Roman Kagan [Wed, 13 Apr 2005 17:40:17 +0000 (21:40 +0400)]
[PATCH] drivers/base/bus.c: fix iteration in driver_detach()
With 2.6.11 and 2.6.12-rc2 (and perhaps a few versions before) usb
drivers for multi-interface devices, which do
usb_driver_release_interface() in their disconnect(), make rmmod hang.
It turns out to be due to a bug in drivers/base/bus.c:driver_detach(),
that iterates over the list of attached devices with
list_for_each_safe() under an assumption that device_release_driver()
only releases the current device, while it may also call
device_release_driver() for other devices on the same list.
The following patch fixes it. Please consider applying.
Signed-off-by: Roman Kagan <rkagan@mail.ru> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dean Nelson [Tue, 22 Mar 2005 23:00:00 +0000 (16:00 -0700)]
[IA64-SGI] move nodepda pointer out of pda
Remove the p_nodepda and p_subnodepda pointers from the pda_s structure.
And then define a new per-cpu pointer to the nodepda and export it so
that it can be accessed by kernel modules.
Signed-off-by: Dean Nelson <dcn@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Al Viro [Wed, 4 May 2005 04:40:12 +0000 (05:40 +0100)]
[PATCH] asm/signal.h unification
New file - asm-generic/signal.h. Contains declarations of
__sighandler_t, __sigrestore_t, SIG_DFL, SIG_IGN, SIG_ERR and default
definitions of SIG_BLOCK, SIG_UNBLOCK and SIG_SETMASK.
asm-*/signal.h switched to including it. The only exception is
asm-parisc/signal.h that wants its own declaration of __sighandler_t;
that one is left as-is.
asm-ppc64/signal.h required one more thing - unlike everybody else it
used __sigrestorer_t instead of usual __sigrestore_t. PPC64 switched to
common spelling.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Wed, 4 May 2005 04:39:52 +0000 (05:39 +0100)]
[PATCH] ISA DMA Kconfig fixes - part 4 (irda)
* net/irda/irda_device.c::irda_setup_dma() made conditional on
ISA_DMA_API (it uses helpers in question and irda is usable on
platforms that don't have them at all - think of USB IRDA, for
example).
* irda drivers that depend on ISA DMA marked as dependent on
ISA_DMA_API
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Wed, 4 May 2005 04:39:32 +0000 (05:39 +0100)]
[PATCH] ISA_DMA Kconfig fixes - part 2 (parport_pc)
Part of parport_pc that uses ISA DMA helpers made conditional on
CONFIG_ISA_DMA_API. As the result, driver got usable for boxen that do
not have ISA DMA stuff and have normal PCI parport card stuck into
them - these never use DMA anyway.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Al Viro [Wed, 4 May 2005 04:39:22 +0000 (05:39 +0100)]
[PATCH] ISA DMA Kconfig fixes - part 1
A bunch of drivers use ISA DMA helpers or their equivalents for
platforms that have ISA with different DMA controller (a lot of ARM
boxen). Currently there is no way to put such dependency in Kconfig -
CONFIG_ISA is not it (e.g. it is not set on platforms that have no ISA
slots, but have on-board devices that pretend to be ISA ones).
New symbol added - ISA_DMA_API. Set when we have functional
enable_dma()/set_dma_mode()/etc. set of helpers. Next patches in the
series will add missing dependencies for drivers that need them.
I'm very carefully staying the hell out of the recurring flamefest on
what exactly CONFIG_ISA would mean in ideal world - added symbol has a
well-defined meaning and for now I really want to treat it as completely
independent from the mess around CONFIG_ISA.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Dely Sy [Fri, 29 Apr 2005 01:08:53 +0000 (18:08 -0700)]
[PATCH] PCI Hotplug: fix pciehp regression
I fogot to remove the code that freed the memory in cleanup_slots().
Here is the new patch, which I have also taken care of the comment
by Eike to remove the cast in hotplug_slot->private.
Signed-off-by: Dely Sy <dely.l.sy@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] PCI Hotplug ibmphp_pci.c: Fix masking out needed information too early
here is the patch that fixes the bug introduced by my previous patch which
already went into 2.6.12-rc2 and is likely to cause trouble is someone hits
one the else case here by accident.
Using the &= operation before the if statement destroys the information the
if asks for so we always go into the else branch.
[PATCH] PCI: fix up word-aligned 16-bit PCI config access through sysfs
This patch adds the possibility to do word-aligned 16-bit atomic PCI
configuration space accesses via the sysfs PCI interface. As a result, problems
with Emulex LFPC on IBM PowerPC64 are fixed.
Pavel Machek [Tue, 5 Apr 2005 21:49:49 +0000 (23:49 +0200)]
[PATCH] PCI: fix stale PCI pm docs
This fixes u32 vs. pm_message_t confusion in documentation, and
removes references to no-longer-existing (*save_state), too. With
exception of USB (I hope David will fix/apply my patch), this should
fix last piece of this confusion... famous last words.
Signed-off-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] PCI: 'is_enabled' flag should be set/cleared when the device is actually enabled/disabled
I think 'is_enabled' flag in pci_dev structure should be set/cleared
when the device actually enabled/disabled. Especially about
pci_enable_device(), it can be failed. By this change, we will also
get the possibility of refering 'is_enabled' flag from the functions
called through pci_enable_device()/pci_disable_device().
Lonnie Mendez [Tue, 3 May 2005 22:02:20 +0000 (17:02 -0500)]
[PATCH] USB cypress_m8: update kernel driver with current source
Fixed problem where setting or retreiving the serial config would fail
with EPIPE. Removed CRTS toggling so the driver behaves more like other
usbserial adapters. Issued new interval of 1ms instead of the default
bInterval. As a result, transfer speed has been substantially
increased. From avg. 850bps to avg. 3300bps. Also added new module
parameter 'interval' to tweak the interval in case this change causes
problems for someone. Cleaned up code and formatting issues so source
is more readable. Replaced the C++ style comments. Various other code
cleanups.
Ian Abbott [Fri, 29 Apr 2005 15:06:14 +0000 (16:06 +0100)]
[PATCH] USB: VID/PID updates for ftdi_sio driver
Some VID/PID updates for the ftdi_sio driver:
* The "Gude Analog- und Digitalsysteme GmbH" entries were missing from
the "combined" table.
* Replaced FTDI_8U232AM_ALT_ALT_PID with 3 PIDs for devices from
4n-galaxy.de.
* Removed redundant FTDI_RM_VID and renamed FTDI_RMCANVIEW_PID to
FTDI_RM_CANVIEW_PID.
* Added VID/PID for serial converter in Mobility Electronics EasiDock
USB 200 (mentioned by Gregory Schmitt).
* Added PID for Active Robots USB comms board (mentioned by John Koch).
On Thu, Apr 14, 2005 at 11:06:21PM +0400, Sergey Vlasov wrote:
> http://thread.gmane.org/gmane.linux.usb.devel/32977
>
> (see "[PATCH] N/3 cdc acm errors").
>
> You also need this driver core fix:
>
> http://thread.gmane.org/gmane.linux.usb.devel/33132
I reproduced the same oops while trying to execute at+mode=99, it would
be nice to get these fix merged since I believe it's still needed to
connect the laptop over gprs (something I didn't test yet).
This further patch will allow you to connect via usbnet, Greg could you
apply? Thanks!
Signed-off-by: Andrea Arcangeli <andrea@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Sat, 9 Apr 2005 16:00:29 +0000 (09:00 -0700)]
[PATCH] USB: ehci power fixes
Miscellaneous updates for EHCI.
- Mostly updates the power switching on EHCI controllers. One routine
centralizes the "power on/off all ports" logic, and the capability to
do that is reported more correctly.
- Courtesy Colin Leroy, a patch to always power up ports after resumes
which didn't keep a USB device suspended. The reset-everything logic
powers down those ports (on some hardware) so something needs to turn
them back on.
- Minor tweaks/bugfixes for the debug port support.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Tue, 3 May 2005 23:27:10 +0000 (16:27 -0700)]
[IPSEC]: Store idev entries
I found a bug that stopped IPsec/IPv6 from working. About
a month ago IPv6 started using rt6i_idev->dev on the cached socket dst
entries. If the cached socket dst entry is IPsec, then rt6i_idev will
be NULL.
Since we want to look at the rt6i_idev of the original route in this
case, the easiest fix is to store rt6i_idev in the IPsec dst entry just
as we do for a number of other IPv6 route attributes. Unfortunately
this means that we need some new code to handle the references to
rt6i_idev. That's why this patch is bigger than it would otherwise be.
I've also done the same thing for IPv4 since it is conceivable that
once these idev attributes start getting used for accounting, we
probably need to dereference them for IPv4 IPsec entries too.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
[PKT_SCHED]: netetm: adjust parent qlen when duplicating
Fix qlen underrun when doing duplication with netem. If netem is used
as leaf discipline, then the parent needs to be tweaked when packets
are duplicated.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[PKT_SCHED]: netetm: make qdisc friendly to outer disciplines
Netem currently dumps packets into the queue when timer expires. This
patch makes work by self-clocking (more like TBF). It fixes a bug
when 0 delay is requested (only doing loss or duplication).
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[PKT_SCHED]: netetm: trap infinite loop hange on qlen underflow
Due to bugs in netem (fixed by later patches), it is possible to get qdisc
qlen to go negative. If this happens the CPU ends up spinning forever
in qdisc_run(). So add a BUG_ON() to trap it.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Some network drivers call netif_stop_queue() when detecting loss of
carrier. This leads to packets being queued up at the qdisc level for
an unbound period of time. In order to prevent this effect, the core
networking stack will now cease to queue packets for any device, that
is operationally down (i.e. the queue is flushed and disabled).
Signed-off-by: Tommy S. Christensen <tommy.christensen@tpack.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 3 May 2005 23:15:59 +0000 (16:15 -0700)]
[XFRM/RTNETLINK]: Decrement qlen properly in {xfrm_,rt}netlink_rcv().
If we free up a partially processed packet because it's
skb->len dropped to zero, we need to decrement qlen because
we are dropping out of the top-level loop so it will do
the decrement for us.
Spotted by Herbert Xu.
Signed-off-by: David S. Miller <davem@davemloft.net>
- pfm_context_load(): change return value from EINVAL to EBUSY
when context is already loaded.
- pfm_check_task_state(): pass test if context state is MASKED.
It is safe to give access on PFM_CTX_MASKED because the PMU
state (PMD) is stable and saved in software state.
This helps multiplexing programs such as the example given
in libpfm-3.1.
Signed-off-by: stephane eranian <eranian@hpl.hp.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
The pmu_active test is based on the values of PSR.up. THIS IS THE PROBLEM as
it does not take into account the lazy restore logic which is as follow (simplified):
context switch out:
save PMDs
clear psr.up
release ownership
context switch in:
if (ctx->last_cpu == smp_processor_id() && ctx->cpu_activation == cpu_activation) {
set psr.up
return
}
restore PMD
restore PMC
ctx->last_cpu = smp_processor_id();
ctx->activation = ++cpu_activation;
set psr.up
The key here is that on context switch out, we clear psr.up and on context switch in
we check if nobody else used the PMU on that processor since last time we came. In
that case, we assume the PMD/PMC are ours and we simply reactivate.
The Caliper problem is that between the moment we context switch out and the moment we
come back, nobody effectively used the PMU BUT the processor went idle. Normally this
would have no incidence but PAL_HALT does alter the PMU registers. In default_idle(),
the test on psr.up is not strong enough to cover this case and we go into PAL which
trashed the PMU resgisters. When we come back we falsely assume that this is our state
yet it is corrupted. Very nasty indeed.
To avoid the problem it is necessary to forbid going to PAL_HALT as soon as perfmon
installs some valid state in the PMU registers. This happens with an application
attaches a context to a thread or CPU. It is not enough to check the psr/dcr bits.
Hence I propose the attached patch. It adds a callback in process.c to modify the
condition to enter PAL on idle. Basically, now it is conditional to pal_halt=1 AND
perfmon saying it is okay.
Herbert Xu [Tue, 3 May 2005 21:55:09 +0000 (14:55 -0700)]
[NETLINK]: Synchronous message processing.
Let's recap the problem. The current asynchronous netlink kernel
message processing is vulnerable to these attacks:
1) Hit and run: Attacker sends one or more messages and then exits
before they're processed. This may confuse/disable the next netlink
user that gets the netlink address of the attacker since it may
receive the responses to the attacker's messages.
Proposed solutions:
a) Synchronous processing.
b) Stream mode socket.
c) Restrict/prohibit binding.
2) Starvation: Because various netlink rcv functions were written
to not return until all messages have been processed on a socket,
it is possible for these functions to execute for an arbitrarily
long period of time. If this is successfully exploited it could
also be used to hold rtnl forever.
Proposed solutions:
a) Synchronous processing.
b) Stream mode socket.
Firstly let's cross off solution c). It only solves the first
problem and it has user-visible impacts. In particular, it'll
break user space applications that expect to bind or communicate
with specific netlink addresses (pid's).
So we're left with a choice of synchronous processing versus
SOCK_STREAM for netlink.
For the moment I'm sticking with the synchronous approach as
suggested by Alexey since it's simpler and I'd rather spend
my time working on other things.
However, it does have a number of deficiencies compared to the
stream mode solution:
1) User-space to user-space netlink communication is still vulnerable.
2) Inefficient use of resources. This is especially true for rtnetlink
since the lock is shared with other users such as networking drivers.
The latter could hold the rtnl while communicating with hardware which
causes the rtnetlink user to wait when it could be doing other things.
3) It is still possible to DoS all netlink users by flooding the kernel
netlink receive queue. The attacker simply fills the receive socket
with a single netlink message that fills up the entire queue. The
attacker then continues to call sendmsg with the same message in a loop.
Point 3) can be countered by retransmissions in user-space code, however
it is pretty messy.
In light of these problems (in particular, point 3), we should implement
stream mode netlink at some point. In the mean time, here is a patch
that implements synchronous processing.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 3 May 2005 21:43:27 +0000 (14:43 -0700)]
[NETLINK]: cb_lock does not needs ref count on sk
Here is a little optimisation for the cb_lock used by netlink_dump.
While fixing that race earlier, I noticed that the reference count
held by cb_lock is completely useless. The reason is that in order
to obtain the protection of the reference count, you have to take
the cb_lock. But the only way to take the cb_lock is through
dereferencing the socket.
That is, you must already possess a reference count on the socket
before you can take advantage of the reference count held by cb_lock.
As a corollary, we can remve the reference count held by the cb_lock.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Asim Shankar [Tue, 3 May 2005 21:39:33 +0000 (14:39 -0700)]
[PKT_SCHED]: HTB: Drop packet when direct queue is full
htb_enqueue(): Free skb and return NET_XMIT_DROP if a packet is
destined for the direct_queue but the direct_queue is full. (Before
this: erroneously returned NET_XMIT_SUCCESS even though the packet was
not enqueued)
Signed-off-by: Asim Shankar <asimshankar@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Tue, 3 May 2005 21:33:27 +0000 (14:33 -0700)]
[WAN]: kfree of NULL pointer is valid
kfree(0) is perfectly valid, checking pointers for NULL before calling
kfree() on them is redundant. The patch below cleans away a few such
redundant checks (and while I was around some of those bits I couldn't
stop myself from making a few tiny whitespace changes as well).
Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 3 May 2005 21:29:00 +0000 (14:29 -0700)]
[RTNETLINK] Fix & cleanup rtm_min/rtm_max
Converts rtm_min and rtm_max arrays to use c99 designated
initializers for easier insertion of new message families.
RTM_GETMULTICAST and RTM_GETANYCAST did not have the minimal
message size specified which means that the netlink message
was parsed for routing attributes starting from the header.
Adds the proper minimal message sizes for these messages
(netlink header + common rtnetlink header) to fix this issue.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 3 May 2005 21:27:35 +0000 (14:27 -0700)]
[RTNETLINK] Fix RTM_MAX to represent the maximum valid message type
RTM_MAX is currently set to the maximum reserverd message type plus one
thus being the cause of two bugs for new types being assigned a) given the
new family registers only the NEW command in its reserved block the array
size for per family entries is calculated one entry short and b) given the
new family registers all commands RTM_MAX would point to the first entry
of the block following this one and the rtnetlink receive path would accept
a message type for a nonexisting family.
This patch changes RTM_MAX to point to the maximum valid message type
by aligning it to the start of the next block and subtracting one.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 3 May 2005 21:26:40 +0000 (14:26 -0700)]
[XFRM]: Cleanup xfrm_msg_min and xfrm_dispatch
Converts xfrm_msg_min and xfrm_dispatch to use c99 designated
initializers to make greping a little bit easier. Also replaces
two hardcoded message type with meaningful names.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 3 May 2005 21:24:36 +0000 (14:24 -0700)]
[IPV6]: Fix raw socket checksums with IPsec
I made a mistake in my last patch to the raw socket checksum code.
I used the value of inet->cork.length as the length of the payload.
While this works with normal packets, it breaks down when IPsec is
present since the cork length includes the extension header length.
So here is a patch to fix the length calculations.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Russ Anderson [Sat, 23 Apr 2005 07:08:00 +0000 (00:08 -0700)]
[patch] MCA recovery module undefined symbol fix
The patch "MCA recovery improvements" added do_exit to mca_drv.c.
That's fine when the mca recovery code is built in the kernel
(CONFIG_IA64_MCA_RECOVERY=y) but breaks building the mca recovery
code as a module (CONFIG_IA64_MCA_RECOVERY=m).
Most users are currently building this as a module, as loading
and unloading the module provides a very convenient way to turn
on/off error recovery.
This patch exports do_exit, so mca_drv.c can build as a module.
Signed-off-by: Russ Anderson (rja@sgi.com) Signed-off-by: Tony Luck <tony.luck@intel.com>
Russ Anderson [Wed, 6 Apr 2005 07:07:00 +0000 (00:07 -0700)]
[IA64] MCA recovery improvements
Jack Steiner uncovered some opportunities for improvement in
the MCA recovery code.
1) Set bsp to save registers on the kernel stack.
2) Disable interrupts while in the MCA recovery code.
3) Change the way the user process is killed, to avoid
a panic in schedule.
Testing shows that these changes make the recovery code much
more reliable with the 2.6.12 kernel.
Signed-off-by: Russ Anderson <rja@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
David Woodhouse [Wed, 6 Apr 2005 00:47:00 +0000 (17:47 -0700)]
[IA64] fix ia64 syscall auditing
Attached is a patch against David's audit.17 kernel that adds checks
for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and
signal handling code paths. The patch enables auditing of system
calls set up via fsys_bubble_down, as well as ensuring that
audit_syscall_exit() is called on return from sigreturn.
Neglecting to check for TIF_SYSCALL_AUDIT at these points results in
incorrect information in audit_context, causing frequent system panics
when system call auditing is enabled on an ia64 system.
I have tested this patch and have seen no problems with it.
[Original patch from Amy Griffis ported to current kernel by David Woodhouse]
From: Amy Griffis <amy.griffis@hp.com>
From: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Tony Luck <tony.luck@intel.com>
Zwane Mwaikambo [Thu, 31 Mar 2005 04:40:00 +0000 (21:40 -0700)]
[IA64] reduce cacheline bouncing in cpu_idle_wait
Andi noted that during normal runtime cpu_idle_map is bounced around a lot,
and occassionally at a higher frequency than the timer interrupt wakeup
which we normally exit pm_idle from. So switch to a percpu variable.
I didn't move things to the slow path because it would involve adding
scheduler code to wakeup the idle thread on the cpus we're waiting for.
Signed-off-by: Zwane Mwaikambo <zwane@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Tony Luck <tony.luck@intel.com>
Mike Habeck [Sat, 26 Mar 2005 02:34:00 +0000 (19:34 -0700)]
[IA64-SGI] Altix only: Fix for sn_dma_flush
The following patch fixes a bug in the SGI Altix sn_dma_flush code.
sn_dma_flush is broken in 2.6. The code isn't waiting for the DMA
data to be flushed out of the PIC ASIC. This patch is based off the
linux-ia64-test-2.6.12 tree
Signed-off-by: Mike Habeck <habeck@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>