fix memory corruption and crash due to mis-sized grant table.
A PV OS has two grant table data structures: the grant table itself
and a free list. The free list is composed of an array of pages,
which grow dynamically as the guest OS requires more grants. While
the grant table contains 8-byte entries, the free list contains 4-byte
entries. So we have half as many pages in the free list than in the
grant table.
There was a bug in the free list allocation code. The free list was
indexed as if it was the same size as the grant table. But it's only
half as large. So memory got corrupted, and I was seeing crashes in
the slab allocator later on.
25-rc* stopped working with CONFIG_X86_VSMP on vSMP machines.
Looks like the vsmp irq ops got accidentally removed during merge of x86_64
pvops in 2.6.25. -- commit 6abcd98ffafbff81f0bfd7ee1d129e634af13245 removed
vsmp irq ops.
Tested with both CONFIG_X86_VSMP and without CONFIG_X86_VSMP, on vSMP and non
vSMP x86_64 machines.
Roland McGrath [Thu, 3 Apr 2008 21:18:55 +0000 (14:18 -0700)]
x86 ptrace: avoid unnecessary wrmsr
This avoids using wrmsr on MSR_IA32_DEBUGCTLMSR when it's not needed.
No wrmsr ever needs to be done if noone has ever used block stepping.
Without this change, using ptrace on 2.6.25 on an x86 KVM guest
will tickle KVM's missing support for the MSR and crash the guest
kernel. Though host KVM is the buggy one, this makes for a regression
in the guest behavior from 2.6.24->2.6.25 that we can easily avoid.
I also corrected some bad whitespace.
Signed-off-by: Roland McGrath <roland@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix MPC5200 (not B!) device tree so FEC ethernet works
[POWERPC] mpc5200: Amalgamated DTS fixes and updates
[POWERPC] Fix rtas_flash procfs interface
[POWERPC] Fix deadlock with mmu_hash_lock in hash_page_sync
[POWERPC] Fix iSeries hard irq enabling regression
[POWERPC] Fix CPM2 SCC1 clock initialization.
[POWERPC] Fix defconfigs so we dont set both GENRTC and RTCLIB
[POWERPC] fsldma: Use compatiable binding as spec
[POWERPC] sata_fsl: reduce compatibility to fsl,pq-sata
[POWERPC] 83xx: enable usb in 837x rdb and 83xx defconfigs
[POWERPC] 83xx: Fix wrong USB phy type in mpc837xrdb dts
The loop block driver is careful to mask __GFP_IO|__GFP_FS out of its
mapping_gfp_mask, to avoid hangs under memory pressure. But nowadays
it uses splice, usually going through __generic_file_splice_read. That
must use mapping_gfp_mask instead of GFP_KERNEL to avoid those hangs.
René Bürgel [Thu, 3 Apr 2008 08:58:37 +0000 (19:58 +1100)]
[POWERPC] Fix MPC5200 (not B!) device tree so FEC ethernet works
This gets the FEC ethernet driver working again on the lite5200
platform.
The FEC driver is also compatible with the MPC5200, not only with the
MPC5200B, so this adds a suitable entry to the driver's match list.
Furthermore this adds the settings for the PHY in the dts file for the
Lite5200. Note, that this is not exactly the same as in the
Lite5200B, because the PHY is located at f0003000:01 for the 5200, and
at :00 for the 5200B. This was tested on a Lite5200 and a Lite5200B,
both booted a kernel via tftp and mounted the root via nfs
successfully.
Signed-off-by: René Bürgel <r.buergel@unicontrol.de> Acked-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Paul Mackerras <paulus@samba.org>
[POWERPC] mpc5200: Amalgamated DTS fixes and updates
DTS updates that fix booting problems on mpc5200-based boards:
- change to ethernet reg property
- addition of mdio and phy nodes
- removal of pci node (Motion-Pro board)
Other DTS updates:
- update i2c device tree nodes
- add lpb bus node and flash device (without partitions defined)
- add rtc i2c nodes
Signed-off-by: Marian Balakowicz <m8@semihalf.com> Acked-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Paul Mackerras <paulus@samba.org>
Handling of the proc_dir_entry->count was changed in 2.6.24-rc5.
After this change, the default value for pde->count is 1 and not 0 as
before. Therefore, if we want to check whether our procfs file is
already opened (already in use), we have to check if pde->count is
greater than 2 rather than 1.
[POWERPC] Fix deadlock with mmu_hash_lock in hash_page_sync
hash_page_sync() takes and releases the low level mmu hash
lock in order to sync with other processors disposing of page
tables. Because that lock can be needed to service hash misses
triggered by interrupt handlers, taking it must be done with
interrupts off. However, hash_page_sync() appears to be called
with interrupts enabled, thus causing occasional deadlocks.
We fix it by making sure hash_page_sync() masks interrupts while
holding the lock.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
[POWERPC] Fix iSeries hard irq enabling regression
A subtle bug sneaked into iSeries recently. On this platform, we must
not normally clear MSR:EE (the hardware external interrupt enable)
except for short periods of time. Taking an interrupt while
soft-disabled doesn't cause us to clear it for example.
The iSeries kernel expects to mostly run with MSR:EE enabled at all
times except in a few exception entry/exit code paths. Thus
local_irq_enable() doesn't check if it needs to hard-enable as it
expects this to be unnecessary on iSeries.
However, hard_irq_disable() _does_ cause MSR:EE to be cleared,
including on iSeries. A call to it was recently added to the
context switch code, thus causing interrupts to become disabled
for a long periods of time, causing the iSeries watchdog to kick
in under some circumstances and other nasty things.
This patch fixes it by making local_irq_enable() properly re-enable
MSR:EE on iSeries. It basically removes a return statement here
to make iSeries use the same code path as everybody else. That does
mean that we might occasionally get spurious decrementer interrupts
but I don't think that matters.
Another option would have been to make hard_irq_disable() a nop
on iSeries but I didn't like it much, in case we have good reasons
to hard-disable.
Part of the patch is fixes to make sure the hard_enabled PACA field
is properly set on iSeries as it used not to be before, since it
was mostly unused.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: ohci: fix 2 timers to fire at jiffies + 1s
USB: Allow initialization of broken keyspan serial adapters.
USB: fix bug in sg initialization in usbtest
USB: serial: fix regression in Visor/Palm OS module for kernels >= 2.6.24
USB: cp2101: Add identifiers for the Telegesys ETRX2USB
USB: serial: ti_usb_3410_5052: Correct TUSB3410 endpoint requirements.
USB: another ehci_iaa_watchdog fix
Andrew Morton [Wed, 2 Apr 2008 20:04:52 +0000 (13:04 -0700)]
alpha: get_current(): don't add zero to current_thread_info()->task
A nasty compile error:
In file included from security/keys/internal.h:16,
from security/keys/sysctl.c:14:
include/linux/key-ui.h: In function 'key_permission':
include/linux/key-ui.h:51: error: invalid use of undefined type 'struct task_struct'
apparently the compiler has decided that it needs to know sizeof(task_struct)
so that it can add zero to a task_struct* (which is rather dumb of it).
Getting task_struct in scope in these deeply-nested headers is scary-looking,
so let's just remove the "+ 0".
Cc: David Howells <dhowells@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Markers do not mix well with CONFIG_PREEMPT_RCU because it uses
preempt_disable/enable() and not rcu_read_lock/unlock for minimal
intrusiveness. We would need call_sched and sched_barrier primitives.
Currently, the modification (connection and disconnection) of probes
from markers requires changes to the data structure done in RCU-style :
a new data structure is created, the pointer is changed atomically, a
quiescent state is reached and then the old data structure is freed.
The quiescent state is reached once all the currently running
preempt_disable regions are done running. We use the call_rcu mechanism
to execute kfree() after such quiescent state has been reached.
However, the new CONFIG_PREEMPT_RCU version of call_rcu and rcu_barrier
does not guarantee that all preempt_disable code regions have finished,
hence the race.
The "proper" way to do this is to use rcu_read_lock/unlock, but we don't
want to use it to minimize intrusiveness on the traced system. (we do
not want the marker code to call into much of the OS code, because it
would quickly restrict what can and cannot be instrumented, such as the
scheduler).
The temporary fix, until we get call_rcu_sched and rcu_barrier_sched in
mainline, is to use synchronize_sched before each call_rcu calls, so we
wait for the quiescent state in the system call code path. It will slow
down batch marker enable/disable, but will make sure the race is gone.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix the problem that makedumpfile sometimes fails on x86_64 machine.
This patch adds the symbol "phys_base" to a vmcoreinfo data. The
vmcoreinfo data has the minimum debugging information only for dump
filtering. makedumpfile (dump filtering command) gets it to distinguish
unnecessary pages, and makedumpfile creates a small dumpfile.
On x86_64 kernel which compiled with CONFIG_PHYSICAL_START=0x0 and
CONFIG_RELOCATABLE=y, makedumpfile fails like the following:
# makedumpfile -d31 /proc/vmcore dumpfile
The kernel version is not supported.
The created dumpfile may be incomplete.
_exclude_free_page: Can't get next online node.
makedumpfile Failed.
#
The cause is the lack of the symbol "phys_base" in a vmcoreinfo data.
If the symbol "phys_base" does not exist, makedumpfile considers an
x86_64 kernel as non relocatable. As the result, makedumpfile
misunderstands the physical address where the kernel is loaded, and it
cannot translate a kernel virtual address to physical address correctly.
To fix this problem, this patch adds the symbol "phys_base" to a
vmcoreinfo data.
efs: update error msg to not refer to deleted read_inode()
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Marc Pignat [Wed, 2 Apr 2008 20:04:42 +0000 (13:04 -0700)]
atmel_serial: fix uart/console concurrent access
Strange chars appear on the serial port when a printk and a printf
happens at the same time. This is caused by the pdc sending chars while
atmel_console_write (called from printk) is executing
Concurent access of uart and console to the same port leads to corrupted
data to be transmitted, so disable tx dma (PDC) while writing to the
console.
Signed-off-by: Marc Pignat <marc.pignat@hevs.ch> Signed-off-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
atmel_serial: avoid stopping pdc during transmission
I found a problem related to losing data during pdc transmission in
atmel_serial: connect ttyS1 with ttyS2 using a loopback cable, send 30
byte of packet from one to the other and waiting for 30 byte. On the
other side just read and echo the data received.
We always call atmel_tx_dma() from the tasklet regardless of what interrupt
triggered it.
Signed-off-by: michael <trimarchi@gandalf.sssup.it> Acked-by: Haavard Skinnemoen <hskinnemoen@atmel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kvm: provide kvm.h for all architecture: fixes headers_install
Currently include/linux/kvm.h is not considered by make headers_install,
because Kbuild cannot handle " unifdef-$(CONFIG_FOO) += foo.h. This problem
was introduced by
KVM: Export include/linux/kvm.h only if $ARCH actually supports KVM
Currently, make headers_check barfs due to <asm/kvm.h>, which <linux/kvm.h>
includes, not existing. Rather than add a zillion <asm/kvm.h>s, export kvm.
only if the arch actually supports it.
Signed-off-by: Avi Kivity <avi@qumranet.com>
which makes this an 2.6.25 regression.
One way of solving the issue is to enhance Kbuild, but Avi and David conviced
me, that changing headers_install is not the way to go. This patch changes
the definition for linux/kvm.h to unifdef-y.
If unifdef-y is used for linux/kvm.h "make headers_check" will fail on all
architectures without asm/kvm.h. Therefore, this patch also provides
asm/kvm.h on all architectures.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Acked-by: Avi Kivity <avi@qumranet.com> Cc: Sam Ravnborg <sam@ravnborg.org Cc: David Woodhouse <dwmw2@infradead.org> Cc: <linux-arch@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Richard Kennedy [Fri, 28 Mar 2008 21:50:30 +0000 (14:50 -0700)]
USB: ohci: fix 2 timers to fire at jiffies + 1s
Code inspection discovered in 2 places timers were being incorrectly setup
using round_jiffies_relative(HZ). The timer would then fire at time (0 <= T <
HZ).
Fix them to use round_jiffies(jiffies + HZ);
Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: David Brownell <david-b@pacbell.net> Cc: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clark Rawlins [Thu, 27 Mar 2008 13:56:17 +0000 (09:56 -0400)]
USB: Allow initialization of broken keyspan serial adapters.
Fixes the keyspan driver after the addition of additional
checking of driver requirements introduced in usb-serial.c
commit 063a2da8f01806906f7d7b1a1424b9afddebc443. The initialization
of the keyspan usb_serial_driver structs were not initializing the
num_interrupt_out field and the additional checking was rejecting
the end point so the driver wouldn't finish initializing.
This commit initializes the fields to NUM_DONT_CARE.
It works for the keyspan USA-49WG and doesn't break the USA-19HS
which are the two keyspan devices I have to test with.
Alan Stern [Thu, 27 Mar 2008 14:15:22 +0000 (10:15 -0400)]
USB: fix bug in sg initialization in usbtest
This patch (as1062) fixes a bug in the scatter-gather initialization
code in the usbtest driver. When the sg-helper conversion was
performed, it wasn't done correctly.
Brad Sawatzky [Wed, 26 Mar 2008 02:32:43 +0000 (22:32 -0400)]
USB: serial: fix regression in Visor/Palm OS module for kernels >= 2.6.24
Fixes a bug/inconsistency revealed by the additional sanity checking in
commit 063a2da8f01806906f7d7b1a1424b9afddebc443
introduced in the original 2.6.24 branch.
The Handspring Visor / PalmOS 4 device structure defines .num_bulk_out=2
but the usb-serial probe returns num_bulk_out=3, triggering the check in
the above commit and forcing a bail out when the device (a Garmin iQue in
my case) attempts to connect. The patch bumps the expected number of
endpoints to 3.
FWIW, this patch will probably solve the following kernel bug report for
Treo users (identical symptoms, different model PalmOS units):
<http://bugzilla.kernel.org/show_bug.cgi?id=10118>
The changes introduced in commit 063a2da8f01806906f7d7b1a1424b9afddebc443 changed the semantics of the
num_interrupt_in, num_interrupt_out, num_bulk_in and num_bulk_out
entries of the usb_serial_driver struct to be the number of endpoints
the device has when probed.
This patch changes the ti_1port_device usb_serial_driver struct to
reflect this change. The single port devices only have 1
bulk_out endpoint in their initial configuration, and so this patch
changes the number of other types to NUM_DONT_CARE.
The same change probably needs doing to the ti_2port_device struct,
but I don't have a two port device at hand.
David Brownell [Wed, 2 Apr 2008 20:40:20 +0000 (13:40 -0700)]
USB: another ehci_iaa_watchdog fix
This patch, suggested by Alan Stern, fixes the hung USB issues
on my notebook from suspend/resume cycles.
It does so by eliminating some confusion about the internal state
machine associated with unlinking from the EHCI async schedule ring,
which caused a recent regression:
http://bugzilla.kernel.org/show_bug.cgi?id=10345
Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
There are a couple of possible races on suspend/resume.
First the driver needs to block new packets from being queued for Tx.
The other less likely problem is the watchdog timer going off
during resume.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb:
V4L/DVB (7486): radio-cadet: wrap PNP probe code in #ifdef CONFIG_PNP
V4L/DVB (7485): v4l2-int-device.c: add MODULE_LICENSE
V4L/DVB (7466): Avoid minor model number warning when an OEM HVR1250 board is detected
V4L/DVB (7465): Fix eeprom parsing and errors on the HVR1800 products
V4L/DVB (7464): Convert driver to use a single SRAM memory map
V4L/DVB (7461): bttv: fix missed index check
V4L/DVB (7400): bttv: Add a radio compat_ioctl file operation
V4L/DVB (7278): bttv: Re-enable radio tuner support for VIDIOCGFREQ/VIDIOCSFREQ ioctls
V4L/DVB (7277): bttv: Re-enabling radio support requires the use of struct bttv_fh
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] mvsas: check subsystem id
[SCSI] mvsas: get phy info.
[SCSI] mvsas: fix the buffer of rx DMA overflow bug
[SCSI] mvsas: retry aborting task.
[SCSI] mvsas: check hd whether unplugged
[SCSI] mvsas : interrupt handling
[SCSI] mvsas: a tag handler implementation
[SCSI] mvsas: fill in error info record and phy mode6 bits.
[SCSI] libsas: Warn if ATA device detected but CONFIG_SCSI_SAS_ATA not set
[SCSI] hosts.c: fixes for "no error" reported after error scenarios
Revert "[SCSI] fix bsg queue oops with iscsi logout"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (45 commits)
[VLAN]: Proc entry is not renamed when vlan device name changes.
[IPV6]: Fix ICMP relookup error path dst leak
[ATM] drivers/atm/iphase.c: compilation warning fix
IPv6: do not create temporary adresses with too short preferred lifetime
IPv6: only update the lifetime of the relevant temporary address
bluetooth : __rfcomm_dlc_close lock fix
bluetooth : use lockdep sub-classes for diffrent bluetooth protocol
[ROSE/AX25] af_rose: rose_release() fix
mac80211: correct use_short_preamble handling
b43: Fix PCMCIA IRQ routing
b43: Add DMA mapping failure messages
mac80211: trigger ieee80211_sta_work after opening interface
[LLC]: skb allocation size for responses
[IP] UDP: Use SEQ_START_TOKEN.
[NET]: Remove Documentation/networking/sk98lin.txt
[ATM] atm/idt77252.c: Make 2 functions static
[ATM]: Make atm/he.c:read_prom_byte() static
[IPV6] MCAST: Ensure to check multicast listener(s).
[LLC]: Kill llc_station_mac_sa symbol export.
forcedeth: fix locking bug with netconsole
...
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
selinux: handle files opened with flags 3 by checking ioctl permission
SLAB_DESTROY_BY_RCU is not a direct substitute for normal call_rcu()
freeing, since it'll page freeing but NOT object freeing. So change
cfq to do the freeing on its own.
Signed-off-by: Fabio Checconi <fabio@gandalf.sssup.it> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Looking a bit closer into this regression the reason this can't be
right is that dma_addr common default is BLK_BOUNCE_HIGH and most
machines have less than 4G. So if you do:
So for 99% of hardware this will trigger unnecessary GFP_DMA
allocations and isa pooling operations.
Also note how the 32bit code still does b_pfn < blk_max_low_pfn.
I guess this is what you were looking after. I didn't verify but as
far as I can tell, this will stop the regression with isa dma
operations at boot for 99% of blkdev/memory combinations out there and
I guess this fixes the setups with >4G of ram and 32bit pci cards as
well (this also retains symmetry with the 32bit code).
Signed-off-by: Andrea Arcangeli <andrea@qumranet.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Herbert Xu [Wed, 2 Apr 2008 07:06:09 +0000 (00:06 -0700)]
[IPV6]: Fix ICMP relookup error path dst leak
When we encounter an error while looking up the dst the second
time we need to drop the first dst. This patch is pretty much
the same as the one for IPv4.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Removed the warning messages:
drivers/atm/iphase.c:961: warning: 'tcnter' defined but not used
drivers/atm/iphase.c:963: warning: 'xdump' defined but not used
tcnter and xdump() are used only in debug build
Signed-off-by: Leonardo Potenza <lpotenza@inwind.it> Signed-off-by: David S. Miller <davem@davemloft.net>
IPv6: do not create temporary adresses with too short preferred lifetime
From RFC341:
A temporary address is created only if this calculated Preferred
Lifetime is greater than REGEN_ADVANCE time units. In particular, an
implementation must not create a temporary address with a zero
Preferred Lifetime.
Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
IPv6: only update the lifetime of the relevant temporary address
When receiving a prefix information from a routeur, only update the
lifetimes of the temporary address associated with that prefix.
Otherwise if one deprecated prefix is advertized, all your temporary
addresses will become deprecated.
Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
rose_release() doesn't release sockets properly, e.g. it skips
sock_orphan(), so OOPSes are triggered in sock_def_write_space(),
which was observed especially while ROSE skbs were kfreed from
ax25_frames_acked(). There is also sock_hold() and lock_sock() added -
similarly to ax25_release(). Thanks to Bernard Pidoux for substantial
help in debugging this problem.
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Reported-and-tested-by: Bernard Pidoux <bpidoux@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
Joy Latten [Wed, 2 Apr 2008 06:36:09 +0000 (14:36 +0800)]
[CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk
The kernel crashes when ipsec passes a udp packet of about 14XX bytes
of data to aes-xcbc-mac.
It seems the first xxxx bytes of the data are in first sg entry,
and remaining xx bytes are in next sg entry. But we don't
check next sg entry to see if we need to go look the page up.
I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
and possible lookup, thus xcbc.c needs to use this routine too.
A 15-hour run of an ipsec stress test sending streams of tcp and
udp packets of various sizes, using this patch and
aes-xcbc-mac completed successfully, so hopefully this fixes the
problem.
Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephen Smalley [Mon, 17 Mar 2008 12:55:18 +0000 (08:55 -0400)]
selinux: handle files opened with flags 3 by checking ioctl permission
Handle files opened with flags 3 by checking ioctl permission.
Default to returning FILE__IOCTL from file_to_av() if the f_mode has neither
FMODE_READ nor FMODE_WRITE, and thus check ioctl permission on exec or
transfer, thereby validating such descriptors early as with normal r/w
descriptors and catching leaks of them prior to attempted usage.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
V4L/DVB (7486): radio-cadet: wrap PNP probe code in #ifdef CONFIG_PNP
Wrap PNP probe code in #ifdef CONFIG_PNP.
Without this change, we'll have unresolved references to pnp_get_resource()
function when CONFIG_PNP=n. (This is a new interface that's not in mainline
yet.)
Steven Toth [Sat, 29 Mar 2008 20:30:26 +0000 (17:30 -0300)]
V4L/DVB (7464): Convert driver to use a single SRAM memory map
This reduces the memory footprint and removes the need to
manually configure each map, which lead to a bug where
the Fusion EXP 5 board broke for a while.
This also fixes digital support again for
the DViCO FusionHDTV5Express.
Signed-off-by: Steven Toth <stoth@hauppauge.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
V4L/DVB (7277): bttv: Re-enabling radio support requires the use of struct bttv_fh
A number of the radio tuner ioctl functions are shared with the TV
tuner, these functions require a struct bttv_fh data structure to be
allocated and initialized.
Signed-off-by: Robert Fitzsimons <robfitz@273k.net> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Vladimir Koutny [Mon, 31 Mar 2008 15:05:03 +0000 (17:05 +0200)]
mac80211: correct use_short_preamble handling
ERP IE bit for preamble mode is 0 for short and 1 for long, not the other
way around. This fixes the value reported to the driver via
bss_conf->use_short_preamble field.
Signed-off-by: Vladimir Koutny <vlado@ksp.sk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Fri, 28 Mar 2008 10:46:58 +0000 (11:46 +0100)]
b43: Add DMA mapping failure messages
This adds messages for some DMA mapping failures.
These are useful for debugging DMA address problems, as they appear
on x86_64 machines with IOMMU enabled.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jan Niehusmann [Sun, 23 Mar 2008 19:23:56 +0000 (20:23 +0100)]
mac80211: trigger ieee80211_sta_work after opening interface
ieee80211_sta_work is disabled while network interface
is down. Therefore, if you configure wireless parameters
before bringing the interface up, these configurations are
not yet effective and association fails.
A workaround from userspace is calling a command like
'iwconfig wlan0 ap any' after the interface is brought up.
To fix this behaviour, trigger execution of ieee80211_sta_work from
ieee80211_open when in STA or IBSS mode.
Signed-off-by: Jan Niehusmann <jan@gondor.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Small typo in the patch recently merged to avoid the unused symbol
message for count_partial(). Discussion thread with confirmation of fix at
http://marc.info/?t=120696854400001&r=1&w=2
Merge branch 'upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/ralf/upstream-linus
* 'upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/ralf/upstream-linus:
[MIPS] XSS1500: Fix compilation
[MIPS] Bigsur: make defconfig more useful.
[MIPS] Alchemy: work around clock misdetection on early Au1000
[MIPS] Add missing 4KEC TLB refill handler
[MIPS] BCM1480: Fix PCI/HT IO access
[MIPS] Fix the installation condition of MIPS clocksource
[MIPS] Check for GCC r10k-cache-barrier support
[MIPS] I8253: Export i2853_lock to modules.
[MIPS] VPE loader: Check result of memory allocation.
Oliver Schuster [Tue, 1 Apr 2008 15:06:21 +0000 (17:06 +0200)]
[WATCHDOG] Fix it8712f_wdt.c wrong byte order accessing WDT_TIMEOUT
This patch corrects an error in the driver it8712f_wdt. You cannot set
the 16-bit WDT_TIMEOUT access as a 16-bit outw, because the byte
ordering will be wrong. So just do the high 8 bits as a separate
access.
Signed-off-by: Oliver Schuster <olivers137@aol.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'for-linus' of git://git.o-hand.com/linux-rpurdie-leds
* 'for-linus' of git://git.o-hand.com/linux-rpurdie-leds:
leds: Remove incorrect use of preempt_count() from leds-gpio
leds: Fix potential leds-gpio oops
Some time ago it turned out that our suspend code ordering broke some
NVidia-based systems that hung if _PTS was executed with one of the PCI
devices, specifically a USB controller, in a low power state.
Then, it was noticed that the suspend code ordering was not compliant
with ACPI 1.0, although it was compliant with ACPI 2.0 (and later), and
it was argued that the code had to be changed for that reason (ref.
http://bugzilla.kernel.org/show_bug.cgi?id=9528).
So we did, but evidently we did wrong, because it's now turning out that
some systems have been broken by this change. Refs:
http://bugzilla.kernel.org/show_bug.cgi?id=10340
https://bugzilla.novell.com/show_bug.cgi?id=374217#c16
[ I said at that time that something like this might happend, but the
majority of people involved thought that it was improbable due to the
necessity to preserve the compliance of hardware with ACPI 1.0. ]
This actually is a quite serious regression from 2.6.24.
Moreover, the ACPI 1.0 ordering of suspend code introduced another issue
that I have only noticed recently. Namely, if the suspend of one of
devices fails, the already suspended devices will be resumed without
executing _WAK before, which leads to problems on some systems (for
example, in such situations thermal management is broken on my HP
nx6325). Consequently, it also breaks suspend debugging on the affected
systems.
Note also, that the requirement to execute _PTS before suspending
devices does not really make sense, because the device in question may
be put into a low power state at run time for a reason unrelated to a
system-wide suspend.
For the reasons outlined above, the change of the suspend ordering
should be reverted, which is done by the patch below.
[ Felix Möller: "I am the reporter from the original Novell Bug:
I just tried current git head (two hours ago) with the patch (the one
from the beginning of this thread) from Rafael and without it. With
the patch my MacBook does suspend without it does not." ]
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Tested-by: Felix Möller <felix@derklecks.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>