[MIPS] Rewrite all the assembler interrupt handlers to C.
Saves like 1,600 lines of code, is way easier to debug, compilers
frequently do a better job than the cut and paste type of handlers many
boards had. And finally having all the stuff done in a single place
also means alot of bug potencial for the MT ASE is gone.
The only surviving handler in assembler is the DECstation one; I hope
Maciej will rewrite it.
x86: don't allow tail-calls in sys_ftruncate[64]()
Gcc thinks it owns the incoming argument stack, but that's not true for
"asmlinkage" functions, and it corrupts the caller-set-up argument stack
when it pushes the third argument onto the stack. Which can result in
%ebx getting corrupted in user space.
Now, normally nobody sane would ever notice, since libc will save and
restore %ebx anyway over the system call, but it's still wrong.
I'd much rather have "asmlinkage" tell gcc directly that it doesn't own
the stack, but no such attribute exists, so we're stuck with our hacky
manual "prevent_tail_call()" macro once more (we've had the same issue
before with sys_waitpid() and sys_wait4()).
Thanks to Hans-Werner Hilse <hilse@sub.uni-goettingen.de> for reporting
the issue and testing the fix.
Merge branch 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: Fix further issues in drivers/char/drm/via_irq.c
drivers/char/drm/drm_memory.c: possible cleanups
drm: deline a few large inlines in DRM code
drm: remove master setting from add/remove context
drm: drm_pci needs dma-mapping.h
[PATCH] drm: Fix issue reported by Coverity in drivers/char/drm/via_irq.c
o Start booting into the capture kernel after an Oops if system is in a
unrecoverable state. System will boot into the capture kernel, if one is
pre-loaded by the user, and capture the kernel core dump.
o One of the following conditions should be true to trigger the booting of
capture kernel.
- panic_on_oops is set.
- pid of current thread is 0
- pid of current thread is 1
- Oops happened inside interrupt context.
The patch I submitted earlier to fix disabled LAPIC handling in ACPI
was mismerged for some reason I still don't quite understand. Parts
of it was applied to the wrong function.
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge:
powerpc: Use correct sequence for putting CPU into nap mode
[PATCH] spufs: fix context-switch decrementer code
[PATCH] powerpc32: Set cpu explicitly in kernel compiles
[PATCH] powerpc/pseries: bugfix: balance calls to pci_device_put
[PATCH] powerpc: Fix machine detection in prom_init.c
[PATCH] ppc32: Fix string comparing in platform_notify_map
[PATCH] powerpc: Avoid __initcall warnings
[PATCH] powerpc: Ensure runlatch is off in the idle loop
powerpc: Fix CHRP booting - needs a define_machine call
powerpc: iSeries has only 256 IRQs
[PATCH] cfq: Further rbtree traversal and cfq_exit_queue() race fix
In current code, we are re-reading cic->key after dead cic->key check.
So, in theory, it may really re-read *after* cfq_exit_queue() seted NULL.
To avoid race, we copy it to stack, then use it. With this change, I
guess gcc will assign cic->key to a register or stack, and it wouldn't
be re-readed.
Paul Mackerras [Tue, 18 Apr 2006 11:49:11 +0000 (21:49 +1000)]
powerpc: Use correct sequence for putting CPU into nap mode
We weren't using the recommended sequence for putting the CPU into
nap mode. When I changed the idle loop, for some reason 7447A cpus
started hanging when we put them into nap mode. Changing to the
recommended sequence fixes that.
The complexity here is that the recommended sequence is a loop that
keeps putting the cpu back into nap mode. Clearly we need some way
to break out of the loop when an interrupt (external interrupt,
decrementer, performance monitor) occurs. Here we use a bit in
the thread_info struct to indicate that we need this, and the exception
entry code notices this and arranges for the exception to return
to the value in the link register, thus breaking out of the loop.
We use a new `local_flags' field in the thread_info which we can
alter without needing to use an atomic update sequence.
The PPC970 has the same recommended sequence, so we do the same thing
there too.
This also fixes a bug in the kernel stack overflow handling code on
32-bit, since it was causing a value that we needed in a register to
get trashed.
When queue dies, we set cic->key=NULL as dead mark. So, when we
traverse a rbtree, we must check whether it's still valid key. if it
was invalidated, drop it, then restart the traversal from top.
[PATCH] IPC: access to unmapped vmalloc area in grow_ary()
grow_ary() should not copy struct ipc_id_ary (it copies new->p, not
new). Due to this, memcpy() src pointer could hit unmapped vmalloc page
when near page boundary.
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
The bug is caused by ip_route_input dereferencing skb->nh.protocol of
the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
it). It only happens if the route requested is for a multicast IP
address.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524)
I found that all of 2.4 and 2.6 have been letting mprotect give write
permission to a readonly attachment of shared memory, whether or not IPC
would give the caller that permission.
SUS says "The behaviour of this function [mprotect] is unspecified if the
mapping was not established by a call to mmap", but I don't think we can
interpret that as allowing it to subvert IPC permissions.
I haven't tried 2.2, but the 2.2.26 source looks like it gets it right; and
the patch below reproduces that behaviour - mprotect cannot be used to add
write permission to a shared memory segment attached readonly.
This patch is simple, and I'm sure it's what we should have done in 2.4.0:
if you want to go on to switch write permission on and off with mprotect,
just don't attach the segment readonly in the first place.
However, we could have accumulated apps which attach readonly (even though
they would be permitted to attach read/write), and which subsequently use
mprotect to switch write permission on and off: it's not unreasonable.
I was going to add a second ipcperms check in do_shmat, to check for
writable when readonly, and if not writable find_vma and clear VM_MAYWRITE.
But security_ipc_permission might do auditing, and it seems wrong to
report an attempt for write permission when there has been none. Or we
could flag the vma as SHM, note the shmid or shp in vm_private_data, and
then get mprotect to check.
But the patch below is a lot simpler: I'd rather stick with it, if we can
convince ourselves somehow that it'll be safe.
Mike Miller [Mon, 10 Apr 2006 22:38:07 +0000 (15:38 -0700)]
[PATCH] cciss: bug fix for crash when running hpacucli
Fix a crash when running hpacucli with multiple logical volumes on a cciss
controller. We were not properly initializing the disk->queue and causing
a fault.
Thanks to Hasso Tepper for reporting the problem. Thanks to Steve Cameron
for root causing the problem. Most of the patch just moves things around.
The fix is a one-liner.
Signed-off-by: Mike Miller <mike.miller@hp.com> Signed-off-by: Stephen Cameron <steve.cameron@hp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stephen Rothwell [Mon, 10 Apr 2006 07:17:20 +0000 (00:17 -0700)]
[PATCH] Fix block device symlink name
As noted further on the this file, some block devices have a / in their
name, so fix the "block:..." symlink name the same as the /sys/block name.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Russell King [Sat, 15 Apr 2006 19:46:11 +0000 (20:46 +0100)]
[SERIAL] Update serial driver documentation
Improve serial driver documentation:
- Remove CVS id.
- Update pointer to reference driver documentation.
- Add comments about new uart_write_console function.
- Add TIOCM_LOOP modem control bit description.
- Add commentry about enable_ms method being called multiple times.
- Add commentry about startup/shutdown method calling.
- Mention that dereferencing port->info after shutdown is invalid.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
David Brownell [Sat, 15 Apr 2006 01:05:38 +0000 (18:05 -0700)]
Fix AT91RM9200 build breakage
The at91_cf driver got out of sync with certain changes in the PCMCIA
layer, notably getting rid of some duplication of data ... causing the
version merged to kernel.org to fail compiling.
This patch gives the at91_cf platform device a new iomem resource, using
it so this new pcmcia scheme works. It also cleans up some whitepsace
bugs that have accumulated over time (mostly too-long lines).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Somehow in the midst of dotting i's and crossing t's during
the merge up to rc1 we wound up keeping __put_task_struct_cb
when it should have been killed as it no longer has any users.
Sorry I probably should have caught this while it was
still in the -mm tree.
Having the old code there gets confusing when reading
through the code and trying to understand what is
happening.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
H. Peter Anvin [Sat, 15 Apr 2006 00:25:30 +0000 (17:25 -0700)]
[efficeon-agp] Add missing memory mask
Original patch by Benjamin Herrenschmidt after debugging by Brian Hinz.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Brian Hinz <bphinz@hotmail.com> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] ip_output: account for fraggap when checking to add trailer_len
During other work I noticed that ip_append_data() seemed to be forgetting to
include the frag gap in its calculation of a fragment that consumes the rest of
the payload. Herbert confirmed that this was a bug that snuck in during a
previous rework.
Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
commit 08d099974a09faf4cb11ffc46da87073fa132fc0
Author: Linus Walleij <triad@df.lth.se>
Date: Fri Apr 14 16:03:33 2006 -0700
[IRDA]: smsc-ircc2, smcinit support for ALi ISA bridges
[SCSI] scsi_transport_sas: don't scan a non-existent end device
Any end device that can't support any of the scanning protocols
shouldn't be scanned, so set its id to -1 to prevent
scsi_scan_target() being called for it.
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
commit 3c0c25b97c7d020ef07f6366cf1d668a8e980c7c
Author: Moore, Eric <Eric.Moore@lsil.com>
Date: Thu Apr 13 16:08:17 2006 -0600
[SCSI] mptfusion - fix panic in mptsas_slave_configure
Driver panic when RAID logical volume was present when driver
loaded, or when a RAID logical volume was created on the fly.
...
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6: (78 commits)
commit e97b81ddbb8b8c72b85330ac4a454a4513dcba8a
Author: Mark M. Hoffman <mhoffman@lightlink.com>
Date: Thu Mar 23 16:50:25 2006 +0100
[PATCH] i2c-parport: Make type parameter mandatory
This patch forces the user to specify what type of adapter is present when
loading i2c-parport or i2c-parport-light. If none is specified, the driver
init simply fails - instead of assuming adapter type 0.
This alleviates the sometimes lengthy boot time delays which can be caused
by accidentally building one of these into a kernel along with several i2c
slave drivers that have lengthy probe routines (e.g. hwmon drivers).
Kconfig and documentation updated accordingly.
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
...
[PATCH] DMI: move dmi_scan.c from arch/i386 to drivers/firmware/
dmi_scan.c is arch-independent and is used by i386, x86_64, and ia64.
Currently all three arches compile it from arch/i386, which means that ia64
and x86_64 depend on things in arch/i386 that they wouldn't otherwise care
about.
This is simply "mv arch/i386/kernel/dmi_scan.c drivers/firmware/" (removing
trailing whitespace) and the associated Makefile changes. All three
architectures already set CONFIG_DMI in their top-level Kconfig files.
Zach Brown [Fri, 14 Apr 2006 23:04:18 +0000 (16:04 -0700)]
[PATCH] ip_output: account for fraggap when checking to add trailer_len
During other work I noticed that ip_append_data() seemed to be forgetting to
include the frag gap in its calculation of a fragment that consumes the rest of
the payload. Herbert confirmed that this was a bug that snuck in during a
previous rework.
Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Sam Ravnborg [Fri, 14 Apr 2006 21:54:13 +0000 (23:54 +0200)]
kbuild: fix false section mismatch warnings
Darren Jenkins <darrenrjenkins@gmail.com> pointed out a
number of false positives where we referenced variables
from a _driver variable.
Fix it by check for that pattern and ignore it.
Randy.Dunlap <rdunlap@xenotime.net> pointed out a similar
set of warnings for a number of scsi drivers.
In scsi world they misname their variables *_template or
*_sht so add these to list of variables that may have references
to .init.text with no warning.
Randy.Dunlap <rdunlap@xenotime.net> also pointed out a scsi driver
with many references to .exit.text from .rodata. This is compiler
generated references and we already ignore these for .init.text, so
ignore them for .exit.text also.
If Classical IP over ATM module is loaded, its neighbor table gets
populated when permanent neighbor entries are created; but these entries
are not flushed when the device is removed. Since the entry never gets
flushed the unregister of the network device never completes.
This version of the patch also adds locking around the reference to
the atm arp daemon to avoid races with events and daemon state changes.
(Note: barrier() was never really safe)
Bug-reference: http://bugzilla.kernel.org/show_bug.cgi?id=6295 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Adrian Bunk [Wed, 12 Apr 2006 20:57:59 +0000 (13:57 -0700)]
[IPV4]: Possible cleanups.
This patch contains the following possible cleanups:
- make the following needlessly global function static:
- arp.c: arp_rcv()
- remove the following unused EXPORT_SYMBOL's:
- devinet.c: devinet_ioctl
- fib_frontend.c: ip_rt_ioctl
- inet_hashtables.c: inet_bind_bucket_create
- inet_hashtables.c: inet_bind_hash
- tcp_input.c: sysctl_tcp_abc
- tcp_ipv4.c: sysctl_tcp_tw_reuse
- tcp_output.c: sysctl_tcp_mtu_probing
- tcp_output.c: sysctl_tcp_base_mss
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
James Bottomley [Fri, 14 Apr 2006 14:47:59 +0000 (09:47 -0500)]
[SCSI] scsi_transport_sas: don't scan a non-existent end device
Any end device that can't support any of the scanning protocols
shouldn't be scanned, so set its id to -1 to prevent
scsi_scan_target() being called for it.
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
David Brownell [Sat, 1 Apr 2006 18:21:52 +0000 (10:21 -0800)]
[PATCH] dma doc updates
This updates the DMA API documentation to address a few issues:
- The dma_map_sg() call results are used like pci_map_sg() results:
using sg_dma_address() and sg_dma_len(). That's not wholly obvious
to folk reading _only_ the "new" DMA-API.txt writeup.
- Buffers allocated by dma_alloc_coherent() may not be completely
free of coherency concerns ... some CPUs also have write buffers
that may need to be flushed.
- Cacheline coherence issues are now mentioned as being among issues
which affect dma buffers, and complicate/prevent using of static and
(especially) stack based buffers with the DMA calls.
I don't think many drivers currently need to worry about flushing write
buffers, but I did hit it with one SOC using external SDRAM for DMA
descriptors: without explicit writebuffer flushing, the on-chip DMA
controller accessed descriptors before the CPU completed the writes.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] arch/i386/pci/irq.c - new VIA chipsets (fwd)
I use 2.6.15.6 Linux kernel and found some problems. I have about 100
Linux boxes (all with the same (binary the same) kernel). Last time I have
upgraded all those boxes from 2.4.32 to 2.6.15.6 (first 2.6.15.1, next .2,
.4 and .6) and I have found some problems on VIA based PC's. Probably the
reason of this is that some VIA chipsets are unrecognized by IRQ router.
In line 586 there is: /* FIXME: add new ones for 8233/5 */
There were only a few of chipsets ID's there, some of my VIA chipsets were
not present and kernel used default IRQ router.
I have added three entries, so that the code looks like:
case PCI_DEVICE_ID_VIA_82C596:
case PCI_DEVICE_ID_VIA_82C686:
case PCI_DEVICE_ID_VIA_8231:
case PCI_DEVICE_ID_VIA_8233A:
case PCI_DEVICE_ID_VIA_8235:
case PCI_DEVICE_ID_VIA_8237:
case PCI_DEVICE_ID_VIA_8237_SATA:
/* FIXME: add new ones for 8233/5 */
r->name = "VIA";
r->get = pirq_via_get;
r->set = pirq_via_set;
return 1;
}
The kernel goes fine but I haven't testes it for weeks, I'm just a moment
after reboot :)
One thing is different (better?):
Using previus kernel I had:
PCI: Via IRQ fixup for 0000:00:0f.1, from 255 to 0
now I have:
PCI: Via IRQ fixup for 0000:00:0f.1, from 255 to 11
Maybe it is good idea to add there some more VIA chipsets?
The ones I have added seem to be OK.
From: Grzegorz Janoszka <Grzegorz@Janoszka.pl> Acked-by: Martin Mares <mj@ucw.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
projects / linux-beck.git / log