]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
16 years agoUSB: add URB_FREE_BUFFER to permissible flags
Oliver Neukum [Thu, 25 Oct 2007 20:14:04 +0000 (13:14 -0700)]
USB: add URB_FREE_BUFFER to permissible flags

patch 0b28baaf74ca04be2e0cc4d4dd2bbc801697f744 in mainline.

URB_FREE_BUFFER needs to be allowed in the sanity checks to use drivers that
use that flag.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: mutual exclusion for EHCI init and port resets
Alan Stern [Fri, 12 Oct 2007 22:19:14 +0000 (15:19 -0700)]
USB: mutual exclusion for EHCI init and port resets

patch 32fe01985aa2cb2562f6fc171e526e279abe10db in mainline.

This patch (as999) fixes a problem that sometimes shows up when host
controller driver modules are loaded in the wrong order.  If ehci-hcd
happens to initialize an EHCI controller while the companion OHCI or
UHCI controller is in the middle of a port reset, the reset can fail
and the companion may get very confused.  The patch adds an
rw-semaphore and uses it to keep EHCI initialization and port resets
mutually exclusive.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: David Brownell <david-b@pacbell.net>
Cc: David Miller <davem@davemloft.net>
Cc: Dely L Sy <dely.l.sy@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agousb-gadget-ether: prevent oops caused by error interrupt race
Benedikt Spranger [Fri, 12 Oct 2007 22:18:59 +0000 (15:18 -0700)]
usb-gadget-ether: prevent oops caused by error interrupt race

patch 5395353e0c8272fe73ac914acd7e4add0da2bef0 in mainline.

Fix a longstanding race in the Ethernet gadget driver, which can cause an
oops on device disconnect.  The fix is just to make the TX path check
whether its freelist is empty.  That check is otherwise not necessary,
since the queue is always stopped when that list empties (and restarted
when request completion puts an entry back on that freelist).

The race window starts when the network code decides to transmit a packet,
and ends when hard_start_xmit() grabs the freelist lock.  When disconnect()
is called inside that window, it shuts down the TX queue and breaks the
otherwise-solid assumption that packets are never sent through a TX queue
that's stopped.

Signed-off-by: Benedikt Spranger <bene@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: remove USB_QUIRK_NO_AUTOSUSPEND
Alan Stern [Fri, 12 Oct 2007 22:18:49 +0000 (15:18 -0700)]
USB: remove USB_QUIRK_NO_AUTOSUSPEND

patch a691efa9888e71232dfb4088fb8a8304ffc7b0f9 in mainline.

This patch (as995) cleans up the remains of the former NO_AUTOSUSPEND
quirk.  Since autosuspend is disabled by default, we will let
userspace worry about which devices can safely be suspended.  Thus the
lengthy series of quirk entries is no longer needed, and neither is
the quirk ID.  I suppose someone might eventually run across a hub
that can't be suspended; let's ignore the possibility for now.

The patch also cleans up the hasty way in which autosuspend gets
disabled.  Setting udev->autosuspend_delay to -1 wasn't quite right,
because the value is always supposed to be a multiple of HZ.  It's
better to leave the delay value alone and set autosuspend_disabled,
which is what the quirk routine used to do.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoMSI: Use correct data offset for 32-bit MSI in read_msi_msg()
Roland Dreier [Fri, 12 Oct 2007 22:16:16 +0000 (15:16 -0700)]
MSI: Use correct data offset for 32-bit MSI in read_msi_msg()

patch cbf5d9e6b9bcf03291cbb51db144b3e2773a8a2d in mainline.

While reading the MSI code trying to find a reason why MSI wouldn't
work for devices that have a 32-bit MSI address capability, I noticed
that read_msi_msg() seems to read the message data from the wrong
offset in this case.

Signed-off-by: Roland Dreier <roland@digitalvampire.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomd: raid5: fix clearing of biofill operations
Dan Williams [Tue, 23 Oct 2007 03:45:11 +0000 (20:45 -0700)]
md: raid5: fix clearing of biofill operations

raid5: fix clearing of biofill operations

This is the correct merge of the two upstream patches for this issue (it
was mis-merged...)

ops_complete_biofill() runs outside of spin_lock(&sh->lock) and clears the
'pending' and 'ack' bits.  Since the test_and_ack_op() macro only checks
against 'complete' it can get an inconsistent snapshot of pending work.

Move the clearing of these bits to handle_stripe5(), under the lock.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Tested-by: Joel Bertrand <joel.bertrand@systella.fr>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomd: fix an unsigned compare to allow creation of bitmaps with v1.0 metadata
NeilBrown [Tue, 23 Oct 2007 03:45:11 +0000 (20:45 -0700)]
md: fix an unsigned compare to allow creation of bitmaps with v1.0 metadata

patch 85bfb4da8cad483a4e550ec89060d05a4daf895b in mainline.

As page->index is unsigned, this all becomes an unsigned comparison, which
 almost always returns an error.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agodm: fix thaw_bdev
Jun'ichi Nomura [Fri, 12 Oct 2007 17:15:25 +0000 (18:15 +0100)]
dm: fix thaw_bdev

patch ae9da83f6d800fe1f3b23bfbc8f7222ad1c5bb74 in mainline.

This patch fixes a bd_mount_sem counter corruption bug in device-mapper.

thaw_bdev() should be called only when freeze_bdev() was called for the
device.
Otherwise, thaw_bdev() will up bd_mount_sem and corrupt the semaphore counter.
struct block_device with the corrupted semaphore may remain in slab cache
and be reused later.

Attached patch will fix it by calling unlock_fs() instead.
unlock_fs() will determine whether it should call thaw_bdev()
by checking the device is frozen or not.

Easy reproducer is:
  #!/bin/sh
  while [ 1 ]; do
     dmsetup --notable create a
     dmsetup --nolockfs suspend a
     dmsetup remove a
  done

It's not easy to see the effect of corrupted semaphore.
So I have tested with putting printk below in bdev_alloc_inode():
        if (atomic_read(&ei->bdev.bd_mount_sem.count) != 1)
                printk(KERN_DEBUG "Incorrect semaphore count = %d (%p)\n",
                        atomic_read(&ei->bdev.bd_mount_sem.count),
                        &ei->bdev);

Without the patch, I saw something like:
 Incorrect semaphore count = 17 (f2ab91c0)

With the patch, the message didn't appear.

The bug was introduced in 2.6.16 with this bug fix:

commit d9dde59ba03095e526640988c0fedd75e93bc8b7
Date:   Fri Feb 24 13:04:24 2006 -0800

    [PATCH] dm: missing bdput/thaw_bdev at removal

    Need to unfreeze and release bdev otherwise the bdev inode with
    inconsistent state is reused later and cause problem.

and backported to 2.6.15.5.

It occurs only in free_dev(), which is called only when the dm device is
removed.  The buggy code is executed only if md->suspended_bdev is
non-NULL and that can happen only when the device was suspended without
noflush.

Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agodm delay: fix status
Milan Broz [Fri, 12 Oct 2007 17:14:55 +0000 (18:14 +0100)]
dm delay: fix status

patch 79662d1ea37392651f2cff08626cab6a40ba3adc in mainline.

Fix missing space in dm-delay target status output
if separate read and write delay are configured.

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolibata: sync NCQ blacklist with upstream
Tejun Heo [Thu, 11 Oct 2007 01:55:15 +0000 (10:55 +0900)]
libata: sync NCQ blacklist with upstream

Synchronize NCQ blacklist with the current upstream.  Based on changes
already in Linus's 2.6.24-rc kernel tree.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoALSA: hdsp - Fix zero division
Takashi Iwai [Tue, 16 Oct 2007 12:26:32 +0000 (14:26 +0200)]
ALSA: hdsp - Fix zero division

patch 2a3988f6d2c5be9d02463097775d1c66a8290527 in mainline.

Fix zero-division bug in the calculation dds offset.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Cc: Maarten Bressers <mbressers@gmail.com>
Cc: gentoo kernel <kernel@gentoo.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoALSA: emu10k1 - Fix memory corruption
Takashi Iwai [Wed, 10 Oct 2007 13:18:45 +0000 (15:18 +0200)]
ALSA: emu10k1 - Fix memory corruption

patch 7583cb51a1e276591f57a2fae05489c878f8ef54 from mainline.

[ALSA] emu10k1 - Fix memory corruption

The number of mixer elements for SPDIF control don't match with the
actual array size (3).  This may result in a memory corruption that
overwrites the i2c_capture_source field (ALSA bug#3095).

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoALSA: Fix build error without CONFIG_HAS_DMA
Takashi Iwai [Wed, 10 Oct 2007 13:17:17 +0000 (15:17 +0200)]
ALSA: Fix build error without CONFIG_HAS_DMA

patch 8f11551b1798170dcffdd28475075ca4f1c6c990 in mainline

[ALSA] Fix build error without CONFIG_HAS_DMA

The recent change of include/asm-generic/dma-mapping-broken.h breaks
the build without CONFIG_HAS_DMA.  This patch is an ad hoc fix.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoALSA: fix selector unit bug affecting some USB speakerphones
Russ Cox [Wed, 10 Oct 2007 13:15:12 +0000 (15:15 +0200)]
ALSA: fix selector unit bug affecting some USB speakerphones

patch 38977e96cb32e658716e11a05ec7f1fc4618e0f3 in mainline.

[ALSA] fix selector unit bug affecting some USB speakerphones

Following the suggestion in this thread:
https://bugs.launchpad.net/ubuntu/+source/alsa-lib/+bug/26683
the correct upper bound on desc[0] is 5 + num_ins not 6 + num_ins,
because the index used later is 5+i, not 6+i.
This change makes my Vosky Chatterbox speakerphone work.
Apparently it also helps with the Minivox MV100.

Signed-off-by: Russ Cox <rsc@swtch.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoALSA: hda-codec - Avoid zero NID in line_out_pins[] of STAC codecs
Takashi Iwai [Wed, 10 Oct 2007 13:13:07 +0000 (15:13 +0200)]
ALSA: hda-codec - Avoid zero NID in line_out_pins[] of STAC codecs

patch c480f79bdca58923e605ff5e4698cfe1779bae70 in mainline

[ALSA] hda-codec - Avoid zero NID in line_out_pins[] of STAC codecs

The STAC codes adds line_out_pins[] for shared mic/line-inputs accordingly.
But, the current code may give a hole with NID=0 in some setting, which
results in an error at probe.  This patch fixes the problem.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIB/mthca: Use mmiowb() to avoid firmware commands getting jumbled up
Roland Dreier [Fri, 12 Oct 2007 21:47:25 +0000 (14:47 -0700)]
IB/mthca: Use mmiowb() to avoid firmware commands getting jumbled up

Upstream as 76d7cc0345a037e8eea426f8abc710abd22946dd

Firmware commands are sent to the HCA by writing multiple words to a
command register block.  Access to this block of registers is
serialized with a mutex.  However, on large SGI systems, problems were
seen with multiple CPUs issuing FW commands at the same time, because
the writes to the register block may be reordered within the system
interconnect and reach the HCA in a different order than they were
issued (even with the mutex).  Fix this by adding an mmiowb() before
dropping the mutex.

Tested-by: Arthur Kepner <akepner@sgi.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIB/uverbs: Fix checking of userspace object ownership
Roland Dreier [Sun, 28 Oct 2007 17:14:32 +0000 (10:14 -0700)]
IB/uverbs: Fix checking of userspace object ownership

Upstream as cbfb50e6e2e9c580848c0f51d37c24cdfb1cb704

Commit 9ead190b ("IB/uverbs: Don't serialize with ib_uverbs_idr_mutex")
rewrote how userspace objects are looked up in the uverbs module's
idrs, and introduced a severe bug in the process: there is no checking
that an operation is being performed by the right process any more.
Fix this by adding the missing check of uobj->context in __idr_get_uobj().

Apparently everyone is being very careful to only touch their own
objects, because this bug was introduced in June 2006 in 2.6.18, and
has gone undetected until now.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohwmon/lm87: Disable VID when it should be
Jean Delvare [Mon, 15 Oct 2007 12:02:36 +0000 (14:02 +0200)]
hwmon/lm87: Disable VID when it should be

Already in Linus' tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=889af3d5d9586db795a06c619e416b4baee11da8

A stupid bit shifting bug caused the VID value to be always exported
even when the hardware is configured for something different.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohwmon/lm87: Fix a division by zero
Jean Delvare [Mon, 15 Oct 2007 11:49:50 +0000 (13:49 +0200)]
hwmon/lm87: Fix a division by zero

Already in Linus' tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b965d4b7f614522170af6a7e450be0333792ccd2

Missing parentheses in the definition of FAN_FROM_REG cause a
division by zero for a specific register value.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Hans de Goede <j.w.r.degoede@hhs.nl>
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohwmon/w83627hf: Don't assume bank 0
Jean Delvare [Mon, 15 Oct 2007 13:02:42 +0000 (15:02 +0200)]
hwmon/w83627hf: Don't assume bank 0

Already in Linus' tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d58df9cd788e6fb4962e1c8d5ba7b8b95d639a44

The bank switching code assumes that the bank selector is set to 0
when the driver is loaded. This might not be the case. This is exactly
the same bug as was fixed in the w83627ehf driver two months ago:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0956895aa6f8dc6a33210967252fd7787652537d

In practice, this bug was causing the sensor thermal types to be
improperly reported for my W83627THF the first time I was loading the
w83627hf driver. From the driver history, I'd say that it has been
broken since September 2005 (when we stopped resetting the chip by
default at driver load.)

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohwmon/w83627hf: Fix setting fan min right after driver load
Jean Delvare [Mon, 15 Oct 2007 12:32:27 +0000 (14:32 +0200)]
hwmon/w83627hf: Fix setting fan min right after driver load

Already in Linus' tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c09c5184a26158da32801e89d5849d774605f0dd

We need to read the fan clock dividers at initialization time,
otherwise the code in store_fan_min() may use uninitialized values.
That's pretty much the same bug and same fix as for the w83627ehf
driver last month.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoi915: fix vbl swap allocation size.
Dave Airlie [Tue, 16 Oct 2007 00:05:49 +0000 (01:05 +0100)]
i915: fix vbl swap allocation size.

This is upstream as 54583bf4efda79388fc13163e35c016c8bc5de81

Oops...

Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPOWERPC: Fix platinumfb framebuffer
Benjamin Herrenschmidt [Wed, 19 Sep 2007 04:50:22 +0000 (14:50 +1000)]
POWERPC: Fix platinumfb framebuffer

Patch 4c2a54b09ba35a409afc34bd331a57a994921664 in mailine.

Current kernels have a non-working platinumfb due to some resource
management issues.  This fixes it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.23.5 v2.6.23.5
Greg Kroah-Hartman [Fri, 16 Nov 2007 17:27:48 +0000 (09:27 -0800)]
Linux 2.6.23.5

16 years agozd1211rw, fix oops when ejecting install media
Marc Pignat [Fri, 26 Oct 2007 21:04:39 +0000 (17:04 -0400)]
zd1211rw, fix oops when ejecting install media

patch e0579d576cb894a4cf3c5af04fbf38e8c1281738 in mainline.

The disconnect function can dereference the net_device structure when it
is never allocated. This is the case when ejecting the device installer.

Signed-off-by: Marc Pignat <marc.pignat@hevs.ch>
Acked-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agortl8187: Fix more frag bit checking, rts duration calc
Michael Wu [Fri, 26 Oct 2007 21:04:38 +0000 (17:04 -0400)]
rtl8187: Fix more frag bit checking, rts duration calc

patch 98798f4875b7149db4eb7d0a126fc6dcd9637821 in mainline.

The wrong pointer is passed to ieee80211_get_morefrag. Fix this.

While we're at it, reorder things so they look better and the rts duration
calculation is done with the right length.

Thanks to Christoph Hellwig for finding the ieee80211_get_morefrag issue.

Signed-off-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoipw2100: send WEXT scan events
Dan Williams [Fri, 26 Oct 2007 21:04:37 +0000 (17:04 -0400)]
ipw2100: send WEXT scan events

patch d20c678a450a25c1c12925f60c1b4cc040acc17d in mainline

ipw2100 wasn't sending WEXT scan events at all on scan completion.  And
like ipw2200, the driver aggressively auto-scans, requiring
non-user-requested scan events to be batched together and sent at
specific intervals instead of many times per seconds.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agozd1201: avoid null ptr access of skb->dev
John W. Linville [Fri, 26 Oct 2007 21:04:36 +0000 (17:04 -0400)]
zd1201: avoid null ptr access of skb->dev

patch 3ba72b25211217de195e3f528dd36132b38a205b in mainline.

skb->dev is not set until eth_type_trans is called...

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosky2: fix power settings on Yukon XL
Stephen Hemminger [Tue, 6 Nov 2007 22:12:33 +0000 (14:12 -0800)]
sky2: fix power settings on Yukon XL

patch ff35164e72648e0bf0b10ec4410c195e8607e88b in mainline.

Make sure PCI register for PHY power gets set correctly.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosky2: ethtool register reserved area blackout
Stephen Hemminger [Tue, 6 Nov 2007 22:12:32 +0000 (14:12 -0800)]
sky2: ethtool register reserved area blackout

patch 295b54c4902c52cd00d7c837d50a86e39e26caec in mainline.

Make sure and not dump reserved areas of device space.
Touching some of these causes machine check exceptions on boards
like D-Link DGE-550SX.

Coding note, used a complex switch statement rather than bitmap
because it is easier to relate the block values to the documentation
rather than looking at a encoded bitmask.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosky2: status ring race fix
Stephen Hemminger [Tue, 6 Nov 2007 22:12:34 +0000 (14:12 -0800)]
sky2: status ring race fix

patch ab5adecb2d02f3688719dfb5936a82833fcc3955 in mainline.

The D-Link PCI-X board (and maybe others) can lie about status
ring entries. It seems it will update the register for last status
index before completing the DMA for the ring entry. To avoid reading
stale data, zap the old entry and check.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoskge: XM PHY handling fixes
Stephen Hemminger [Tue, 6 Nov 2007 22:12:30 +0000 (14:12 -0800)]
skge: XM PHY handling fixes

patch 501fb72d052d2a302b423bef7dec98d9d98c8a36 in mainline.

Change how PHY is managed on SysKonnect fibre based boards.
Poll for PHY coming up 1 per second, but use interrupt to detect loss.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix L2TP oopses.
James Chapman [Tue, 13 Nov 2007 08:01:00 +0000 (00:01 -0800)]
Fix L2TP oopses.

changeset 91781004b9c029ee55b7aa9ef950a373ba865dc6 in mainline.

[PPP]: L2TP: Fix oops in transmit and receive paths

Changes made on 18-sep to fix skb handling in the pppol2tp driver
broke the transmit and receive paths. Users are only running into this
now because distros are now using 2.6.23 and I must have messed up
when I tested the change.

For receive, we now do our own calculation of how much to pull from
the skb (variable length L2TP header) rather than using
skb_transport_offset(). Also, if the skb isn't a data packet, it must
be passed back to UDP with skb->data pointing to the UDP header.

For transmit, make sure skb->sk is set up because ip_queue_xmit()
needs it.

Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoTG3: Fix performance regression on 5705.
Michael Chan [Mon, 15 Oct 2007 09:12:26 +0000 (02:12 -0700)]
TG3: Fix performance regression on 5705.

patch 114342f2d38439cb1a54f1f724fa38729b093c48 in mainline.

A performance regression was introduced by the following commit:

    commit ee6a99b539a50b4e9398938a0a6d37f8bf911550
    Author: Michael Chan <mchan@broadcom.com>
    Date:   Wed Jul 18 21:49:10 2007 -0700

    [TG3]: Fix msi issue with kexec/kdump.

In making that change, the PCI latency timer and cache line size
registers were not restored after chip reset.  On the 5705, the
latency timer gets reset to 0 during chip reset and this causes
very poor performance.

Update version to 3.81.1

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoforcedeth: add MCP77 device IDs
Ayaz Abdulla [Thu, 25 Oct 2007 07:36:42 +0000 (03:36 -0400)]
forcedeth: add MCP77 device IDs

patch 96fd4cd3e40e240f0c385af87f58e74da8b7099a in mainline.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoforcedeth msi bugfix
Manfred Spraul [Wed, 17 Oct 2007 19:52:33 +0000 (21:52 +0200)]
forcedeth msi bugfix

patch a7475906bc496456ded9e4b062f94067fb93057a in mainline.

pci_enable_msi() replaces the INTx irq number in pci_dev->irq with the
new MSI irq number.
The forcedeth driver did not update the copy in netdevice->irq and
parts of the driver used the stale copy.
See bugzilla.kernel.org, bug 9047.

The patch
- updates netdevice->irq
- replaces all accesses to netdevice->irq with pci_dev->irq.

The patch is against 2.6.23.1. IMHO suitable for both 2.6.23 and 2.6.24

Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoehea: 64K page kernel support fix
Jan-Bernd Themann [Tue, 16 Oct 2007 13:45:23 +0000 (15:45 +0200)]
ehea: 64K page kernel support fix

based on 2c69448bbcedebeb8409ddb05fbc7d3fe1cfbda7 in mainline.

The current eHEA module compiled for 64K page kernels can not
be loaded with insmod due to bad hypervisor call parameters.
The patch is a subset of the follwing patch which has been applied
for 2.6.24 upstream:

http://www.spinics.net/lists/netdev/msg42814.html

Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolibertas: fix endianness breakage
Al Viro [Wed, 10 Oct 2007 02:46:36 +0000 (22:46 -0400)]
libertas: fix endianness breakage

patch 5707708111ca6c4e9a1160acffdc98a98d95e462 in mainline.

wep->keytype[] is u8

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolibertas: more endianness breakage
Al Viro [Wed, 10 Oct 2007 02:46:37 +0000 (22:46 -0400)]
libertas: more endianness breakage

based on patch 8362cd413e8116306fafbaf414f0419db0595142 in mainline.

domain->header.len is le16 and has just been assigned
cpu_to_le16(arithmetical expression).  And all fields of adapter->logmsg
are __le32; not a single 16-bit among them...
That's incremental to the previous one

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.23.4 v2.6.23.4
Greg Kroah-Hartman [Fri, 16 Nov 2007 16:36:42 +0000 (08:36 -0800)]
Linux 2.6.23.4

16 years agomac80211: make ieee802_11_parse_elems return void
John W. Linville [Fri, 26 Oct 2007 21:04:35 +0000 (17:04 -0400)]
mac80211: make ieee802_11_parse_elems return void

patch 67a4cce4a89718d252b61aaf58882c69c0e2f6e3 in mainline.

Some APs send management frames with junk padding after the last IE.
We already account for a similar problem with some Apple Airport
devices, but at least one device is known to send more than a single
extra byte.  The device in question is the Draytek Vigor2900:

http://www.draytek.com.au/products/Vigor2900.php

The junk in question looks like an IE that runs off the end of the
frame.  This cause us to return ParseFailed.  Since the frame in
question is an association response, this causes us to fail to associate
with this AP.

The return code from ieee802_11_parse_elems is superfluous.
All callers still check for the presence of the specific IEs that
interest them anyway.  So, remove the return code so the parse never
"fails".

Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: only honor IW_SCAN_THIS_ESSID in STA, IBSS, and AP modes
John W. Linville [Fri, 26 Oct 2007 21:04:34 +0000 (17:04 -0400)]
mac80211: only honor IW_SCAN_THIS_ESSID in STA, IBSS, and AP modes

patch d114f399b4da6fa7f9da3bbf1fb841370c11e788 in mainline.

The previous IW_SCAN_THIS_ESSID patch left a hole allowing scan
requests on interfaces in inappropriate modes.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: honor IW_SCAN_THIS_ESSID in siwscan ioctl
Bill Moss [Fri, 26 Oct 2007 21:04:33 +0000 (17:04 -0400)]
mac80211: honor IW_SCAN_THIS_ESSID in siwscan ioctl

patch 107acb23ba763197d390ae9ffd347f3e2a524d39 in mainline.

This patch fixes the problem of associating with wpa_secured hidden
AP.  Please try out.

The original author of this patch is Bill Moss <bmoss@clemson.edu>

Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: store SSID in sta_bss_list
John W. Linville [Fri, 26 Oct 2007 21:04:32 +0000 (17:04 -0400)]
mac80211: store SSID in sta_bss_list

patch cffdd30d20d163343b1c6de25bcb0cc978a1ebf9 in mainline.

Some AP equipment "in the wild" services multiple SSIDs using the
same BSSID.  This patch changes the key of sta_bss_list to include
the SSID as well as the BSSID and the channel so as to prevent one
SSID from eclipsing another SSID with the same BSSID.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: store channel info in sta_bss_list
John W. Linville [Fri, 26 Oct 2007 21:04:31 +0000 (17:04 -0400)]
mac80211: store channel info in sta_bss_list

patch 65c107ab3befc37b21d1c970a6159525bc0121b8 in mainline.

Some AP equipment "in the wild" uses the same BSSID on multiple channels
(particularly "a" vs. "b/g").  This patch changes the key of sta_bss_list
to include both the BSSID and the channel so as to prevent a BSSID on
one channel from eclipsing the same BSSID on another channel.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: reorder association debug output
Johannes Berg [Fri, 26 Oct 2007 21:04:30 +0000 (17:04 -0400)]
mac80211: reorder association debug output

patch 1dd84aa213d0f98a91a1ec9be2f750f5f48e75a0 in mainline.

There's no reason to warn about an invalid AID field when the
association was denied.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoieee80211: fix TKIP QoS bug
Johannes Berg [Fri, 26 Oct 2007 21:04:29 +0000 (17:04 -0400)]
ieee80211: fix TKIP QoS bug

patch e797aa1b7da6bfcb2e19a10ae5ead9aa7aea732b in mainline.

The commit 65b6a277 titled "ieee80211: Fix header->qos_ctl endian issue"
*introduced* an endianness bug. Partially revert it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoNETFILTER: nf_conntrack_tcp: fix connection reopening
Jozsef Kadlecsik [Mon, 5 Nov 2007 11:37:55 +0000 (12:37 +0100)]
NETFILTER: nf_conntrack_tcp: fix connection reopening

Upstream commits: 17311393 + bc34b841 merged together.  Merge done by
Patrick McHardy <kaber@trash.net>

[NETFILTER]: nf_conntrack_tcp: fix connection reopening

With your description I could reproduce the bug and actually you were
completely right: the code above is incorrect. Somehow I was able to
misread RFC1122 and mixed the roles :-(:

   When a connection is >>closed actively<<, it MUST linger in
   TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime).
   However, it MAY >>accept<< a new SYN from the remote TCP to
   reopen the connection directly from TIME-WAIT state, if it:
   [...]

The fix is as follows: if the receiver initiated an active close, then the
sender may reopen the connection - otherwise try to figure out if we hold
a dead connection.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix netlink timeouts.
Patrick McHardy [Tue, 13 Nov 2007 11:03:00 +0000 (03:03 -0800)]
Fix netlink timeouts.

[NETLINK]: Fix unicast timeouts

[ Upstream commit: c3d8d1e30cace31fed6186a4b8c6b1401836d89c ]

Commit ed6dcf4a in the history.git tree broke netlink_unicast timeouts
by moving the schedule_timeout() call to a new function that doesn't
propagate the remaining timeout back to the caller. This means on each
retry we start with the full timeout again.

ipc/mqueue.c seems to actually want to wait indefinitely so this
behaviour is retained.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix crypto_alloc_comp() error checking.
Herbert Xu [Tue, 13 Nov 2007 10:48:28 +0000 (02:48 -0800)]
Fix crypto_alloc_comp() error checking.

[IPSEC]: Fix crypto_alloc_comp error checking

[ Upstream commit: 4999f3621f4da622e77931b3d33ada6c7083c705 ]

The function crypto_alloc_comp returns an errno instead of NULL
to indicate error.  So it needs to be tested with IS_ERR.

This is based on a patch by Vicenç Beltran Querol.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix SET_VLAN_INGRESS_PRIORITY_CMD error return.
Patrick McHardy [Tue, 13 Nov 2007 08:13:37 +0000 (00:13 -0800)]
Fix SET_VLAN_INGRESS_PRIORITY_CMD error return.

patch fffe470a803e7f7b74c016291e542a0162761209 in mainline.

[VLAN]: Fix SET_VLAN_INGRESS_PRIORITY_CMD ioctl

Based on report and patch by Doug Kehn <rdkehn@yahoo.com>:

vconfig returns the following error when attempting to execute the
set_ingress_map command:

vconfig: socket or ioctl error for set_ingress_map: Operation not permitted

In vlan.c, vlan_ioctl_handler for SET_VLAN_INGRESS_PRIORITY_CMD
sets err = -EPERM and calls vlan_dev_set_ingress_priority.
vlan_dev_set_ingress_priority is a void function so err remains
at -EPERM and results in the vconfig error (even though the ingress
map was set).

Fix by setting err = 0 after the vlan_dev_set_ingress_priority call.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix VLAN address syncing.
Patrick McHardy [Tue, 13 Nov 2007 08:11:51 +0000 (00:11 -0800)]
Fix VLAN address syncing.

patch d932e04a5e7b146c5f9bf517714b986a432a7594 in mainline.

[PATCH] [VLAN]: Don't synchronize addresses while the vlan device is down

While the VLAN device is down, the unicast addresses are not configured
on the underlying device, so we shouldn't attempt to sync them.

Noticed by Dmitry Butskoy <buc@odusz.so-cdu.ru>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix endianness bug in U32 classifier.
Radu Rendec [Tue, 13 Nov 2007 08:09:56 +0000 (00:09 -0800)]
Fix endianness bug in U32 classifier.

changeset 543821c6f5dea5221426eaf1eac98b100249c7ac in mainline.

[PKT_SCHED] CLS_U32: Fix endianness problem with u32 classifier hash masks.

While trying to implement u32 hashes in my shaping machine I ran into
a possible bug in the u32 hash/bucket computing algorithm
(net/sched/cls_u32.c).

The problem occurs only with hash masks that extend over the octet
boundary, on little endian machines (where htonl() actually does
something).

Let's say that I would like to use 0x3fc0 as the hash mask. This means
8 contiguous "1" bits starting at b6. With such a mask, the expected
(and logical) behavior is to hash any address in, for instance,
192.168.0.0/26 in bucket 0, then any address in 192.168.0.64/26 in
bucket 1, then 192.168.0.128/26 in bucket 2 and so on.

This is exactly what would happen on a big endian machine, but on
little endian machines, what would actually happen with current
implementation is 0x3fc0 being reversed (into 0xc03f0000) by htonl()
in the userspace tool and then applied to 192.168.x.x in the u32
classifier. When shifting right by 16 bits (rank of first "1" bit in
the reversed mask) and applying the divisor mask (0xff for divisor
256), what would actually remain is 0x3f applied on the "168" octet of
the address.

One could say is this can be easily worked around by taking endianness
into account in userspace and supplying an appropriate mask (0xfc03)
that would be turned into contiguous "1" bits when reversed
(0x03fc0000). But the actual problem is the network address (inside
the packet) not being converted to host order, but used as a
host-order value when computing the bucket.

Let's say the network address is written as n31 n30 ... n0, with n0
being the least significant bit. When used directly (without any
conversion) on a little endian machine, it becomes n7 ... n0 n8 ..n15
etc in the machine's registers. Thus bits n7 and n8 would no longer be
adjacent and 192.168.64.0/26 and 192.168.128.0/26 would no longer be
consecutive.

The fix is to apply ntohl() on the hmask before computing fshift,
and in u32_hash_fold() convert the packet data to host order before
shifting down by fshift.

With helpful feedback from Jamal Hadi Salim and Jarek Poplawski.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix TEQL oops.
Evgeniy Polyakov [Tue, 13 Nov 2007 08:07:45 +0000 (00:07 -0800)]
Fix TEQL oops.

[PKT_SCHED]: Fix OOPS when removing devices from a teql queuing discipline

[ Upstream commit: 4f9f8311a08c0d95c70261264a2b47f2ae99683a ]

tecl_reset() is called from deactivate and qdisc is set to noop already,
but subsequent teql_xmit does not know about it and dereference private
data as teql qdisc and thus oopses.
not catch it first :)

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix error returns in sys_socketpair()
David Miller [Tue, 13 Nov 2007 08:02:56 +0000 (00:02 -0800)]
Fix error returns in sys_socketpair()

patch bf3c23d171e35e6e168074a1514b0acd59cfd81a in mainline.

[NET]: Fix error reporting in sys_socketpair().

If either of the two sock_alloc_fd() calls fail, we
forget to update 'err' and thus we'll erroneously
return zero in these cases.

Based upon a report and patch from Rich Paul, and
commentary from Chuck Ebbert.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosoftmac: fix wext MLME request reason code endianness
Johannes Berg [Thu, 25 Oct 2007 20:16:23 +0000 (22:16 +0200)]
softmac: fix wext MLME request reason code endianness

patch 94e10bfb8a7372df3ef2759c9ec2a37de2f24aca in mainline.

The MLME request reason code is host-endian and our passing
it to the low level functions is host-endian as well since
they do the swapping. I noticed that the reason code 768 was
sent (0x300) rather than 3 when wpa_supplicant terminates.
This removes the superfluous cpu_to_le16() call.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix kernel_accept() return handling.
Tony Battersby [Tue, 23 Oct 2007 10:10:10 +0000 (03:10 -0700)]
Fix kernel_accept() return handling.

patch fa8705b00aeca19d91a1437b8a5cf865999b28f6 in mainline.

[NET]: sanitize kernel_accept() error path

If kernel_accept() returns an error, it may pass back a pointer to
freed memory (which the caller should ignore).  Make it pass back NULL
instead for better safety.

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoTCP: Fix size calculation in sk_stream_alloc_pskb
Herbert Xu [Wed, 14 Nov 2007 23:45:21 +0000 (15:45 -0800)]
TCP: Fix size calculation in sk_stream_alloc_pskb

[TCP]: Fix size calculation in sk_stream_alloc_pskb

[ Upstream commit: fb93134dfc2a6e6fbedc7c270a31da03fce88db9 ]

We round up the header size in sk_stream_alloc_pskb so that
TSO packets get zero tail room.  Unfortunately this rounding
up is not coordinated with the select_size() function used by
TCP to calculate the second parameter of sk_stream_alloc_pskb.

As a result, we may allocate more than a page of data in the
non-TSO case when exactly one page is desired.

In fact, rounding up the head room is detrimental in the non-TSO
case because it makes memory that would otherwise be available to
the payload head room.  TSO doesn't need this either, all it wants
is the guarantee that there is no tail room.

So this patch fixes this by adjusting the skb_reserve call so that
exactly the requested amount (which all callers have calculated in
a precise way) is made available as tail room.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix SKB_WITH_OVERHEAD calculations.
Herbert Xu [Tue, 23 Oct 2007 10:08:26 +0000 (03:08 -0700)]
Fix SKB_WITH_OVERHEAD calculations.

patch deea84b0ae3d26b41502ae0a39fe7fe134e703d0 in mainline.

[NET]: Fix SKB_WITH_OVERHEAD calculation

The calculation in SKB_WITH_OVERHEAD is incorrect in that it can cause
an overflow across a page boundary which is what it's meant to prevent.
In particular, the header length (X) should not be lumped together with
skb_shared_info.  The latter needs to be aligned properly while the header
has no choice but to sit in front of wherever the payload is.

Therefore the correct calculation is to take away the aligned size of
skb_shared_info, and then subtract the header length.  The resulting
quantity L satisfies the following inequality:

SKB_DATA_ALIGN(L + X) + sizeof(struct skb_shared_info) <= PAGE_SIZE

This is the quantity used by alloc_skb to do the actual allocation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix 9P protocol build
Ingo Molnar [Tue, 23 Oct 2007 10:13:00 +0000 (03:13 -0700)]
Fix 9P protocol build

patch 092e9d93b3728d484a4e73df9852dc4002cf9923 in mainline.

[9P]: build fix with !CONFIG_SYSCTL

found via make randconfig build testing:

 net/built-in.o: In function `init_p9':
 mod.c:(.init.text+0x3b39): undefined reference to `p9_sysctl_register'
 net/built-in.o: In function `exit_p9':
 mod.c:(.exit.text+0x36b): undefined reference to `p9_sysctl_unregister'

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix advertised packet scheduler timer resolution
Patrick McHardy [Wed, 24 Oct 2007 03:55:01 +0000 (20:55 -0700)]
Fix advertised packet scheduler timer resolution

patch 3c0cfc135829b98f7a4894938652f9ef78e24237 in mainline

The fourth parameter of /proc/net/psched is supposed to show the timer
resultion and is used by HTB userspace to calculate the necessary
burst rate. Currently we show the clock resolution, which results in a
too low burst rate when the two differ.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoAdd get_unaligned to ieee80211_get_radiotap_len
Andy Green [Wed, 10 Oct 2007 02:46:33 +0000 (22:46 -0400)]
Add get_unaligned to ieee80211_get_radiotap_len

patch dfe6e81deaa79c85086c0cc8d85b229e444ab97f in mainline.

ieee80211_get_radiotap_len() tries to dereference radiotap length without
taking care that it is completely unaligned and get_unaligned()
is required.

Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: Improve sanity checks on injected packets
Andy Green [Wed, 10 Oct 2007 02:46:34 +0000 (22:46 -0400)]
mac80211: Improve sanity checks on injected packets

patch 9b8a74e3482f9fc077a88c13fa0ceca8feb0b772 in mainline.

Michael Wu noticed that the skb length checking is not taken care of enough when
a packet is presented on the Monitor interface for injection.

This patch improves the sanity checking and removes fake offsets placed
into the skb network and transport header.

Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agomac80211: filter locally-originated multicast frames
John W. Linville [Wed, 10 Oct 2007 02:46:35 +0000 (22:46 -0400)]
mac80211: filter locally-originated multicast frames

patch b331615722779b078822988843ddffd4eaec9f83 in mainline.

In STA mode, the AP will echo our traffic.  This includes multicast
traffic.

Receiving these frames confuses some protocols and applications,
notably IPv6 Duplicate Address Detection.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.23.3 v2.6.23.3
Greg Kroah-Hartman [Fri, 16 Nov 2007 16:24:58 +0000 (08:24 -0800)]
Linux 2.6.23.3

16 years agorevert "x86_64: allocate sparsemem memmap above 4G"
Linus Torvalds [Thu, 1 Nov 2007 23:07:35 +0000 (19:07 -0400)]
revert "x86_64: allocate sparsemem memmap above 4G"

Reverted upstream by commit 6a22c57b8d2a62dea7280a6b2ac807a539ef0716

Revert this commit:

commit 2e1c49db4c640b35df13889b86b9d62215ade4b6
Author: Zou Nan hai <nanhai.zou@intel.com>
Date:   Fri Jun 1 00:46:28 2007 -0700

x86_64: allocate sparsemem memmap above 4G

This reverts commit 2e1c49db4c640b35df13889b86b9d62215ade4b6.

First off, testing in Fedora has shown it to cause boot failures,
bisected down by Martin Ebourne, and reported by Dave Jobes.  So the
commit will likely be reverted in the 2.6.23 stable kernels.

Secondly, in the 2.6.24 model, x86-64 has now grown support for
SPARSEMEM_VMEMMAP, which disables the relevant code anyway, so while the
bug is not visible any more, it's become invisible due to the code just
being irrelevant and no longer enabled on the only architecture that
this ever affected.

Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Martin Ebourne <fedora@ebourne.me.uk>
Cc: Zou Nan hai <nanhai.zou@intel.com>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86: fix TSC clock source calibration error
Dave Johnson [Tue, 23 Oct 2007 20:37:22 +0000 (22:37 +0200)]
x86: fix TSC clock source calibration error

patch edaf420fdc122e7a42326fe39274c8b8c9b19d41 in mainline.

I ran into this problem on a system that was unable to obtain NTP sync
because the clock was running very slow (over 10000ppm slow). ntpd had
declared all of its peers 'reject' with 'peer_dist' reason.

On investigation, the tsc_khz variable was significantly incorrect
causing xtime to run slow.  After a reboot tsc_khz was correct so I
did a reboot test to see how often the problem occurred:

Test was done on a 2000 Mhz Xeon system.  Of 689 reboots, 8 of them
had unacceptable tsc_khz values (>500ppm):

 range of tsc_khz  # of boots  % of boots
 ----------------  ----------  ----------
        < 1999750           0      0.000%
1999750 - 1999800          21      3.048%
1999800 - 1999850         166     24.128%
1999850 - 1999900         241     35.029%
1999900 - 1999950         211     30.669%
1999950 - 2000000          42      6.105%
2000000 - 2000000           0      0.000%
2000050 - 2000100           0      0.000%
                   [...]
2000100 - 2015000           1      0.145%  << BAD
2015000 - 2030000           6      0.872%  << BAD
2030000 - 2045000           1      0.145%  << BAD
2045000 <                   0      0.000%

The worst boot was 2032.577 Mhz, over 1.5% off!

It appears that on rare occasions, mach_countup() is taking longer to
complete than necessary.

I suspect that this is caused by the CPU taking a periodic SMI
interrupt right at the end of the 30ms calibration loop.  This would
cause the loop to delay while the SMI BIOS hander runs. The resulting
TSC value is beyond what it actually should be resulting in a higher
tsc_khz.

The below patch makes native_calculate_cpu_khz() take the best
(shortest duration, lowest khz) run of it's 3 calibration loops.  If a
SMI goes off causing a bad result (long duration, higher khz) it will
be discarded.

With the patch applied, 300 boots of the same system produce good
results:

 range of tsc_khz  # of boots  % of boots
 ----------------  ----------  ----------
        < 1999750           0      0.000%
1999750 - 1999800          30     10.000%
1999800 - 1999850         166     55.333%
1999850 - 1999900          89     29.667%
1999900 - 1999950          15      5.000%
1999950 <                   0      0.000%

Problem was found and tested against 2.6.18.  Patch is against 2.6.22.

Signed-off-by: Dave Johnson <djohnson@sw.starentnetworks.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86 setup: sizeof() is unsigned, unbreak comparisons
H. Peter Anvin [Thu, 25 Oct 2007 23:09:38 +0000 (16:09 -0700)]
x86 setup: sizeof() is unsigned, unbreak comparisons

patch e6e1ace9904b72478f0c5a5aa7bd174cb6f62561 in mainline.

We use signed values for limit checking since the values can go
negative under certain circumstances.  However, sizeof() is unsigned
and forces the comparison to be unsigned, so move the comparison into
the heap_free() macros so we can ensure it is a signed comparison.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86 setup: handle boot loaders which set up the stack incorrectly
H. Peter Anvin [Thu, 25 Oct 2007 23:11:33 +0000 (16:11 -0700)]
x86 setup: handle boot loaders which set up the stack incorrectly

patch 6b6815c6d5d1dc209701d1661a7a0e09a295db2f in mainline.

Apparently some specific versions of LILO enter the kernel with a
stack pointer that doesn't match the rest of the segments.  Make our
best attempt at untangling the resulting mess.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86: fix global_flush_tlb() bug
Ingo Molnar [Fri, 19 Oct 2007 10:19:26 +0000 (12:19 +0200)]
x86: fix global_flush_tlb() bug

patch 9a24d04a3c26c223f22493492c5c9085b8773d4a upstream

While we were reviewing pageattr_32/64.c for unification,
Thomas Gleixner noticed the following serious SMP bug in
global_flush_tlb():

down_read(&init_mm.mmap_sem);
list_replace_init(&deferred_pages, &l);
up_read(&init_mm.mmap_sem);

this is SMP-unsafe because list_replace_init() done on two CPUs in
parallel can corrupt the list.

This bug has been introduced about a year ago in the 64-bit tree:

       commit ea7322decb974a4a3e804f96a0201e893ff88ce3
       Author: Andi Kleen <ak@suse.de>
       Date:   Thu Dec 7 02:14:05 2006 +0100

       [PATCH] x86-64: Speed and clean up cache flushing in change_page_attr

                down_read(&init_mm.mmap_sem);
        -       dpage = xchg(&deferred_pages, NULL);
        +       list_replace_init(&deferred_pages, &l);
                up_read(&init_mm.mmap_sem);

the xchg() based version was SMP-safe, but list_replace_init() is not.
So this "cleanup" introduced a nasty bug.

why this bug never become prominent is a mystery - it can probably be
explained with the (still) relative obscurity of the x86_64 architecture.

the safe fix for now is to write-lock init_mm.mmap_sem.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <ak@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoxfs: eagerly remove vmap mappings to avoid upsetting Xen
Jeremy Fitzhardinge [Fri, 12 Oct 2007 21:11:42 +0000 (14:11 -0700)]
xfs: eagerly remove vmap mappings to avoid upsetting Xen

patch ace2e92e193126711cb3a83a3752b2c5b8396950 in mainline.

XFS leaves stray mappings around when it vmaps memory to make it
virtually contigious.  This upsets Xen if one of those pages is being
recycled into a pagetable, since it finds an extra writable mapping of
the page.

This patch solves the problem in a brute force way, by making XFS
always eagerly unmap its mappings.

[ Stable: This works around a bug in 2.6.23.  We may come up with a
better solution for mainline, but this seems like a low-impact fix for
the stable kernel. ]

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Cc: XFS masters <xfs-masters@oss.sgi.com>
Cc: Morten =?utf-8?q?B=C3=B8geskov?= <xen-users@morten.bogeskov.dk>
Cc: Mark Williamson <mark.williamson@cl.cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoxen: fix incorrect vcpu_register_vcpu_info hypercall argument
Jeremy Fitzhardinge [Fri, 12 Oct 2007 21:11:40 +0000 (14:11 -0700)]
xen: fix incorrect vcpu_register_vcpu_info hypercall argument

patch e3d2697669abbe26c08dc9b95e2a71c634d096ed in mainline.

The kernel's copy of struct vcpu_register_vcpu_info was out of date,
at best causing the hypercall to fail and the guest kernel to fall
back to the old mechanism, or worse, causing random memory corruption.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Cc: Stable Kernel <stable@kernel.org>
Cc: Morten =?utf-8?q?B=C3=B8geskov?= <xen-users@morten.bogeskov.dk>
Cc: Mark Williamson <mark.williamson@cl.cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoxen: deal with stale cr3 values when unpinning pagetables
Jeremy Fitzhardinge [Fri, 12 Oct 2007 21:11:37 +0000 (14:11 -0700)]
xen: deal with stale cr3 values when unpinning pagetables

patch 9f79991d4186089e228274196413572cc000143b in mainline.

When a pagetable is no longer in use, it must be unpinned so that its
pages can be freed.  However, this is only possible if there are no
stray uses of the pagetable.  The code currently deals with all the
usual cases, but there's a rare case where a vcpu is changing cr3, but
is doing so lazily, and the change hasn't actually happened by the time
the pagetable is unpinned, even though it appears to have been completed.

This change adds a second per-cpu cr3 variable - xen_current_cr3 -
which tracks the actual state of the vcpu cr3.  It is only updated once
the actual hypercall to set cr3 has been completed.  Other processors
wishing to unpin a pagetable can check other vcpu's xen_current_cr3
values to see if any cross-cpu IPIs are needed to clean things up.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoxen: add batch completion callbacks
Jeremy Fitzhardinge [Fri, 12 Oct 2007 21:11:36 +0000 (14:11 -0700)]
xen: add batch completion callbacks

patch 91e0c5f3dad47838cb2ecc1865ce789a0b7182b1 in mainline.

This adds a mechanism to register a callback function to be called once
a batch of hypercalls has been issued.  This is typically used to unlock
things which must remain locked until the hypercall has taken place.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUML - kill subprocesses on exit
Lepton Wu [Thu, 1 Nov 2007 19:53:27 +0000 (15:53 -0400)]
UML - kill subprocesses on exit

commit a24864a1d52a97e345a6bd4862a057f98364d098

uml: definitively kill subprocesses on panic

In a stock 2.6.22.6 kernel, poweroff a user mode linux guest (2.6.22.6 running
in skas0 mode) will halt the host linux.  I think the reason is the kernel
thread abort because of a bug.  Then the sys_reboot in process of user mode
linux guest is not trapped by the user mode linux kernel and is executed by
host.  I think it is better to make sure all of our children process to quit
when user mode linux kernel abort.

[ jdike - the kernel process needs to ignore SIGTERM, plus the waitpid/kill
loop is needed to make sure that all of our children are dead before the
kernel exits ]

Signed-off-by: Lepton Wu <ytht.net@gmail.com>
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUML - stop using libc asm/user.h
Jeff Dike [Thu, 1 Nov 2007 19:53:26 +0000 (15:53 -0400)]
UML - stop using libc asm/user.h

commit 189872f968def833727b6bfef83ebd7440c538e6 in mainline.

uml: don't use glibc asm/user.h

Stop including asm/user.h from libc - it seems to be disappearing from
distros.  It's replaced with sys/user.h which defines user_fpregs_struct and
user_fpxregs_struct instead of user_i387_struct and struct user_fxsr_struct on
i386.

As a bonus, on x86_64, I get to dump some stupid typedefs which were needed in
order to get asm/user.h to compile.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUML - Fix kernel vs libc symbols clash
Jeff Dike [Thu, 1 Nov 2007 19:53:26 +0000 (15:53 -0400)]
UML - Fix kernel vs libc symbols clash

commit 818f6ef407b448cef63294b9d0f6f8a2af9cb817 in mainline.

uml: fix an IPV6 libc vs kernel symbol clash

On some systems, with IPV6 configured, there is a clash between the kernel's
in6addr_any and the one in libc.

This is handled in the usual (gross) way of defining the kernel symbol out of
the way on the gcc command line.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUML - Stop using libc asm/page.h
Jeff Dike [Thu, 1 Nov 2007 19:53:25 +0000 (15:53 -0400)]
UML - Stop using libc asm/page.h

commit 71f926f2ea61994470a53c9e11d3ef993197cada in mainline.

uml: stop using libc asm/page.h

Remove includes of asm/page.h from libc code.  This header seems to be
disappearing, and UML doesn't make much use of it anyway.

The one use, PAGE_SHIFT in stub.h, is handled by copying the constant from the
kernel side of the house in common_offsets.h.

[ jdike - added arch/um/kernel/skas/clone.c for -stable ]

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPOWERPC: Make sure to of_node_get() the result of pci_device_to_OF_node()
Michael Ellerman [Mon, 17 Sep 2007 06:03:45 +0000 (16:03 +1000)]
POWERPC: Make sure to of_node_get() the result of pci_device_to_OF_node()

patch db220b234da9f183b127b9c3077c253b94756e35 in mainline.

pci_device_to_OF_node() returns the device node attached to a PCI device,
but doesn't actually grab a reference - we need to do it ourselves.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPOWERPC: Fix handling of stfiwx math emulation
Kumar Gala [Thu, 11 Oct 2007 22:07:34 +0000 (17:07 -0500)]
POWERPC: Fix handling of stfiwx math emulation

patch ba02946a903015840ef672ccc9dc8620a7e83de6 in mainline

Its legal for the stfiwx instruction to have RA = 0 as part of its
effective address calculation.  This is illegal for all other XE
form instructions.

Add code to compute the proper effective address for stfiwx if
RA = 0 rather than treating it as illegal.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoMIPS: R1: Fix hazard barriers to make kernels work on R2 also.
Ralf Baechle [Wed, 10 Oct 2007 11:14:36 +0000 (12:14 +0100)]
MIPS: R1: Fix hazard barriers to make kernels work on R2 also.

patch 572afc248c33c902760f6f24a72c180f0e4f1719 in mainline.

Tested with Malta; inflates malta_defconfig by 3932 bytes.  Ideally there
should be additional configuration to allow getting rid of this overhead
but that would be too much complexity at this stage of the release cycle.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoMIPS: MT: Fix bug in multithreaded kernels.
Ralf Baechle [Wed, 10 Oct 2007 11:12:36 +0000 (12:12 +0100)]
MIPS: MT: Fix bug in multithreaded kernels.

patch a76ab5c10d99bdf458067cb495e72c0ee5f09909 in mainline.

When GDB writes a breakpoint into address area of inferior process the
kernel needs to invalidate the modified memory in the inferior which
is done by calling flush_cache_page which in turns calls
r4k_flush_cache_page and local_r4k_flush_cache_page for VSMP or SMTC
kernel via r4k_on_each_cpu().

As the VSMP and SMTC SMP kernels for 34K are running on a single shared
caches it is possible to get away without interprocessor function calls.
This optimization is implemented in r4k_on_each_cpu, so
local_r4k_flush_cache_page is only ever called on the local CPU.

This is where the following code in local_r4k_flush_cache_page() strikes:

        /*
         * If ownes no valid ASID yet, cannot possibly have gotten
         * this page into the cache.
         */
        if (cpu_context(smp_processor_id(), mm) == 0)
                return;

On VSMP and SMTC had a function of cpu_context() for each CPU(TC).

So in case another CPU than the CPU executing local_r4k_cache_flush_page
has not accessed the mm but one of the other CPUs has there may be data
to be flushed in the cache yet local_r4k_cache_flush_page will falsely
return leaving the I-cache inconsistent for the breakpoint.

While the issue was discovered with GDB it also exists in
local_r4k_flush_cache_range() and local_r4k_flush_cache().

Fixed by introducing a new function has_valid_asid which on MT kernels
returns true if a mm is active on any processor in the system.

This is relativly expensive since for memory acccesses in that loop
cache misses have to be assumed but it seems the most viable solution
for 2.6.23 and older -stable kernels.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix sparc64 MAP_FIXED handling of framebuffer mmaps
Chris Wright [Wed, 24 Oct 2007 05:44:38 +0000 (22:44 -0700)]
Fix sparc64 MAP_FIXED handling of framebuffer mmaps

patch d58aa8c7b1cc0add7b03e26bdb8988d98d2f4cd1 in mainline.

From: Chris Wright <chrisw@sous-sol.org>
Date: Tue, 23 Oct 2007 20:36:14 -0700
Subject: [PATCH] [SPARC64]: pass correct addr in get_fb_unmapped_area(MAP_FIXED)

Looks like the MAP_FIXED case is using the wrong address hint.  I'd
expect the comment "don't mess with it" means pass the request
straight on through, not change the address requested to -ENOMEM.

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix sparc64 niagara optimized RAID xor asm
David Miller [Tue, 23 Oct 2007 10:12:00 +0000 (03:12 -0700)]
Fix sparc64 niagara optimized RAID xor asm

patch d060db63fd38a8a75f666576ef9999c28cdc31cf in mainline.

[SPARC64]: Fix register usage in xor_raid_4().

Some typos led to using %i6/%i7 instead of %l6/%l7 in loads which is
really really bad because those are the frame pointer and return PC.

Based upon a raid5 crash report by Bertrand Joel.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.23.2 v2.6.23.2
Greg Kroah-Hartman [Fri, 16 Nov 2007 16:19:12 +0000 (08:19 -0800)]
Linux 2.6.23.2

16 years agoBLOCK: Fix bad sharing of tag busy list on queues with shared tag maps
Jens Axboe [Tue, 30 Oct 2007 10:18:15 +0000 (11:18 +0100)]
BLOCK: Fix bad sharing of tag busy list on queues with shared tag maps

patch 6eca9004dfcb274a502438a591df5b197690afb1 in mainline.

For the locking to work, only the tag map and tag bit map may be shared
(incidentally, I was just explaining this to Nick yesterday, but I
apparently didn't review the code well enough myself). But we also share
the busy list!  The busy_list must be queue private, or we need a
block_queue_tag covering lock as well.

So we have to move the busy_list to the queue. This'll work fine, and
it'll actually also fix a problem with blk_queue_invalidate_tags() which
will invalidate tags across all shared queues. This is a bit confusing,
the low level driver should call it for each queue seperately since
otherwise you cannot kill tags on just a single queue for eg a hard
drive that stops responding. Since the function has no callers
currently, it's not an issue.

This is fixed with commit 6eca9004dfcb274a502438a591df5b197690afb1 in
Linus' tree.

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agofix tmpfs BUG and AOP_WRITEPAGE_ACTIVATE
Hugh Dickins [Mon, 29 Oct 2007 21:37:20 +0000 (14:37 -0700)]
fix tmpfs BUG and AOP_WRITEPAGE_ACTIVATE

patch 487e9bf25cbae11b131d6a14bdbb3a6a77380837 in mainline.

It's possible to provoke unionfs (not yet in mainline, though in mm and
some distros) to hit shmem_writepage's BUG_ON(page_mapped(page)).  I expect
it's possible to provoke the 2.6.23 ecryptfs in the same way (but the
2.6.24 ecryptfs no longer calls lower level's ->writepage).

This came to light with the recent find that AOP_WRITEPAGE_ACTIVATE could
leak from tmpfs via write_cache_pages and unionfs to userspace.  There's
already a fix (e423003028183df54f039dfda8b58c49e78c89d7 - writeback: don't
propagate AOP_WRITEPAGE_ACTIVATE) in the tree for that, and it's okay so
far as it goes; but insufficient because it doesn't address the underlying
issue, that shmem_writepage expects to be called only by vmscan (relying on
backing_dev_info capabilities to prevent the normal writeback path from
ever approaching it).

That's an increasingly fragile assumption, and ramdisk_writepage (the other
source of AOP_WRITEPAGE_ACTIVATEs) is already careful to check
wbc->for_reclaim before returning it.  Make the same check in
shmem_writepage, thereby sidestepping the page_mapped BUG also.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Erez Zadok <ezk@cs.sunysb.edu>
Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix compat futex hangs.
David Miller [Tue, 13 Nov 2007 07:59:05 +0000 (23:59 -0800)]
Fix compat futex hangs.

[FUTEX]: Fix address computation in compat code.

[ Upstream commit: 3c5fd9c77d609b51c0bab682c9d40cbb496ec6f1 ]

compat_exit_robust_list() computes a pointer to the
futex entry in userspace as follows:

(void __user *)entry + futex_offset

'entry' is a 'struct robust_list __user *', and
'futex_offset' is a 'compat_long_t' (typically a 's32').

Things explode if the 32-bit sign bit is set in futex_offset.

Type promotion sign extends futex_offset to a 64-bit value before
adding it to 'entry'.

This triggered a problem on sparc64 running 32-bit applications which
would lock up a cpu looping forever in the fault handling for the
userspace load in handle_futex_death().

Compat userspace runs with address masking (wherein the cpu zeros out
the top 32-bits of every effective address given to a memory operation
instruction) so the sparc64 fault handler accounts for this by
zero'ing out the top 32-bits of the fault address too.

Since the kernel properly uses the compat_uptr interfaces, kernel side
accesses to compat userspace work too since they will only use
addresses with the top 32-bit clear.

Because of this compat futex layer bug we get into the following loop
when executing the get_user() load near the top of handle_futex_death():

1) load from address '0xfffffffff7f16bd8', FAULT
2) fault handler clears upper 32-bits, processes fault
   for address '0xf7f16bd8' which succeeds
3) goto #1

I want to thank Bernd Zeimetz, Josip Rodin, and Fabio Massimo Di Nitto
for their tireless efforts helping me track down this bug.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosched: keep utime/stime monotonic
Frans Pop [Wed, 14 Nov 2007 00:18:19 +0000 (01:18 +0100)]
sched: keep utime/stime monotonic

sched: keep utime/stime monotonic

cpustats use utime/stime as a ratio against sum_exec_runtime, as a
consequence it can happen - when the ratio changes faster than time
accumulates - that either can be appear to go backwards.

Combined backport for 2.6.23 of the following patches from mainline:
commit 73a2bcb0edb9ffb0b007b3546b430e2c6e415eee
Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
  sched: keep utime/stime monotonic

commit 9301899be75b464ef097f0b5af7af6d9bd8f68a7
Author: Balbir Singh <balbir@linux.vnet.ibm.com>
  sched: fix /proc/<PID>/stat stime/utime monotonicity, part 2

Signed-off-by: Frans Pop <elendil@planet.nl>
CC: Peter Zijlstra <a.p.zijlstra@chello.nl>
CC: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agofix the softlockup watchdog to actually work
Ingo Molnar [Wed, 17 Oct 2007 06:18:38 +0000 (23:18 -0700)]
fix the softlockup watchdog to actually work

patch a115d5caca1a2905ba7a32b408a6042b20179aaa in mainline.

this Xen related commit:

   commit 966812dc98e6a7fcdf759cbfa0efab77500a8868
   Author: Jeremy Fitzhardinge <jeremy@goop.org>
   Date:   Tue May 8 00:28:02 2007 -0700

       Ignore stolen time in the softlockup watchdog

broke the softlockup watchdog to never report any lockups. (!)

print_timestamp defaults to 0, this makes the following condition
always true:

if (print_timestamp < (touch_timestamp + 1) ||

and we'll in essence never report soft lockups.

apparently the functionality of the soft lockup watchdog was never
actually tested with that patch applied ...

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosplice: fix double kunmap() in vmsplice copy path
Jens Axboe [Tue, 16 Oct 2007 08:01:29 +0000 (10:01 +0200)]
splice: fix double kunmap() in vmsplice copy path

patch 6866bef40d06f7c2baac3a855b1917a8ca75456c in mainline.

The out label should not include the unmap, the only way to jump
there already has unmapped the source.

00002000
       f7c21a00 00000000 00000000 c0489036 00018e32 00000002 00000000
00001000
Call Trace:
 [<c0487dd9>] pipe_to_user+0xca/0xd3
 [<c0488233>] __splice_from_pipe+0x53/0x1bd
 [<c0454947>] ------------[ cut here ]------------
filemap_fault+0x221/0x380
 [<c0487d0f>] pipe_to_user+0x0/0xd3
 [<c0489036>] sys_vmsplice+0x3b7/0x422
 [<c045ec3f>] kernel BUG at mm/highmem.c:206!
handle_mm_fault+0x4d5/0x8eb
 [<c041ed5b>] kmap_atomic+0x1c/0x20
 [<c045d33d>] unmap_vmas+0x3d1/0x584
 [<c045f717>] free_pgtables+0x90/0xa0
 [<c041d84b>] pgd_dtor+0x0/0x1
 [<c044d665>] audit_syscall_exit+0x2aa/0x2c6
 [<c0407817>] do_syscall_trace+0x124/0x169
 [<c0404df2>] syscall_call+0x7/0xb
 =======================
Code: 2d 00 d0 5b 00 25 00 00 e0 ff 29 invalid opcode: 0000 [#1]
c2 89 d0 c1 e8 0c 8b 14 85 a0 6c 7c c0 4a 85 d2 89 14 85 a0 6c 7c c0 74 07
31 c9 4a 75 15 eb 04 <0f> 0b eb fe 31 c9 81 3d 78 38 6d c0 78 38 6d c0 0f
95 c1 b0 01
EIP: [<c045bbc3>] kunmap_high+0x51/0x8e SS:ESP 0068:f5960df0
SMP
Modules linked in: netconsole autofs4 hidp nfs lockd nfs_acl rfcomm l2cap
bluetooth sunrpc ipv6 ib_iser rdma_cm ib_cm iw_cmib_sa ib_mad ib_core
ib_addr iscsi_tcp libiscsi scsi_transport_iscsi dm_mirror dm_multipath
dm_mod video output sbs batteryac parport_pc lp parport sg i2c_piix4
i2c_core floppy cfi_probe gen_probe scb2_flash mtd chipreg tg3 e1000 button
ide_cd serio_raw cdrom aic7xxx scsi_transport_spi sd_mod scsi_mod ext3 jbd
ehci_hcd ohci_hcd uhci_hcd
CPU:    3
EIP:    0060:[<c045bbc3>]    Not tainted VLI
EFLAGS: 00010246   (2.6.23 #1)
EIP is at kunmap_high+0x51/0x8e

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agowriteback: don't propagate AOP_WRITEPAGE_ACTIVATE
Andrew Morton [Wed, 17 Oct 2007 06:18:32 +0000 (23:18 -0700)]
writeback: don't propagate AOP_WRITEPAGE_ACTIVATE

patch e423003028183df54f039dfda8b58c49e78c89d7 in mainline.

This is a writeback-internal marker but we're propagating it all the way back
to userspace!.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoSLUB: Fix memory leak by not reusing cpu_slab
Christoph Lameter [Mon, 5 Nov 2007 19:15:43 +0000 (11:15 -0800)]
SLUB: Fix memory leak by not reusing cpu_slab

patch 05aa345034de6ae9c77fb93f6a796013641d57d5 in mainline.

SLUB: Fix memory leak by not reusing cpu_slab

Fix the memory leak that may occur when we attempt to reuse a cpu_slab
that was allocated while we reenabled interrupts in order to be able to
grow a slab cache. The per cpu freelist may contain objects and in that
situation we may overwrite the per cpu freelist pointer loosing objects.
This only occurs if we find that the concurrently allocated slab fits
our allocation needs.

If we simply always deactivate the slab then the freelist will be properly
reintegrated and the memory leak will go away.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoHOWTO: update ja_JP/HOWTO with latest changes
Tsugikazu Shibata [Fri, 12 Oct 2007 22:16:06 +0000 (15:16 -0700)]
HOWTO: update ja_JP/HOWTO with latest changes

patch 3b6662f192fc521b9657f63e68d20ec99979dae6 upstream.

Here is another sync patch of Documentation/ja_JP/HOWTO

Japanese developer sent me some cosmetic changes and also follow
changes of HOWTO
    Cross reference URL (sosdg.org/qiyong/lxr)
    known_regression explanations on kernel dev. process

Signed-off-by: Tsugikazu Shibata <tshibata@ab.jp.nec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agofix param_sysfs_builtin name length check
Jan Kiszka [Thu, 15 Nov 2007 01:00:08 +0000 (17:00 -0800)]
fix param_sysfs_builtin name length check

patch 22800a2830ec07e7cc5c837999890ac47cc7f5de in mainline.

Commit faf8c714f4508207a9c81cc94dafc76ed6680b44 caused a regression:
parameter names longer than MAX_KBUILD_MODNAME will now be rejected,
although we just need to keep the module name part that short.  This patch
restores the old behaviour while still avoiding that memchr is called with
its length parameter larger than the total string length.

Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Cc: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoparam_sysfs_builtin memchr argument fix
Dave Young [Thu, 18 Oct 2007 10:05:07 +0000 (03:05 -0700)]
param_sysfs_builtin memchr argument fix

patch faf8c714f4508207a9c81cc94dafc76ed6680b44 in mainline.

If memchr argument is longer than strlen(kp->name), there will be some
weird result.

It will casuse duplicate filenames in sysfs for the "nousb".  kernel
warning messages are as bellow:

sysfs: duplicate filename 'usbcore' can not be created
WARNING: at fs/sysfs/dir.c:416 sysfs_add_one()
 [<c01c4750>] sysfs_add_one+0xa0/0xe0
 [<c01c4ab8>] create_dir+0x48/0xb0
 [<c01c4b69>] sysfs_create_dir+0x29/0x50
 [<c024e0fb>] create_dir+0x1b/0x50
 [<c024e3b6>] kobject_add+0x46/0x150
 [<c024e2da>] kobject_init+0x3a/0x80
 [<c053b880>] kernel_param_sysfs_setup+0x50/0xb0
 [<c053b9ce>] param_sysfs_builtin+0xee/0x130
 [<c053ba33>] param_sysfs_init+0x23/0x60
 [<c024d062>] __next_cpu+0x12/0x20
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052a856>] do_initcalls+0x46/0x1e0
 [<c01bdb12>] create_proc_entry+0x52/0x90
 [<c0158d4c>] register_irq_proc+0x9c/0xc0
 [<c01bda94>] proc_mkdir_mode+0x34/0x50
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052aa92>] kernel_init+0x62/0xb0
 [<c0104f83>] kernel_thread_helper+0x7/0x14
 =======================
kobject_add failed for usbcore with -EEXIST, don't try to register things with the same name in the same directory.
 [<c024e466>] kobject_add+0xf6/0x150
 [<c053b880>] kernel_param_sysfs_setup+0x50/0xb0
 [<c053b9ce>] param_sysfs_builtin+0xee/0x130
 [<c053ba33>] param_sysfs_init+0x23/0x60
 [<c024d062>] __next_cpu+0x12/0x20
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052a856>] do_initcalls+0x46/0x1e0
 [<c01bdb12>] create_proc_entry+0x52/0x90
 [<c0158d4c>] register_irq_proc+0x9c/0xc0
 [<c01bda94>] proc_mkdir_mode+0x34/0x50
 [<c052aa30>] kernel_init+0x0/0xb0
 [<c052aa92>] kernel_init+0x62/0xb0
 [<c0104f83>] kernel_thread_helper+0x7/0x14
 =======================
Module 'usbcore' failed to be added to sysfs, error number -17
The system will be unstable now.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoRemove broken ptrace() special-case code from file mapping
Linus Torvalds [Wed, 31 Oct 2007 16:19:46 +0000 (09:19 -0700)]
Remove broken ptrace() special-case code from file mapping

The kernel has for random historical reasons allowed ptrace() accesses
to access (and insert) pages into the page cache above the size of the
file.

However, Nick broke that by mistake when doing the new fault handling in
commit 54cb8821de07f2ffcd28c380ce9b93d5784b40d7 ("mm: merge populate and
nopage into fault (fixes nonlinear)".  The breakage caused a hang with
gdb when trying to access the invalid page.

The ptrace "feature" really isn't worth resurrecting, since it really is
wrong both from a portability _and_ from an internal page cache validity
standpoint.  So this removes those old broken remnants, and fixes the
ptrace() hang in the process.

Noticed and bisected by Duane Griffin, who also supplied a test-case
(quoth Nick: "Well that's probably the best bug report I've ever had,
thanks Duane!").

Cc: Duane Griffin <duaneg@dghda.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolocks: fix possible infinite loop in posix deadlock detection
J. Bruce Fields [Tue, 30 Oct 2007 15:20:02 +0000 (11:20 -0400)]
locks: fix possible infinite loop in posix deadlock detection

patch 97855b49b6bac0bd25f16b017883634d13591d00 in mainline.

It's currently possible to send posix_locks_deadlock() into an infinite
loop (under the BKL).

For now, fix this just by bailing out after a few iterations.  We may
want to fix this in a way that better clarifies the semantics of
deadlock detection.  But that will take more time, and this minimal fix
is probably adequate for any realistic scenario, and is simple enough to
be appropriate for applying to stable kernels now.

Thanks to George Davis for reporting the problem.

Cc: "George G. Davis" <gdavis@mvista.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolockdep: fix mismatched lockdep_depth/curr_chain_hash
Gregory Haskins [Thu, 11 Oct 2007 20:11:11 +0000 (22:11 +0200)]
lockdep: fix mismatched lockdep_depth/curr_chain_hash

patch 3aa416b07f0adf01c090baab26fb70c35ec17623 in mainline.

 It is possible for the current->curr_chain_key to become inconsistent with the
 current index if the chain fails to validate.  The end result is that future
 lock_acquire() operations may inadvertently fail to find a hit in the cache
 resulting in a new node being added to the graph for every acquire.

Signed-off-by: Gregory Haskins <ghaskins@novell.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.23.1 v2.6.23.1
Greg Kroah-Hartman [Fri, 12 Oct 2007 16:43:44 +0000 (09:43 -0700)]
Linux 2.6.23.1