Russell King [Sun, 10 Jun 2007 11:22:20 +0000 (12:22 +0100)]
[ARM] VFP: fix section mismatch error
Fix a real section mismatch issue; the test code is thrown away after
initialisation, but if we do not detect the VFP hardware, it is left
hooked into the exception handler. Any VFP instructions which are
subsequently executed risk calling the discarded exception handler.
Introduce a new "null" handler which returns to the "unrecognised
fault" return address.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Linus Torvalds [Sat, 9 Jun 2007 01:15:49 +0000 (18:15 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[CIPSO]: Fix several unaligned kernel accesses in the CIPSO engine.
[NetLabel]: consolidate the struct socket/sock handling to just struct sock
[IPV4]: Do not remove idev when addresses are cleared
Linus Torvalds [Sat, 9 Jun 2007 01:15:23 +0000 (18:15 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Handle PCI bridges without 'ranges' property.
[SPARC64]: Include <linux/rwsem.h> instead of <asm/rwsem.h>.
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
OHCI: Fix machine check in ohci_hub_status_data
USB: Fix up bogus bInterval values in endpoint descriptors
USB: cxacru: ignore error trying to start ADSL in atm_start
USB: cxacru: create sysfs attributes in atm_start instead of bind
USB: cxacru: add Documentation file
USB: UNUSUAL_DEV: Sync up some reported devices from Ubuntu
USB: usb gadgets avoid le{16,32}_to_cpup()
usblp: Don't let suspend to kill ->used
USB: set default y for CONFIG_USB_DEVICE_CLASS
Protect <linux/console_struct.h> from multiple inclusion
Prevent <linux/console_struct.h> from being included more than once,
otherwise you get a redefinition error if you happen to include
<linux/vt_kern.h> first.
Signed-off-by: Robert P. J. Day <rpjday@mindspring.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andy Whitcroft [Fri, 8 Jun 2007 20:47:06 +0000 (13:47 -0700)]
update checkpatch.pl to version 0.04
This version brings a some new tests, and a host of changes to fix
false positives, of particular note:
- check for and report #if 0
- extend checking of line lengths and spacing for .pl, .sh etc
- extends the pointer type checks to multiple levels
- updates printk handling to track newlines
- adds a wrapped patch detector
- drops the leading component of the filenames
- extends switch indent handling to switch statmentes rooted in
the context
- adds foo * bar single pointer checks
This version of checkpatch.pl can be found at the following URL:
Andy Whitcroft (16):
allow checking line lengths and spacing on other source files
clean up that whitespace
sanitise the input line standardising the content of quotes
clean up pointer type * and space checks
fix up the sanitiser so it maintains the line length
apply the printk facility checks only to the first printk in a set
switch/case indent checks may anchor in the context
add a wrapped patch detector
put the #ifdef in C file checks on ice
asm volatile is acceptable
check for and report #if 0
drop the leading component of the filename as patches are -p1
use the original line when reporting operator errors
correct spelling of Joel's name
Version: 0.04
add support for struct foo * bar checks
Geert Uytterhoeven (1):
Fix checkpatch.pl name in usage template
Randy Dunlap (1):
checkpatch: produce fewer lines of output
Signed-off-by: Andy Whitcroft <apw@shadowen.org> Cc: Randy Dunlap <rdunlap@xenotime.net> Cc: Joel Schopp <jschopp@austin.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Fri, 8 Jun 2007 20:47:04 +0000 (13:47 -0700)]
hexdump: more output formatting
Add a prefix string parameter. Callers are responsible for any string
length/alignment that they want to see in the output. I.e., callers should
pad strings to achieve alignment if they want that.
Add rowsize parameter. This is the number of raw data bytes to be printed
per line. Must be 16 or 32.
Add a groupsize parameter. This allows callers to dump values as 1-byte,
2-byte, 4-byte, or 8-byte numbers. Default is 1-byte numbers. If the
total length is not an even multiple of groupsize, 1-byte numbers are
printed.
Add an "ascii" output parameter. This causes ASCII data output following
the hex data output.
Clean up some doc examples.
Align the ASCII output on all lines that are produced by one call.
Add a new interface, print_hex_dump_bytes(), that is a shortcut to
print_hex_dump(), using default parameter values to print 16 bytes in
byte-size chunks of hex + ASCII output, using printk level KERN_DEBUG.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bob Picco [Fri, 8 Jun 2007 20:47:00 +0000 (13:47 -0700)]
fix sysrq-m oops
We aren't sampling for holes in memory. Thus we encounter a section hole
with empty section map pointer for SPARSEMEM and OOPs for show_mem. This
issue has been seen in 2.6.21, current git and current mm. The patch below
is for mainline and mm. It was boot tested for SPARSEMEM, current VMEMMAP
of Andy's in mm ml and DISCONTIGMEM. A slightly different patch will be
posted to stable for 2.6.21.
Previous to commit f0a5a58aa812b31fd9f197c4ba48245942364eae memory_present
was called for node_start_pfn to node_end_pfn. This would cover the
hole(s) with reserved pages and valid sections. Most SPARSEMEM supported
arches do a pfn_valid check in show_mem before computing the page structure
address.
This issue was brought to my attention on IRC by Arnaldo Carvalho de Melo.
Thanks to Arnaldo for testing.
Signed-off-by: Bob Picco <bob.picco@hp.com> Cc: Chuck Ebbert <cebbert@redhat.com> Cc: Andi Kleen <ak@suse.de> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Acked-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1. New entries can be added to tsk->pi_state_list after task completed
exit_pi_state_list(). The result is memory leakage and deadlocks.
2. handle_mm_fault() is called under spinlock. The result is obvious.
3. results in self-inflicted deadlock inside glibc.
Sometimes futex_lock_pi returns -ESRCH, when it is not expected
and glibc enters to for(;;) sleep() to simulate deadlock. This problem
is quite obvious and I think the patch is right. Though it looks like
each "if" in futex_lock_pi() got some stupid special case "else if". :-)
4. sometimes futex_lock_pi() returns -EDEADLK,
when nobody has the lock. The reason is also obvious (see comment
in the patch), but correct fix is far beyond my comprehension.
I guess someone already saw this, the chunk:
if (rt_mutex_trylock(&q.pi_state->pi_mutex))
ret = 0;
is obviously from the same opera. But it does not work, because the
rtmutex is really taken at this point: wake_futex_pi() of previous
owner reassigned it to us. My fix works. But it looks very stupid.
I would think about removal of shift of ownership in wake_futex_pi()
and making all the work in context of process taking lock.
From: Thomas Gleixner <tglx@linutronix.de>
Fix 1) Avoid the tasklist lock variant of the exit race fix by adding
an additional state transition to the exit code.
This fixes also the issue, when a task with recursive segfaults
is not able to release the futexes.
Fix 2) Cleanup the lookup_pi_state() failure path and solve the -ESRCH
problem finally.
Fix 3) Solve the fixup_pi_state_owner() problem which needs to do the fixup
in the lock protected section by using the in_atomic userspace access
functions.
This removes also the ugly lock drop / unqueue inside of fixup_pi_state()
Fix 4) Fix a stale lock in the error path of futex_wake_pi()
Added some error checks for verification.
The -EDEADLK problem is solved by the rtmutex fixups.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Fri, 8 Jun 2007 20:46:57 +0000 (13:46 -0700)]
rt-mutex: fix stale return value
Alexey Kuznetsov found some problems in the pi-futex code.
The major problem is a stale return value in rt_mutex_slowlock():
When the pi chain walk returns -EDEADLK, but the waiter was woken up during
the phases where the locks were dropped, the rtmutex could be acquired, but
due to the stale return value -EDEADLK returned to the caller.
Reset the return value in the retry path.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Fri, 8 Jun 2007 20:46:55 +0000 (13:46 -0700)]
sata_promise: use TF interface for polling NODATA commands
sata_promise uses two different command modes - packet and TF. Packet mode
is intelligent low-overhead mode while TF is the same old taskfile
interface. As with other advanced interface (ahci/sil24),
ATA_TFLAG_POLLING has no effect in packet mode. However, PIO commands are
issued using TF interface in polling mode, so pdc_interrupt() considers
interrupts spurious if ATA_TFLAG_POLLING is set.
This is broken for polling NODATA commands because command is issued using
packet mode but the interrupt handler ignores it due to ATA_TFLAG_POLLING.
Fix pdc_qc_issue_prot() such that ATA/ATAPI NODATA commands are issued
using TF interface if ATA_TFLAG_POLLING is set.
This patch fixes detection failure introduced by polling SETXFERMODE.
Signed-off-by: Tejun Heo <htejun@gmail.com> Acked-by: Mikael Pettersson <mikpe@it.uu.se> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Fri, 8 Jun 2007 20:46:54 +0000 (13:46 -0700)]
uml: get declaration of simple_strtoul
Include linux/kernel.h wherever simple_strtoul is used. This kills a
compile warning in stderr_console.c and potential ones in the other files.
This also fixes a bunch of style violations in exitcode.c.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Fri, 8 Jun 2007 20:46:49 +0000 (13:46 -0700)]
uml: fix kernel stack size on x86_64
Force KERNEL_STACK_ORDER to be at least 1 on UML/x86_64, to avoid overflows.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Instead of returning the smallest available object return ZERO_SIZE_PTR.
A ZERO_SIZE_PTR can be legitimately used as an object pointer as long as it
is not deferenced. The dereference of ZERO_SIZE_PTR causes a distinctive
fault. kfree can handle a ZERO_SIZE_PTR in the same way as NULL.
This enables functions to use zero sized object. e.g. n = number of objects.
objects = kmalloc(n * sizeof(object));
for (i = 0; i < n; i++)
objects[i].x = y;
kfree(objects);
Signed-off-by: Christoph Lameter <clameter@sgi.com> Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
cache_free_alien must be called regardless if we use alien caches or not.
cache_free_alien() will do the right thing if there are no alien caches
available.
Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Paul Mundt <lethal@linux-sh.org> Acked-by: Pekka J Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Fri, 8 Jun 2007 20:46:46 +0000 (13:46 -0700)]
mount -t tmpfs -o mpol=: check nodes online
Randy Dunlap reports that a tmpfs, mounted with NUMA mpol= specifying an
offline node, crashes as soon as data is allocated upon it. Now restrict it
to online nodes, where before it restricted to MAX_NUMNODES.
Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: Robin Holt <holt@sgi.com> Cc: Christoph Lameter <clameter@sgi.com> Cc: Andi Kleen <ak@suse.de> Tested-and-acked-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Fri, 8 Jun 2007 20:46:45 +0000 (13:46 -0700)]
document Acked-by:
Explain what we use Acked-by: for, and how it differs from Signed-off-by:
Acked-by: Dave Jones <davej@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ken Chen [Fri, 8 Jun 2007 20:46:44 +0000 (13:46 -0700)]
loop: preallocate eight loop devices
The kernel on-demand loop device instantiation breaks several user space
tools as the tools are not ready to cope with the "on-demand feature". Fix
it by instantiate default 8 loop devices and also reinstate max_loop module
parameter.
Signed-off-by: Ken Chen <kenchen@google.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andy Whitcroft [Fri, 8 Jun 2007 20:46:39 +0000 (13:46 -0700)]
update checkpatch.pl to version 0.03
This version brings a host of changes to cure false positives and
bugs detected on patches submitted to lkml and -mm. It also brings
a number of new tests in response to reviews, of particular note:
- catch use of volatile
- allow deprecated functions to be listed in feature-removal-schedule.txt
- warn about #ifdef's in c files
- check that spinlock_t and struct mutex use is commented
- report on architecture specific defines being used
- report memory barriers without an associated comment
Full changelog:
catch use of volatile
convert other quoted string checks to common routine
alloc deprecated functions to be listed in feature-removal-schedule.txt
split out the line length and indent for each line
improve switch block handling
handle GNU diff context lines with no leading space
warn about #ifdef's in c files
tidy up tests for signed-off-by using raw mode
check that spinlock_t and struct mutex use is commented
syntax checks for open brace placement may drop off the bottom of hunk
report memory barriers without an associated comment
when a sign off is present but ugly do not report it missing
do not mistake bitfield definitions for indented labels
report on architecture specific defines being used
major update to the operator checks
prevent switch/if/while etc matching foo_switch
generify assignement in condition error message
introduce an operator context marker
Version: 0.03
Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alan Stern [Fri, 4 May 2007 15:57:00 +0000 (11:57 -0400)]
OHCI: Fix machine check in ohci_hub_status_data
This patch (as901) fixes an oversight in ohci-hcd. The
hub_status_data routine must not try to access the controller's
memory-mapped registers if the controller is in a low-power state;
such attempts will cause a crash on some architectures (such as PPC).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Fri, 8 Jun 2007 19:23:27 +0000 (15:23 -0400)]
USB: Fix up bogus bInterval values in endpoint descriptors
This patch (as904) adds code to check for endpoint descriptor bInterval
values outside the legal limits. Illegal values are set to 32 ms, which
seems like a reasonable default.
This fixes Bugzilla #8432.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Simon Arlott [Fri, 11 May 2007 06:04:13 +0000 (23:04 -0700)]
USB: cxacru: ignore error trying to start ADSL in atm_start
The sysfs adsl_status attribute ignores (aside from returning -EIO to the
user) any error sending a START/STOP command to the device and there is at
least one firmware which never sends a response but appears to work
regardless. Therefore atm_start should also continue if an error is received
so that such firmware is usable.
The official Conexant driver doesn't expect a reply either but this is for
another device (E2 router) and a commonly used firmware does respond.
Also, there is no point in changing -ECONNRESET to -ETIMEDOUT since nothing
ever checks for either of these values.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Cc: Duncan Sands <duncan.sands@math.u-psud.fr> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Simon Arlott [Fri, 11 May 2007 06:04:12 +0000 (23:04 -0700)]
USB: cxacru: create sysfs attributes in atm_start instead of bind
Since usbatm doesn't set the usb_interface driver data until after calling
bind and heavy_init, it would be NULL when the sysfs attributes are read.
Reading the MAC address from atm_dev before atm_dev exists would have been
be possible too.
Calling create_device_file in atm_start will avoid this problem, and the
data is useless until the first status poll runs. However, it must be
ready before a status poll does a printk on line status change otherwise
userspace could react before the files exist.
For completeness I've moved remove_device_file to atm_stop so it's not
called in unbind when it's not needed. There's no point starting ADSL if
atm_start could still fail either.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Cc: Duncan Sands <duncan.sands@math.u-psud.fr> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Simon Arlott [Fri, 11 May 2007 06:04:09 +0000 (23:04 -0700)]
USB: cxacru: add Documentation file
The sysfs attributes for exposing cxacru statistics/status information with
possible values is now explained in Documentation/networking/cxacru.txt
including information on the writable adsl_state attribute's commands and a
sample of the kernel log format.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Cc: Duncan Sands <duncan.sands@math.u-psud.fr> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Sat, 26 May 2007 03:40:14 +0000 (20:40 -0700)]
USB: usb gadgets avoid le{16,32}_to_cpup()
It turns out that le16_to_cpup() and le32_to_cpup() aren't always safe
to call with pointers into packed structures, since those are inlined
functions and GCC may lose the "packed" attribute. So those references
can become unaligned kernel accesses, which are evil on some hardware.
This patch updates uses of those routines in the gadget stack. The
references into packed structures can just use leXX_to_cpu(*x), which
in most cases is more natural. Some other uses in RNDIS, mostly in
debug code, were wrong in the first place; those use get_unaligned().
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Paul Moore [Fri, 8 Jun 2007 01:38:14 +0000 (18:38 -0700)]
[CIPSO]: Fix several unaligned kernel accesses in the CIPSO engine.
IPv4 options are not very well aligned within the packet and the
format of a CIPSO option is even worse. The result is that the CIPSO
engine in the kernel does a few unaligned accesses when parsing and
validating incoming packets with CIPSO options attached which generate
error messages on certain alignment sensitive platforms. This patch
fixes this by marking these unaligned accesses with the
get_unaliagned() macro.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Fri, 8 Jun 2007 01:37:15 +0000 (18:37 -0700)]
[NetLabel]: consolidate the struct socket/sock handling to just struct sock
The current NetLabel code has some redundant APIs which allow both
"struct socket" and "struct sock" types to be used; this may have made
sense at some point but it is wasteful now. Remove the functions that
operate on sockets and convert the callers. Not only does this make
the code smaller and more consistent but it pushes the locking burden
up to the caller which can be more intelligent about the locks. Also,
perform the same conversion (socket to sock) on the SELinux/NetLabel
glue code where it make sense.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Manuel Estrada Sainz passed away on May 9th 2004, his email account got
deactivated. He was in charge of the firmware_class code, and still got
CC'ed in recent discussions about it.
Signed-off-by: Markus Rechberger <markus.rechberger@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kay Sievers [Tue, 1 May 2007 11:46:26 +0000 (13:46 +0200)]
Driver core: keep PHYSDEV for old struct class_device
Class-devices created by "struct class_device" are going to be replaced
by "struct device". Keep the deprecated PHYSDEV* variables for the already
"deprecated" struct class_device" devices.
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Fri, 11 May 2007 05:36:14 +0000 (22:36 -0700)]
update Documentation/driver-model/platform.txt
Make note of the legacy "probe-the-hardware" drivers, and some APIs that
are mostly unused except by such drivers. We probably can't escape having
legacy drivers for a while (e.g. old ISA drivers), but we can at least
discourage this style code for new drivers, and unless it's unavoidable.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Cc: Andres Salomon <dilinger@debian.org> Cc: Dmitry Torokhov <dtor@mail.ru> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Fri, 8 Jun 2007 04:59:44 +0000 (21:59 -0700)]
[SPARC64]: Handle PCI bridges without 'ranges' property.
This fixes the IDE controller not showing up on Netra-T1
systems.
Just like Simba bridges, some PCI bridges can lack the
'ranges' OBP property. So we handle this similarly to
the existing Simba code:
1) In of_device register address resolving, we push the
translation to the parent.
2) In PCI device scanning, we interrogate the PCI config
space registers of the PCI bus device in order to resolve
the resources, just like the generic Linux PCI probing
code does.
With much help and testing from Fabio, who also reported
the initial problem.
Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Fabio Massimo Di Nitto <fabbione@ubuntu.com>
This bug was caught by LTP testcase fchmod06 on Blackfin platform.
In the manpage of fchmod, "EPERM: The effective UID does not match the
owner of the file, and the process is not privileged (Linux: it does not
have the CAP_FOWNER capability)."
But the ramfs nommu code missed the inode_change_ok POSIX UID/GID
verification. This patch fixed this.
* git://git.linux-xtensa.org/kernel/xtensa-feed:
Xtensa: use asm-generic/fcntl.h
[XTENSA] Remove non-rt signal handling
[XTENSA] Move common sections into bss sections
[XTENSA] clean-up header files
[XTENSA] Use generic 64-bit division
[XTENSA] Remove multi-exported symbols from xtensa_ksyms.c
[XTENSA] fix sources using deprecated assembler directive
[XTENSA] Spelling fixes in arch/xtensa
[XTENSA] fix bit operations in bitops.h
Linus Torvalds [Fri, 8 Jun 2007 00:08:06 +0000 (17:08 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (24 commits)
xfrm: Add security check before flushing SAD/SPD
[NET_SCHED]: Fix filter double free
[NET]: Avoid duplicate netlink notification when changing link state
[UDP]: Revert 2-pass hashing changes.
[AF_UNIX]: Fix stream recvmsg() race.
[NETFILTER]: nf_conntrack_amanda: fix textsearch_prepare() error check
[NETFILTER]: ip_tables: fix compat related crash
[NETFILTER]: nf_conntrack: fix helper module unload races
[RTNETLINK]: ifindex 0 does not exist
[NETLINK]: Mark netlink policies const
[TCP] tcp_probe: Attach printf attribute properly to printl().
[TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer().
[NET]: Merge dst_discard_in and dst_discard_out.
[RFKILL]: Make rfkill->name const
[IPV4]: Restore old behaviour of default config values
[IPV4]: Add default config support after inetdev_init
[IPV4]: Convert IPv4 devconf to an array
[IPV4]: Only panic if inetdev_init fails for loopback
[TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack
[BNX2]: Update version and reldate.
...
Steven Rostedt [Thu, 7 Jun 2007 03:34:04 +0000 (23:34 -0400)]
enable interrupts in user path of page fault.
This is a minor fix, but what is currently there is essentially wrong.
In do_page_fault, if the faulting address from user code happens to be
in kernel address space (int *p = (int*)-1; p = 0xbed;) then the
do_page_fault handler will jump over the local_irq_enable with the
goto bad_area_nosemaphore;
But the first line there sees this is user code and goes through the
process of sending a signal to send SIGSEGV to the user task. This whole
time interrupts are disabled and the task can not be preempted by a
higher priority task.
This patch always enables interrupts in the user path of the
bad_area_nosemaphore.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 8 Jun 2007 00:00:37 +0000 (17:00 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix warning by moving do_default_vi into CONFIG_CPU_MIPSR2_SRS
[MIPS] Fix some minor typoes in arch/mips/Kconfig.
[MIPS] Remove prototype for deleted function qemu_handle_int
[MIPS] Fix some system calls with long long arguments
[MIPS] Make dma_map_sg handle sg elements which are longer than one page
[MIPS] Drop __ARCH_WANT_SYS_FADVISE64
[MIPS] Fix VGA corruption on RM300C
[MIPS] RM300: Fix MMIO problems by marking the PCI INT ACK region busy
[MIPS] EMMA2RH: remove dead KGDB code
[MIPS] Remove duplicate fpu enable hazard code.
[MIPS] Atlas, Malta, SEAD: Remove scroll from interrupt handler.
Peter Zijlstra [Wed, 6 Jun 2007 09:39:40 +0000 (11:39 +0200)]
frv: build fix
In file included from /usr/src/linux-2.6-2/net/ipv4/ip_input.c:118:
include2/asm/system.h:245: error: parse error before "__cmpxchg_32"
include2/asm/system.h:245: error: parse error before '*' token
include2/asm/system.h:245: warning: type defaults to `int' in declaration of `__cmpxchg_32'
include2/asm/system.h:245: warning: function declaration isn't a prototype
include2/asm/system.h:245: warning: data definition has no type or storage class
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David S. Miller [Thu, 7 Jun 2007 23:58:22 +0000 (16:58 -0700)]
[SPARC64]: Fix SBUS IRQ regression caused by PCI-E driver.
We used to access the 64-bit IRQ IMAP and ICLR registers of bus
controllers 4-bytes in and as a 32-bit register word, since only the
low 32-bits were relevant. This seemed like a good idea at the time.
But the PCI-E controller requires full 8-byte 64-bit access to
these registers, so we switched over to accessing them fully.
SBUS was not adjusted properly, which broke interrupts completely.
Signed-off-by: David S. Miller <davem@davemloft.net>
Joy Latten [Mon, 4 Jun 2007 23:05:57 +0000 (19:05 -0400)]
xfrm: Add security check before flushing SAD/SPD
Currently we check for permission before deleting entries from SAD and
SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
However we are not checking for authorization when flushing the SPD and
the SAD completely. It was perhaps missed in the original security hooks
patch.
This patch adds a security check when flushing entries from the SAD and
SPD. It runs the entire database and checks each entry for a denial.
If the process attempting the flush is unable to remove all of the
entries a denial is logged the the flush function returns an error
without removing anything.
This is particularly useful when a process may need to create or delete
its own xfrm entries used for things like labeled networking but that
same process should not be able to delete other entries or flush the
entire database.
Signed-off-by: Joy Latten<latten@austin.ibm.com> Signed-off-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
Patrick McHardy [Tue, 5 Jun 2007 23:06:59 +0000 (16:06 -0700)]
[NET_SCHED]: Fix filter double free
cbq and atm destroy their filters twice when destroying inner classes
during qdisc destruction.
Reported-and-tested-by: Strobl Anton <a.strobl@aws-it.at> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 5 Jun 2007 23:03:03 +0000 (16:03 -0700)]
[NET]: Avoid duplicate netlink notification when changing link state
When changing the link state from userspace not affecting any other
flags. Two duplicate notification are being sent, once as action
in the NETDEV_UP/NETDEV_DOWN notification chain and a second time
when comparing old and new device flags after the change has been
completed. Although harmless, the duplicates should be avoided.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
There are still some correctness issues recently
discovered which do not have a known fix that doesn't
involve doing a full hash table scan on port bind.
So revert for now.
Signed-off-by: David S. Miller <davem@davemloft.net>
Miklos Szeredi [Tue, 5 Jun 2007 20:10:29 +0000 (13:10 -0700)]
[AF_UNIX]: Fix stream recvmsg() race.
A recv() on an AF_UNIX, SOCK_STREAM socket can race with a
send()+close() on the peer, causing recv() to return zero, even though
the sent data should be received.
This happens if the send() and the close() is performed between
skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg():
process A skb_dequeue() returns NULL, there's no data in the socket queue
process B new data is inserted onto the queue by unix_stream_sendmsg()
process B sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock()
process A sk->sk_shutdown is checked, unix_release_sock() returns zero
I'm surprised nobody noticed this, it's not hard to trigger. Maybe
it's just (un)luck with the timing.
It's possible to work around this bug in userspace, by retrying the
recv() once in case of a zero return value.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
The return value from textsearch_prepare() needs to be checked
by IS_ERR(). Because it returns error code as a pointer.
Cc: "Brian J. Murrell" <netfilter@interlinx.bc.ca> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Mishin [Tue, 5 Jun 2007 19:56:09 +0000 (12:56 -0700)]
[NETFILTER]: ip_tables: fix compat related crash
check_compat_entry_size_and_hooks iterates over the matches and calls
compat_check_calc_match, which loads the match and calculates the
compat offsets, but unlike the non-compat version, doesn't call
->checkentry yet. On error however it calls cleanup_matches, which in
turn calls ->destroy, which can result in crashes if the destroy
function (validly) expects to only get called after the checkentry
function.
Add a compat_release_match function that only drops the module reference
on error and rename compat_check_calc_match to compat_find_calc_match to
reflect the fact that it doesn't call the checkentry function.
Reported by Jan Engelhardt <jengelh@linux01.gwdg.de>
Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
When a helper module is unloaded all conntracks refering to it have their
helper pointer NULLed out, leading to lots of races. In most places this
can be fixed by proper use of RCU (they do already check for != NULL,
but in a racy way), additionally nf_conntrack_expect_related needs to
bail out when no helper is present.
Also remove two paranoid BUG_ONs in nf_conntrack_proto_gre that are racy
and not worth fixing.
Signed-off-by: Patrick McHarrdy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 5 Jun 2007 06:36:06 +0000 (23:36 -0700)]
[IPV4]: Restore old behaviour of default config values
Previously inet devices were only constructed when addresses are added
(or rarely in ipmr). Therefore the default config values they get are
the ones at the time of these operations.
Now that we're creating inet devices earlier, this changes the
behaviour of default config values in an incompatible way (see bug
#8519).
This patch creates a compromise by setting the default values at the
same point as before but only for those that have not been explicitly
set by the user since the inet device's creation.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 5 Jun 2007 06:34:44 +0000 (23:34 -0700)]
[IPV4]: Convert IPv4 devconf to an array
This patch converts the ipv4_devconf config members (everything except
sysctl) to an array. This allows easier manipulation which will be
needed later on to provide better management of default config values.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 5 Jun 2007 06:34:08 +0000 (23:34 -0700)]
[IPV4]: Only panic if inetdev_init fails for loopback
When I made the inetdev_init call work on all devices I incorrectly
left in the panic call as well. It is obviously undesirable to
panic on an allocation failure for a normal network device. This
patch moves the panic call under the loopback if clause.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Tue, 5 Jun 2007 04:24:07 +0000 (21:24 -0700)]
[BNX2]: Fix occasional counter corruption on 5708.
The statistics block DMA on 5708 can be messed up occasionally on the
average of about once per hour. If the user is reading the counters
within one second after the corruption, the counters will be all
messed up. One second later, the counters will be ok again until the
next corruption occurs.
The workaround is to disable the periodic statistics DMA. Instead,
we manually trigger the DMA once a second in bnx2_timer(). This
manual trigger of the DMA avoids the problem.
As a consequence, we can only allow 0 or 1 second settings for
ethtool -C statistics block.
Thanks to Jean-Daniel Pauget <jd@disjunkt.com> and
CaT <cat@zip.com.au> for reporting this rare problem.
Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Tue, 5 Jun 2007 04:17:10 +0000 (21:17 -0700)]
[BNX2]: Fix netdev watchdog on 5708.
There's a bug in the driver that only initializes half of the context
memory on the 5708. Surprisingly, this works most of the time except
for some occasional netdev watchdogs when sending a lot of 64-byte
packets. The fix is to add the missing code to initialize the 2nd
halves of all context memory.
Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 7 Jun 2007 16:35:54 +0000 (09:35 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[VIDEO] sunxvr500fb: Fix pseudo_palette array size
[VIDEO] sunxvr2500fb: Fix pseudo_palette array size
[VIDEO] ffb: The pseudo_palette is only 16 elements long
[VIDEO]: Fix section mismatch warning in promcon.
[ATA]: Back out bogus (SPARC64 && !PCI) Kconfig depends.
[SPARC64]: Fill in gaps in non-PCI dma_*() NOP implementation.
[SPARC64]: Fix {mc,smt}_capable().
[SPARC64]: Make core and sibling groups equal on UltraSPARC-IV.
[SPARC64]: Proper multi-core scheduling support.
[SPARC64]: Provide mmu statistics via sysfs.
[SPARC64]: Fix service channel hypervisor function names.
[SPARC64]: Export basic cpu properties via sysfs.
[SPARC64]: Move topology init code into new file, sysfs.c
Linus Torvalds [Thu, 7 Jun 2007 15:54:55 +0000 (08:54 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix building of COFF zImages
[POWERPC] spufs: Fix error handling in spufs_fill_dir()
[POWERPC] Add table of contents to booting-without-of.txt
[POWERPC] spufs: Don't yield nosched context
[POWERPC] Fix typo in booting-without-of-txt section numbering
[POWERPC] scc_sio: Fix link failure
[POWERPC] cbe_cpufreq: Limit frequency via cpufreq notifier chain
[POWERPC] Fix pci_setup_phb_io_dynamic for pci_iomap
[POWERPC] spufs scheduler: Fix wakeup races
[POWERPC] spufs: Synchronize pte invalidation vs ps close
[POWERPC] spufs: Free mm if spufs_fill_dir() failed
[POWERPC] spufs: Fix gang destroy leaks
[POWERPC] spufs: Hook up spufs_release_mem
[POWERPC] spufs: Refuse to load the module when not running on cell
[POWERPC] pasemi: Fix iommu + 64K PAGE_SIZE bug
Roland McGrath [Wed, 6 Jun 2007 10:59:00 +0000 (03:59 -0700)]
Restrict clearing TIF_SIGPENDING
This patch should get a few birds. It prevents sigaction calls from
clearing TIF_SIGPENDING in other threads, which could leak -ERESTART*.
And It fixes ptrace_stop not to clear it, which done at the syscall exit
stop could leak -ERESTART*. It probably removes the harm from signalfd,
at least assuming it never calls dequeue_signal on kernel threads that
might have used block_all_signals.
Signed-off-by: Roland McGrath <roland@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Paul Mackerras [Thu, 7 Jun 2007 12:21:31 +0000 (22:21 +1000)]
[POWERPC] Fix building of COFF zImages
The COFF zImage (for booting oldworld powermacs) wasn't being built
correctly because the procedure descriptor in crt0.S for the zImage
entry point wasn't declared as .globl, and therefore wasn't getting
pulled in from wrapper.a by the linker. This adds the necessary
.globl statement.
[POWERPC] spufs: Fix error handling in spufs_fill_dir()
The error path in spufs_fill_dir() is broken. If d_alloc_name() or
spufs_new_file() fails, spufs_prune_dir() is getting called. At this time
dir->inode is not set and a NULL pointer is dereferenced by mutex_lock().
This bugfix replaces spufs_prune_dir() with a shorter version that does
not touch dir->inode but simply removes all children.
Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Acked-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>