Jean Delvare [Sat, 17 Sep 2005 02:28:08 +0000 (19:28 -0700)]
[PATCH] i2c: kill an unused i2c_adapter struct member
Kill an unused member of the i2c_adapter structure. This additionally
fixes a potential bug, because <linux/i2c.h> doesn't include
<linux/config.h>, so different files including <linux/i2c.h> could see a
different definition of the i2c_adapter structure, depending on them
including <linux/config.h> (or other header files themselves including
<linux/config.h>) before <linux/i2c.h>, or not.
Credits go to Jörn Engel for pointing me to the problem.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al found a potential problem in epoll_create(), where the
file->private_data member was set after fd_install(). This is obviously
wrong since another thread might do a close() on that fd# before we set the
file->private_data member. This goes over 2.6.13 and passes a few basic
tests I've done here.
The driver used to allocate memory with spinlock held which has been
fixed in this patch.
The driver was printing the entire buffer when it received a invalid
entry in image_type. The fix is to only print a warning message and not
the buffer.
Usability enhancements:
It is possible that due to user error the /sys/class/firmware/dell_rbu
entries might be missing, this can happen if the user does the following
Michael Kerrisk [Sat, 17 Sep 2005 02:28:02 +0000 (19:28 -0700)]
[PATCH] PR_GET_DUMPABLE returns incorrect info
2.6.13 incorporated Alan Cox's patch for /proc/sys/fs/suid_dumpable (one
version of this patch can be found here
http://marc.theaimsgroup.com/?l=linux-kernel&m=109647550421014&w=2 ).
This patch also made corresponding changes in kernel/sys.c to change the
prctl() PR_SET_DUMPABLE operation so that the permitted range of 'arg2' was
modified from 0..1 to 0..2.
However, a corresponding change was not made for PR_GET_DUMPABLE: if the
dumpable flag is non-zero, then PR_GET_DUMPABLE always returns 1, so that
the caller can't determine the true setting of this flag.
Acked-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] ppc32: Add ppc_sys descriptions for PowerQUICC I devices
Added ppc_sys device and system definitions for PowerQUICC I devices. This
will allow drivers for PQI to be proper platform device drivers. Currently
sys section contains only MPC885 and MPC866. Identification should be done
with identify_ppc_sys_by_name call, with board-specific "name" string
passed, since PQI do not have any register that could identify the SOC.
Signed-off-by: Vitaly Bordug <vbordug@ru.mvista.com> Signed-off-by: Kumar Gala <kumar.gala@freescale.com> Signed-off-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Thomas Maguin [Sat, 17 Sep 2005 02:27:58 +0000 (19:27 -0700)]
[PATCH] scsi_ioctl: Add WRITE_LONG_2 as write safe command
Add WRITE_LONG_2 as write safe commands, which which allows normal users to
make a c1-, c2- and cu-scan (so called cxscan) with readcd on
cxscan-capable cd/dvd-writers
Signed-off-by: Jens Axboe <axboe@suse.de> Cc: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Sat, 17 Sep 2005 02:27:55 +0000 (19:27 -0700)]
[PATCH] x86_64: desc.h-needs smp.h
include/asm/desc.h: In function `load_LDT':
include/asm/desc.h:209: warning: implicit declaration of function `get_cpu'
include/asm/desc.h:211: warning: implicit declaration of function `put_cpu'
Jeff Dike [Sat, 17 Sep 2005 02:27:52 +0000 (19:27 -0700)]
[PATCH] uml: remove include of asm/elf.h
asm/elf.h is bad on x86_64, and i386 doesn't need it any more after Al's
cleanup.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:51 +0000 (19:27 -0700)]
[PATCH] uml: return a real error code
do_aio used to return -1 on error instead of errno.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:51 +0000 (19:27 -0700)]
[PATCH] uml: merge mem_user.c and mem.c
The serial UML OS-abstraction layer patch (um/kernel dir).
This joins mem_user.c and mem.c files.
Signed-off-by: Gennady Sharapov <Gennady.V.Sharapov@intel.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:50 +0000 (19:27 -0700)]
[PATCH] uml: move libc code out of mem_user.c and tempfile.c
The serial UML OS-abstraction layer patch (um/kernel dir).
This moves all system calls from mem_user.c and tempfile.c files under
os-Linux dir.
Signed-off-by: Gennady Sharapov <Gennady.V.Sharapov@intel.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:49 +0000 (19:27 -0700)]
[PATCH] uml: preserve errno in error paths
The poster child for this patch is the third tuntap_user hunk. When an ioctl
fails, it properly closes the opened file descriptor and returns. However,
the close resets errno to 0, and the 'return errno' that follows returns 0
rather than the value that ioctl set. This caused the caller to believe that
the device open succeeded and had opened file descriptor 0, which caused no
end of interesting behavior.
The rest of this patch is a pass through the UML sources looking for places
where errno could be reset before being passed back out. A common culprit is
printk, which could call write, being called before errno is returned.
In some cases, where the code ends up being much smaller, I just deleted the
printk.
There was another case where a caller of run_helper looked at errno after a
failure, rather than the return value of run_helper, which was the errno value
that it wanted.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:48 +0000 (19:27 -0700)]
[PATCH] uml: Remove some build warnings
These ugly double-casts are the result of gdb complaining about size
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:47 +0000 (19:27 -0700)]
[PATCH] uml: Remove a useless include
linux/inet.h isn't needed, and on my system, is empty.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:47 +0000 (19:27 -0700)]
[PATCH] uml: Remove an unused file
This removes a file which is no longer used.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:46 +0000 (19:27 -0700)]
[PATCH] uml: breakpoint an arbitrary thread
This patch implements a stack trace for a thread, not unlike sysrq-t does.
The advantage to this is that a break point can be placed on showreqs, so that
upon showing the stack, you jump immediately into the debugger. While sysrq-t
does the same thing, sysrq-t shows *all* threads stacks. It also doesn't work
right now. In the future, I thought it might be acceptable to make this show
all pids stacks, but perhaps leaving well enough alone and just using sysrq-t
would be okay. For now, upon receiving the stack command, UML switches
context to that thread, dumps its registers, and then switches context back to
the original thread. Since UML compacts all threads into one of 4 host
threads, this sort of mechanism could be expanded in the future to include
other debugging helpers that sysrq does not cover.
Note by jdike - The main benefit to this is that it brings an arbitrary thread
back into context, where it can be examined by gdb. The fact that it dumps it
stack is secondary. This provides the capability to examine a sleeping
thread, which has existed in tt mode, but not in skas mode until now.
Also, the other threads, that sysrq doesn't cover, can be gdb-ed directly
anyway.
Signed-off-by: Allan Graves<allan.graves@gmail.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Sat, 17 Sep 2005 02:27:43 +0000 (19:27 -0700)]
[PATCH] uml: _switch_to code consolidation
This patch moves code that is in both switch_to_tt and switch_to_skas to the
top level _switch_to function, keeping us from duplicating code. It is
required for the stack trace patch to work properly.
Signed-off-by: Allan Graves <allan.graves@gmail.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
When an asynchronous interruption occurs during the execution of the
'critical section' within the generic interruption handling code (entry.S),
a faulty check for a userspace PSW may result in a corrupted kernel stack
pointer which subsequently triggers a stack overflow check.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Got confused with the crypto update. The last patch added a call to
destroy_workqueue() for a non-existent workqueue with the comment "Remove
device workqueue on module unload". This is nonsense. Remove the offending
hunk again.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Garzik [Fri, 16 Sep 2005 10:01:48 +0000 (06:01 -0400)]
[libata] fix PIO completion race
Make sure we that completion is the final action we take; prior to this
change, another CPU may have changed ap->pio_task_state before we tested
it a final time.
Spotted by, and original patch by Albert Lee @ IBM.
Also includes a minor optimization: eliminate a ton of unnecessary
queue_work() calls, simply by jumping to the beginning of the FSM
function ata_pio_task().
Jay Vosburgh [Wed, 14 Sep 2005 21:52:09 +0000 (14:52 -0700)]
[PATCH] bonding: plug reference count leak
Bonding leaks route structures when the ARP monitor is
configured to send probes over VLANs.
Originally reported by Ian Abel <ian.abel@mxtelecom.com>; his
original fix was modified by Jay Vosburgh to correct coding style and to
close a leak it missed.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
[PATCH] vc: Use correct size on buffer copy in vc_resize
In the unlikely case of the new screen width much wider then the old,
use (old_row_size * new_rows) instead of new_screen_size to prevent a
buffer overrun during the copy.
[PATCH] vgacon: Fix sanity checking in vgacon_resize
Reported by: walt <wa1ter@myrealbox.com>
"I routinely switch the console font during bootup to
8x8 so I can get 50 lines per screen. Until 09 Sept,
just changing to the small font automatically gave me
all 50 lines -- but now I'm only getting 25 lines even
with the small font. The bottom half of the screen
displays the text that already scrolled off the top."
This bug is due to an erroneous check in the recently added hook,
vgacon_resize(). It checks the new height against the original number of
rows of the console. Because the original number of rows depends on both
the scanline and the font height, check it instead against the
scanline/fontheight.
[PATCH] savagefb: Fix load failure of the Twister chipset
- The Twister chipsets are actually prosavages. Reclassify them as
such and remove the S3_SAVAGE_TWISTER id.
- Fix i2c code if fb_firmware_edid() returns NULL
"A recent patch changed the way the LPAR bit is checked during early
boot. This resulted in a polarity change in a conditional branch
without changing the branch, causing at least some legacy machines to
not boot."
Russell King [Thu, 15 Sep 2005 14:17:59 +0000 (15:17 +0100)]
[ARM] Tighten pfn_valid() test.
Thomas Gleixner reported that mmaping and unmapping each physical
page in turn eventually caused the kernel to oops. It appears
that pfn_valid() in the discontigmem case was too simplistic for
proper operation.
Tighten the logic so we also check if the PFN is within the range
of the selected memory node.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Richard Purdie [Thu, 15 Sep 2005 13:53:22 +0000 (14:53 +0100)]
[ARM] 2913/1: PXA Poodle: Cleanup some unneeded code
Patch from Richard Purdie
This patch cleans up the PXA Poodle platform code removing an unneeded
static iomap. It also corrects errors in the platform header file and
adds a missing GPIO define.
Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[ARM] 2905/1: enable the ixp2000 i2c bus driver in ixp2000 defconfigs
Patch from Lennert Buytenhek
It's silly to have I2C enabled in all ixp2000 defconfigs but not to
have the ixp2000 bus driver enabled in any of them. This patch enables
CONFIG_I2C_IXP2000 for all in-tree ixp2000 boards.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The intel docs call it IXP2000_PRODUCT_ID, and we have a definition
for IXP2000_PRODUCT_ID as well, so IXP2000_PROD_ID can go. It's only
used in one place.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This patch:
- changes the ixp2000_reg_write accessor to take a 'volatile void *'
instead of a 'volatile unsigned long *', which then allows passing in
a u32 * as first argument without being greeted with a warning; and
- adds an ixp2000_reg_read accessor.
We can then use these accessors in ixp2000 code to access on-chip
peripherals, instead of directly dereferencing pointers. This is for
use by the ixp2000 microengine driver which was recently announced on
netdev. We can't use readl/writel on the ixp2000 since it is usually
run in big-endian mode, and on big-endian platforms, readl/writel
perform byteswapping.
A future patch will remove the readback from ixp2000_reg_write, since
it's not needed to prevent erratum #66, and add manual readbacks to the
places that need them (writes are not synchronous since we map in device
space using XCB=101 nowadays), such as interrupt disabling and GPIO
manipulation. See also:
http://lists.arm.linux.org.uk/pipermail/linux-arm-kernel/2005-February/027084.html
Patch has been ACKed by Jeff Garzik.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
David S. Miller [Thu, 15 Sep 2005 04:47:01 +0000 (21:47 -0700)]
[LIB]: Consolidate _atomic_dec_and_lock()
Several implementations were essentialy a common piece of C code using
the cmpxchg() macro. Put the implementation in one spot that everyone
can share, and convert sparc64 over to using this.
Alpha is the lone arch-specific implementation, which codes up a
special fast path for the common case in order to avoid GP reloading
which a pure C version would require.
Signed-off-by: David S. Miller <davem@davemloft.net>
David L Stevens [Thu, 15 Sep 2005 04:10:20 +0000 (21:10 -0700)]
[IPV6]: Fix per-socket multicast filtering in sk_reuse case
per-socket multicast filters were not being applied to all sockets
in the case of an exact-match bound address, due to an over-exuberant
"return" in the look-up code. Fix below. IPv4 does not have this problem.
Thanks to Hoerdt Mickael for reporting the bug.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[IPVS]: ip_vs_ftp breaks connections using persistence
ip_vs_ftp when loaded can create NAT connections with unknown client
port for passive FTP. For such expectations we lookup with cport=0 on
incoming packet but it matches the format of the persistence templates
causing packets to other persistent virtual servers to be forwarded to
real server without creating connection. Later the reply packets are
treated as foreign and not SNAT-ed.
This patch changes the connection lookup for packets from clients:
* introduce IP_VS_CONN_F_TEMPLATE connection flag to mark the
connection as template
* create new connection lookup function just for templates -
ip_vs_ct_in_get
* make sure ip_vs_conn_in_get hits only connections with
IP_VS_CONN_F_NO_CPORT flag set when s_port is 0. By this way
we avoid returning template when looking for cport=0 (ftp)
Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes line dupes at /ipv4/igmp.c and /ipv6/mcast.c in the
2.6 kernel, where MCAST_EXCLUDE is mistakenly used instead of
MCAST_INCLUDE.
Signed-off-by: Denis Lukianov <denis@voxelsoft.com> Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 15 Sep 2005 03:50:35 +0000 (20:50 -0700)]
[TCP]: Compute in_sacked properly when we split up a TSO frame.
The problem is that the SACK fragmenting code may incorrectly call
tcp_fragment() with a length larger than the skb->len. This happens
when the skb on the transmit queue completely falls to the LHS of the
SACK.
And add a BUG() check to tcp_fragment() so we can spot this kind of
error more quickly in the future.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Partially revert "Fix time going twice as fast problem on ATI Xpress chipsets"
Commit 66759a01adbfe8828dd063e32cf5ed3f46696181 introduced the fix for
time ticking too fast on some boards by disabling one of the doubly
connected timer pins on ATI boards.
However, it ends up being _much_ too broad a brush, and that just makes
some other ATI boards not work at all since they now have no timer
source.
So disable the automatic ATI southbridge detection, and just rely on
people who see this problem disabling it by hand with the option
"disable_timer_pin_1" on the kernel command line.
Maybe somebody can figure out the proper tests at a later date.
Acked-by: Peter Osterlund <petero2@telia.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Anton Blanchard [Wed, 14 Sep 2005 21:19:18 +0000 (14:19 -0700)]
[PATCH] hvc_console: start kernel thread before registering tty
Its possible that we can write to the hvc_console tty as soon it is
registered. Recently this started happening due to (what looks like) a
change to the hotplug code.
Unfortunately at this stage we have not started the khvcd kernel thread and
oops. The solution is to start the kernel thread before registering the
tty.
Signed-off-by: Anton Blanchard <anton@samba.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
broke the RME32 and RME96 drivers, since the PCI IDs they use seem to have
changed names. Here's a patch to fix this -- compile tested only, since I
have no idea what the hardware even is.
Fix the build of the RME32 and RME96 drivers by having them use the
PCI_DEVICE_ID_RME_xxx names defined in <linux/pci_ids.h> instead of the
PCI_DEVICE_ID_xxx names that they used to define themselves.
Also fix the typo in the id PCI_DEVICE_IDRME__DIGI96_8_PAD_OR_PST so the
name is PCI_DEVICE_ID_RME_DIGI96_8_PAD_OR_PST.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Acked-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Fix the fdtable freeing in the case of vmalloced fdset/arrays
Noted by David Miller:
"The bug is that free_fd_array() takes a "num" argument, but when
calling it from __free_fdtable() we're instead passing in the size in
bytes (ie. "num * sizeof(struct file *)")."
Yes it is a bug. I think I messed it up while merging newer
changes with an older version where I was using size in bytes
to optimize.
[PATCH] Fix slab BUG_ON() triggered by change in array cache size
With the new changes that we made in the initialization of the slab
allocator, we first setup the cache from which array caches are allocated,
and then the cache, from which kmem_list3's are allocated.
Now if the array cache comes from a cache in which objsize > 32, (in this
instance size-64) then, first size-64 cache will be allocated and then the
size-128 (if this is the cache from which kmem_list3's are going to be
allocated).
So with these new changes, we are not guaranteed that we will be
initializing the malloc_sizes array in a serialized order. Thus there is
a bug in __find_general_cachep, as we are checking whether the first
cache_sizes ptr is NULL.
This is replaced by checking whether the array-cache cache is initialized.
Attached is a patch which does that. Boots fine on a x86-64, with
DEBUG_SPIN, DEBUG_SLAB, and preempt.
Attached is a patch which does that. Boots fine on a x86-64, with
DEBUG_SPIN, DEBUG_SLAB, and preempt.Thanks & Regards, Alok
Signed-off-by: Alok N Kataria <alokk@calsoftinc.com> Signed-off-by: Shobhit Dayal <shobhitdayal.com> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: Christoph Lameter <christoph@lameter.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Ivan Kokshaysky [Wed, 14 Sep 2005 19:05:30 +0000 (23:05 +0400)]
[PATCH] yenta oops fix
In some cases, especially on modern laptops with a lot of PCI and
cardbus bridges, we're unable to assign correct secondary/subordinate
bus numbers to all cardbus bridges due to BIOS limitations unless
we are using "pci=assign-busses" boot option.
So some cardbus controllers may not have attached subordinate pci_bus
structure, and yenta driver must cope with it - just ignore such cardbus
bridges.
For example, see https://bugzilla.novell.com/show_bug.cgi?id=113778
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] error path in setup_arg_pages() misses vm_unacct_memory()
Pavel Emelianov and Kirill Korotaev observe that fs and arch users of
security_vm_enough_memory tend to forget to vm_unacct_memory when a
failure occurs further down (typically in setup_arg_pages variants).
These are all users of insert_vm_struct, and that reservation will only
be unaccounted on exit if the vma is marked VM_ACCOUNT: which in some
cases it is (hidden inside VM_STACK_FLAGS) and in some cases it isn't.
So x86_64 32-bit and ppc64 vDSO ELFs have been leaking memory into
Committed_AS each time they're run. But don't add VM_ACCOUNT to them,
it's inappropriate to reserve against the very unlikely case that gdb
be used to COW a vDSO page - we ought to do something about that in
do_wp_page, but there are yet other inconsistencies to be resolved.
The safe and economical way to fix this is to let insert_vm_struct do
the security_vm_enough_memory check when it finds VM_ACCOUNT is set.
And the MIPS irix_brk has been calling security_vm_enough_memory before
calling do_brk which repeats it, doubly accounting and so also leaking.
Remove that, and all the fs and arch calls to security_vm_enough_memory:
give it a less misleading name later on.
Alexander Nyberg [Wed, 14 Sep 2005 16:54:06 +0000 (18:54 +0200)]
[PATCH] Fix fs/exec.c:788 (de_thread()) BUG_ON
It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.
de_thread() does
while (atomic_read(&sig->count) > count) {
}
.....
.....
BUG_ON(!thread_group_empty(current));
but release_task does
write_lock_irq(&tasklist_lock)
__exit_signal
(this is where atomic_dec(&sig->count) is run)
__exit_sighand
__unhash_process
takes write lock on tasklist_lock
remove itself out of PIDTYPE_TGID list
write_unlock_irq(&tasklist_lock)
so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.
And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.
Big thanks to Marc Lehmann who provided the test-case.
John W. Linville [Wed, 14 Sep 2005 13:52:42 +0000 (09:52 -0400)]
[PATCH] pci: only call pci_restore_bars at boot
Certain (SGI?) ia64 boxes object to having their PCI BARs
restored unless absolutely necessary. This patch restricts calling
pci_restore_bars from pci_set_power_state unless the current state
is PCI_UNKNOWN, the actual (i.e. physical) state of the device is
PCI_D3hot, and the device indicates that it will lose its configuration
when transitioning to PCI_D0.
Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
projects / linux-beck.git / log