is
based on bits <4:2> of the rt field. The switch statement to distinguish
bc1f et al needs to use only the two low bits of rt, but the old code tests
on the whole rt field. This patch masks off the proper bits.
This commit breaks sparse for 64bit kernel. The -m64 option is
required. Also, some macro values (such as _MIPS_TUNE, etc.) contain
double-quote characters so it would be better quoting arguments by
single-quote characters.
[MIPS] Use __ffs() instead of ffs() in ip32_irq0().
With recent rewrite for generic bitops, ffs() is defined the same way
as the libc and compiler built-in routines (returns int instead of
unsigned long). Use __ffs() for 64bit value.
With recent rewrite for generic bitops, fls() for 32bit kernel with
MIPS64_CPU is broken. Also, ffs(), fls() should be defined the same
way as the libc and compiler built-in routines (returns int instead of
unsigned long).
[PATCH] splice: make the read-side do batched page lookups
Use the new find_get_pages_contig() to potentially look up the entire
splice range in one single call. This speeds up generic_file_splice_read()
quite a bit.