Florin Malita [Fri, 18 May 2007 20:04:33 +0000 (16:04 -0400)]
[PATCH] libertas: skb dereferenced after netif_rx
In libertas_process_rxed_packet() and process_rxed_802_11_packet() the
skb is dereferenced after being passed to netif_rx (called from
libertas_upload_rx_packet). Spotted by Coverity (1658, 1659).
Also, libertas_upload_rx_packet() unconditionally returns 0 so the error
check is dead code - might as well take it out and change the signature.
Signed-off-by: Florin Malita <fmalita@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Linus Torvalds [Tue, 22 May 2007 01:41:17 +0000 (18:41 -0700)]
Revert "kbuild: make better section mismatch reports on i386, arm and mips"
This reverts commit f892b7d480eec809a5dfbd6e65742b3f3155e50e, which
totally broke the build on x86 with CONFIG_RELOCATABLE (which, as far as
I can tell, is the only case where it should even matter!) due to a
SIGSEGV in modpost.
Linus Torvalds [Tue, 22 May 2007 00:44:34 +0000 (17:44 -0700)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: bump versions
libata: Trim trailing whitespace
libata: Kiss post_set_mode goodbye
ata_piix: clean up
pata_hpt366: Enable bits are unreliable so don't use them
libata: Add Seagate STT20000A to DMA blacklist.
ahci: disable 64bit dma on sb600
Alan Cox [Mon, 21 May 2007 13:52:49 +0000 (14:52 +0100)]
pata_hpt366: Enable bits are unreliable so don't use them
Various people had problems with both old and new IDE when hpt366 enable
bits started getting honoured. It turns out they are not reliable so
don't rely on them
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Dave Jones [Mon, 21 May 2007 18:31:03 +0000 (14:31 -0400)]
libata: Add Seagate STT20000A to DMA blacklist.
http://bugzilla.kernel.org/show_bug.cgi?id=1044 points out an
additional hard disk that doesn't handle DMA transfers correctly.
This patch is the libata variant of the earlier patch to drivers/ide/
Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
declance: Remove a dangling spin_unlock_irq() thingy
The spin_unlock_irq() invocation in lance_start_xmit() has no matching
locking request. The call is already protected by netif_tx_lock, so
remove the statement.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Mon, 21 May 2007 21:51:35 +0000 (14:51 -0700)]
e1000: Don't enable polling in open() (was: e1000: assertion hit in e1000_clean(), kernel 2.6.21.1)
Herbert Xu wrote:
"netif_poll_enable can only be called if you've previously called
netif_poll_disable. Otherwise a poll might already be in action
and you may get a crash like this."
Removing the call to netif_poll_enable in e1000_open should fix this issue,
the only other call to netif_poll_enable is in e1000_up() which is only
reached after a device reset or resume.
Linus Torvalds [Mon, 21 May 2007 23:19:32 +0000 (16:19 -0700)]
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
IB/cm: Improve local id allocation
IPoIB/cm: Fix SRQ WR leak
IB/ipoib: Fix typos in error messages
IB/mlx4: Check if SRQ is full when posting receive
IB/mlx4: Pass send queue sizes from userspace to kernel
IB/mlx4: Fix check of opcode in mlx4_ib_post_send()
mlx4_core: Fix array overrun in dump_dev_cap_flags()
IB/mlx4: Fix RESET to RESET and RESET to ERROR transitions
IB/mthca: Fix RESET to ERROR transition
IB/mlx4: Set GRH:HopLimit when sending globally routed MADs
IB/mthca: Set GRH:HopLimit when building MLX headers
IB/mlx4: Fix check of max_qp_dest_rdma in modify QP
IB/mthca: Fix use-after-free on device restart
IB/ehca: Return proper error code if register_mr fails
IPoIB: Handle P_Key table reordering
IB/core: Use start_port() and end_port()
IB/core: Add helpers for uncached GID and P_Key searches
IB/ipath: Fix potential deadlock with multicast spinlocks
IB/core: Free umem when mm is already gone
The IB CM uses an idr for local id allocations, with a running counter
as start_id. This fails to generate distinct ids if
1. An id is constantly created and destroyed
2. A chunk of ids just beyond the current next_id value is occupied
This in turn leads to an increased chance of connection request being
mis-detected as a duplicate, sometimes for several retries, until
next_id gets past the block of allocated ids. This has been observed
in practice.
As a fix, remember the last id allocated and start immediately above it.
This also fixes a problem with the old code, where next_id might
overflow and become negative.
Signed-off-by: Michael S. Tsirkin <mst@dev.mellanox.co.il> Acked-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
SRQ WR leakage has been observed with IPoIB/CM: e.g. flipping ports on
and off will, with time, leak out all WRs and then all connections
will start getting RNR NAKs. Fix this in the way suggested by spec:
move the QP being destroyed to the error state, wait for "Last WQE
Reached" event and then post WR on a "drain QP" connected to the same
CQ. Once we observe a completion on the drain QP, it's safe to call
ib_destroy_qp.
Signed-off-by: Michael S. Tsirkin <mst@dev.mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fix:
mm/slab: fix section mismatch warning
mm: fix section mismatch warnings
init/main: use __init_refok to fix section mismatch
kbuild: introduce __init_refok/__initdata_refok to supress section mismatch warnings
all-archs: consolidate .data section definition in asm-generic
all-archs: consolidate .text section definition in asm-generic
kbuild: add "Section mismatch" warning whitelist for powerpc
kbuild: make better section mismatch reports on i386, arm and mips
kbuild: make modpost section warnings clearer
kconfig: search harder for curses library in check-lxdialog.sh
kbuild: include limits.h in sumversion.c for PATH_MAX
powerpc: Fix the MODALIAS generation in modpost for of devices
Linus Torvalds [Mon, 21 May 2007 17:01:36 +0000 (10:01 -0700)]
Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] More verbose show_mem() like other architectures.
[S390] Make use of kretprobe_assert.
[S390] Wire up signald, timerfd and eventfd syscalls.
[S390] Wire up sys_utimensat.
[S390] cio: Update documentation.
Linus Torvalds [Mon, 21 May 2007 17:00:57 +0000 (10:00 -0700)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Fix race condition about network device name allocation.
[IPV4]: icmp: fix crash with sysctl_icmp_errors_use_inbound_ifaddr
[NETFILTER]: nf_conntrack_ipv4: fix incorrect #ifdef config name
[NETFILTER]: nf_conntrack: fix use-after-free in helper destroy callback invocation
[IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all
[TCP] FRTO: Prevent state inconsistency in corner cases
[TCP] FRTO: Add missing ECN CWR sending to one of the responses
[NET]: Fix net/core/skbuff.c gcc-3.2.3 compilation error
[RFKILL]: Fix check for correct rfkill allocation
[IPV6]: Add ip6_tunnel.h to headers_install
john stultz [Mon, 21 May 2007 12:31:52 +0000 (14:31 +0200)]
x86_64: vsyscall time() fix
The vsyscall time() function basically returns the second portion of
xtime directly. This however means that there is about a ticks worth of
time each second where time() will return a second value less then what
gettimeofday() does.
Additionally, this window where vtime() is behind vgettimeofday() grows
when dynticks is enabled, so its probably good to get this in before
dynticks lands.
Big thanks to Sripathi for noticing this issue and creating a test case
to work with!
This patch changes the vtime() implemenation to call vgettimeofday(),
much as syscall time() implementation calls gettimeofday().
Glen Turner reported that writing LFCR rather than the more
traditional CRLF causes issues with some terminals.
Since this afflicts many serial drivers, extract the common code to a
library function (uart_console_write) and arrange for each driver to
supply a "putchar" function.
but early_printk is left out.
Signed-off-by: Yinghai Lu <yinghai.lu@sun.com> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
i386: Fix wrong CPU error message in early boot path
- boot/setup.S did not print "PANIC: CPU too old for this kernel"
( not visible, also the message did not match )
- I add "# missed before: set ds"
=> somebody should check if I am right with the way to set.
=> seems to be a generic error in setup.S not to set "ds" for error messages.
AK: extracted patch out of other changes
AK: also couldn't find any other case where ds is wrong Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andi Kleen [Mon, 21 May 2007 12:31:45 +0000 (14:31 +0200)]
i386: Fix K8/core2 oprofile on multiple CPUs
Only try to allocate MSRs once instead of for every CPU.
This assumes the MSRs are the same on all CPUs which is currently
true. P4-HT is a special case for different SMT threads, but the code
always saves/restores all MSRs so it works identical.
Bryan Wu [Mon, 21 May 2007 10:32:16 +0000 (18:32 +0800)]
Blackfin SPI: cleanup according to David Brownell's review
a) platorm_driver_probe(...) instead of platform_driver_register(&driver);
b) set bfin_spi_enable and bfin_spi_disable static
c) Why is the width flag a u32?
d) maybe use dev_dbg() instead of pr_debug()
Bernd Schmidt [Mon, 21 May 2007 10:09:33 +0000 (18:09 +0800)]
Blackfin arch: fix signal handling bug
There's a forum thread at
https://blackfin.uclinux.org/gf/project/uclinux-dist/forum/?action=ForumBrowse&_forum_action=MessageReply&message_id=24741
which has a testcase involving signal handling that crashes quite readily.
Inspecting the code I believe what happens is that signal handling can become
confused when it is invoked on return from an interrupt, if the contents of
P0 and R0 at the time of the interrupt happen to be such that P0 is larger
than zero (indicating to the signal code that we're in a syscall), and R0
happens to have a value of something like -EINTR or -ERESTARTSYS.
Fixed by setting orig_p0 to -1 if we're returning from an interrupt. The
testcase now seems to run without problems.
Bryan Wu [Mon, 21 May 2007 10:09:31 +0000 (18:09 +0800)]
Blackfin arch: update blackfin header files to latest one in VDSP.
a) add new processor BF52x/BF54x header files
b) update blackfin BF533/BF537/BF561 header files to latest one in VDSP.
c) scrub watchdog/rtc masks from headers as we dont need/want them (too generic and the drivers dont use them)
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com> Signed-off-by: Roy Huang <roy.huang@analog.com> Signed-off-by: Sonic Zhang <sonic.zhang@analog.com> Signed-off-by: Bryan Wu <bryan.wu@analog.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1) Disable Interrupts during DMA memcpy to avoid raise conditions.
2) Mark MDMA channel 0 as reserved, since were using it internally.
3) Add DMA based equivalents for insX and outsX.
4) Our insX and outsX only handles len <= 2^16.
Alexey Dobriyan [Sun, 20 May 2007 21:22:52 +0000 (01:22 +0400)]
Detach sched.h from mm.h
First thing mm.h does is including sched.h solely for can_do_mlock() inline
function which has "current" dereference inside. By dealing with can_do_mlock()
mm.h can be detached from sched.h which is good. See below, why.
This patch
a) removes unconditional inclusion of sched.h from mm.h
b) makes can_do_mlock() normal function in mm/mlock.c
c) exports can_do_mlock() to not break compilation
d) adds sched.h inclusions back to files that were getting it indirectly.
e) adds less bloated headers to some files (asm/signal.h, jiffies.h) that were
getting them indirectly
Net result is:
a) mm.h users would get less code to open, read, preprocess, parse, ... if
they don't need sched.h
b) sched.h stops being dependency for significant number of files:
on x86_64 allmodconfig touching sched.h results in recompile of 4083 files,
after patch it's only 3744 (-8.3%).
Cross-compile tested on
all arm defconfigs, all mips defconfigs, all powerpc defconfigs,
alpha alpha-up
arm
i386 i386-up i386-defconfig i386-allnoconfig
ia64 ia64-up
m68k
mips
parisc parisc-up
powerpc powerpc-up
s390 s390-up
sparc sparc-up
sparc64 sparc64-up
um-x86_64
x86_64 x86_64-up x86_64-defconfig x86_64-allnoconfig
Cornelia Huck [Mon, 21 May 2007 09:25:19 +0000 (11:25 +0200)]
[S390] cio: Update documentation.
- read_dev_chars()/read_conf_data() are deprecated. Don't document them, but
advise to issue the channel program from the driver itself.
- Remove some really obsolete and incorrect stuff.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Ben Dooks [Sun, 20 May 2007 18:58:10 +0000 (19:58 +0100)]
[ARM] 4399/2: S3C2443: Fix SMDK2443 nand timings
Reduce the Twrph0 timing slightly to fit on an SMDK2443. This
should still produce valid timings for the NAND devices as it
is still over the smallest device fitted to these boards.
Signed-off-by: Ben Dooks <(address hidden)> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Eli Cohen [Thu, 17 May 2007 07:32:41 +0000 (10:32 +0300)]
IB/mlx4: Pass send queue sizes from userspace to kernel
Pass the number of WQEs for the send queue and their size from userspace
to the kernel to avoid having to keep the QP size calculations in sync
between the kernel driver and libmlx4. This fixes a bug seen with the
current mlx4_ib driver and current libmlx4 caused by a difference in the
calculated sizes for SQ WQEs. Also, this gives more flexibility for
userspace to experiment with using multiple WQE BBs for a single SQ WQE.
Signed-off-by: Eli Cohen <eli@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
[NET]: Fix race condition about network device name allocation.
Kenji Kaneshige found this race between device removal and
registration. On unregister it is possible for the old device to
exist, because sysfs file is still open. A new device with 'eth%d'
will select the same name, but sysfs kobject register will fial.
The following changes the shutdown order slightly. It hold a removes
the sysfs entries earlier (on unregister_netdevice), but holds a
kobject reference. Then when todo runs the actual last put free
happens.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Sat, 19 May 2007 21:44:15 +0000 (14:44 -0700)]
[IPV4]: icmp: fix crash with sysctl_icmp_errors_use_inbound_ifaddr
When icmp_send is called on the local output path before the
packet hits ip_output, skb->dev is not set, causing a crash
when sysctl_icmp_errors_use_inbound_ifaddr is set. This can
happen with the netfilter REJECT target or IPsec tunnels.
Let routing decide the ICMP source address in that case, since the
packet is locally generated there is no inbound interface and
the sysctl should not apply.
The option actually seems to be unfixable broken, on the path
after ip_output() skb->dev points to the outgoing device and
we don't know the incoming device anymore, so its going to do
the absolute wrong thing and pick the address of the outgoing
interface. Add a comment about this.
Reported by Curtis Doty <Curtis@GreenKey.net>.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Sat, 19 May 2007 21:23:52 +0000 (14:23 -0700)]
[NETFILTER]: nf_conntrack: fix use-after-free in helper destroy callback invocation
When the helper module is removed for a master connection that has a
fulfilled expectation, but has already timed out and got removed from
the hash tables, nf_conntrack_helper_unregister can't find the master
connection to unset the helper, causing a use-after-free when the
expected connection is destroyed and releases the last reference to
the master.
The helper destroy callback was introduced for the PPtP helper to clean
up expectations and expected connections when the master connection
times out, but doing this from destroy_conntrack only works for
unfulfilled expectations since expected connections hold a reference
to the master, preventing its destruction. Move the destroy callback to
the timeout function, which fixes both problems.
Reported/tested by Gabor Burjan <buga@buvoshetes.hu>.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sat, 19 May 2007 21:21:18 +0000 (14:21 -0700)]
[IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all
This is a natural extension of the changeset
[XFRM]: Probe selected algorithm only.
which only removed the probe call for xfrm_user. This patch does exactly
the same thing for af_key. In other words, we load the algorithm requested
by the user rather than everything when adding xfrm states in af_key.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / mv-sheeva.git / log