]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
17 years agonfnetlink_log: zero-terminate prefix
Patrick McHardy [Wed, 7 Mar 2007 21:34:43 +0000 (22:34 +0100)]
nfnetlink_log: zero-terminate prefix

[NETFILTER]: nfnetlink_log: zero-terminate prefix

Userspace expects a zero-terminated string, so include the trailing
zero in the netlink message.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonf_conntrack: fix incorrect classification of IPv6 fragments as ESTABLISHED
Patrick McHardy [Wed, 7 Mar 2007 21:34:42 +0000 (22:34 +0100)]
nf_conntrack: fix incorrect classification of IPv6 fragments as ESTABLISHED

[NETFILTER]: nf_conntrack: fix incorrect classification of IPv6 fragments as ESTABLISHED

The individual fragments of a packet reassembled by conntrack have the
conntrack reference from the reassembled packet attached, but nfctinfo
is not copied. This leaves it initialized to 0, which unfortunately is
the value of IP_CT_ESTABLISHED.

The result is that all IPv6 fragments are tracked as ESTABLISHED,
allowing them to bypass a usual ruleset which accepts ESTABLISHED
packets early.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoip6_route_me_harder should take into account mark
Yasuyuki Kozakai [Wed, 7 Mar 2007 21:34:40 +0000 (22:34 +0100)]
ip6_route_me_harder should take into account mark

[NETFILTER]: ip6_route_me_harder should take into account mark

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonfnetlink_log: fix possible NULL pointer dereference
Michal Miroslaw [Wed, 7 Mar 2007 21:34:36 +0000 (22:34 +0100)]
nfnetlink_log: fix possible NULL pointer dereference

[NETFILTER]: nfnetlink_log: fix possible NULL pointer dereference

Eliminate possible NULL pointer dereference in nfulnl_recv_config().

Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonfnetlink_log: fix NULL pointer dereference
Micha Mirosaw [Wed, 7 Mar 2007 21:34:34 +0000 (22:34 +0100)]
nfnetlink_log: fix NULL pointer dereference

[NETFILTER]: nfnetlink_log: fix NULL pointer dereference

Fix the nasty NULL dereference on multiple packets per netlink message.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
f8a4b3bf
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: nfnetlink_log ipt_ttl ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack
_ipv4 xt_state ipt_ipp2p xt_NFLOG xt_hashlimit ip6_tables iptable_filter xt_multiport xt_mark i
pt_set iptable_raw xt_MARK iptable_mangle ip_tables cls_fw cls_u32 sch_esfq sch_htb ip_set_ipma
p ip_set ipt_ULOG x_tables dm_snapshot dm_mirror loop e1000 parport_pc parport e100 floppy ide_
cd cdrom
CPU:    0
EIP:    0060:[<f8a4b3bf>]    Not tainted VLI
EFLAGS: 00010206   (2.6.20 #5)
EIP is at __nfulnl_send+0x24/0x51 [nfnetlink_log]
eax: 00000000   ebx: f2b5cbc0   ecx: c03f5f54   edx: c03f4000
esi: f2b5cbc8   edi: c03f5f54   ebp: f8a4b3ec   esp: c03f5f30
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, ti=c03f4000 task=c03bece0 task.ti=c03f4000)
Stack: f2b5cbc0 f8a4b401 00000100 c0444080 c012af49 00000000 f6f19100 f6f19000
       c1707800 c03f5f54 c03f5f54 00000123 00000021 c03e8d08 c0426380 00000009
       c0126932 00000000 00000046 c03e9980 c03e6000 0047b007 c01269bd 00000000
Call Trace:
 [<f8a4b401>] nfulnl_timer+0x15/0x25 [nfnetlink_log]
 [<c012af49>] run_timer_softirq+0x10a/0x164
 [<c0126932>] __do_softirq+0x60/0xba
 [<c01269bd>] do_softirq+0x31/0x35
 [<c0104f6e>] do_IRQ+0x62/0x74
 [<c01036cb>] common_interrupt+0x23/0x28
 [<c0101018>] default_idle+0x0/0x3f
 [<c0101045>] default_idle+0x2d/0x3f
 [<c01010fa>] cpu_idle+0xa0/0xb9
 [<c03fb7f5>] start_kernel+0x1a8/0x1ac
 [<c03fb293>] unknown_bootoption+0x0/0x181
 =======================
Code: 5e 5f 5b 5e 5f 5d c3 53 89 c3 8d 40 1c 83 7b 1c 00 74 05 e8 2c ee 6d c7 83 7b 14 00 75 04
 31 c0 eb 34 83 7b 10 01 76 09 8b 43 18 <66> c7 40 04 03 00 8b 53 34 8b 43 14 b9 40 00 00 00 e8
 08 9a 84
EIP: [<f8a4b3bf>] __nfulnl_send+0x24/0x51 [nfnetlink_log] SS:ESP 0068:c03f5f30
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 <0>Rebooting in 5 seconds..

Panic no more!

Signed-off-by: Micha Mirosaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonfnetlink_log: fix use after free
Patrick McHardy [Wed, 7 Mar 2007 21:34:33 +0000 (22:34 +0100)]
nfnetlink_log: fix use after free

[NETFILTER]: nfnetlink_log: fix use after free

Paranoia: instance_put() might have freed the inst pointer when we
spin_unlock_bh().

Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonfnetlink_log: fix reference leak
Patrick McHardy [Wed, 7 Mar 2007 21:34:32 +0000 (22:34 +0100)]
nfnetlink_log: fix reference leak

[NETFILTER]: nfnetlink_log: fix reference leak

Stop reference leaking in nfulnl_log_packet(). If we start a timer we
are already taking another reference.

Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agotcp conntrack: accept SYN|URG as valid
Patrick McHardy [Wed, 7 Mar 2007 21:34:30 +0000 (22:34 +0100)]
tcp conntrack: accept SYN|URG as valid

[NETFILTER]: tcp conntrack: accept SYN|URG as valid

Some stacks apparently send packets with SYN|URG set. Linux accepts
these packets, so TCP conntrack should to.

Pointed out by Martijn Posthuma <posthuma@sangine.com>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
17 years agonf_conntrack/nf_nat: fix incorrect config ifdefs
Patrick McHardy [Wed, 7 Mar 2007 21:34:29 +0000 (22:34 +0100)]
nf_conntrack/nf_nat: fix incorrect config ifdefs

[NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs

The nf_conntrack_netlink config option is named CONFIG_NF_CT_NETLINK,
but multiple files use CONFIG_IP_NF_CONNTRACK_NETLINK or
CONFIG_NF_CONNTRACK_NETLINK for ifdefs.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoconntrack: fix {nf, ip}_ct_iterate_cleanup endless loops
Patrick McHardy [Wed, 7 Mar 2007 21:34:27 +0000 (22:34 +0100)]
conntrack: fix {nf, ip}_ct_iterate_cleanup endless loops

[NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops

Fix {nf,ip}_ct_iterate_cleanup unconfirmed list handling:

- unconfirmed entries can not be killed manually, they are removed on
  confirmation or final destruction of the conntrack entry, which means
  we might iterate forever without making forward progress.

  This can happen in combination with the conntrack event cache, which
  holds a reference to the conntrack entry, which is only released when
  the packet makes it all the way through the stack or a different
  packet is handled.

- taking references to an unconfirmed entry and using it outside the
  locked section doesn't work, the list entries are not refcounted and
  another CPU might already be waiting to destroy the entry

What the code really wants to do is make sure the references of the hash
table to the selected conntrack entries are released, so they will be
destroyed once all references from skbs and the event cache are dropped.

Since unconfirmed entries haven't even entered the hash yet, simply mark
them as dying and skip confirmation based on that.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.20.2 v2.6.20.2
Greg Kroah-Hartman [Fri, 9 Mar 2007 18:58:04 +0000 (10:58 -0800)]
Linux 2.6.20.2

17 years agoIPV6: Handle np->opt being NULL in ipv6_getsockopt_sticky() [CVE-2007-1000]
David S. Miller [Wed, 7 Mar 2007 20:50:46 +0000 (12:50 -0800)]
IPV6: Handle np->opt being NULL in ipv6_getsockopt_sticky() [CVE-2007-1000]

This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8134

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
17 years agox86-64: survive having no irq mapping for a vector
Eric W. Biederman [Wed, 7 Mar 2007 19:23:54 +0000 (14:23 -0500)]
x86-64: survive having no irq mapping for a vector

Occasionally the kernel has bugs that result in no irq being found for a
given cpu vector.  If we acknowledge the irq the system has a good chance
of continuing even though we dropped an irq message.  If we continue to
simply print a message and not acknowledge the irq the system is likely to
become non-responsive shortly there after.

AK: Fixed compilation for UP kernels

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Cc: "Luigi Genoni" <luigi.genoni@pirelli.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
17 years agoFix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
Marcel Holtmann [Wed, 7 Mar 2007 18:22:40 +0000 (13:22 -0500)]
Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)

Based on a patch from Don Howard <dhoward@redhat.com>

When calling write() with a buffer larger than 512 bytes, the
driver's write buffer overflows, allowing to overwrite the EIP and
execute arbitrary code with kernel privileges.

In read(), there exists a similar problem, but coming from the device.
A malicous or buggy device sending more than 512 bytes can overflow
of the driver's read buffer, with the same effects as above.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
17 years agoTCP: Fix minisock tcp_create_openreq_child() typo.
Arnaldo Carvalho de Melo [Wed, 28 Feb 2007 19:29:33 +0000 (11:29 -0800)]
TCP: Fix minisock tcp_create_openreq_child() typo.

On 2/28/07, KOVACS Krisztian <hidden@balabit.hu> wrote:
>
>   Hi,
>
>   While reading TCP minisock code I've found this suspiciously looking
> code fragment:
>
> - 8< -
> struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, struct sk_buff *skb)
> {
>         struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC);
>
>         if (newsk != NULL) {
>                 const struct inet_request_sock *ireq = inet_rsk(req);
>                 struct tcp_request_sock *treq = tcp_rsk(req);
>                 struct inet_connection_sock *newicsk = inet_csk(sk);
>                 struct tcp_sock *newtp;
> - 8< -
>
>   The above code initializes newicsk to inet_csk(sk), isn't that supposed
> to be inet_csk(newsk)?  As far as I can tell this might leave
> icsk_ack.last_seg_size zero even if we do have received data.

Good catch!

David, please apply the attached patch.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
17 years agogfs2: fix locking mistake
Josef Whiter [Wed, 21 Feb 2007 22:37:59 +0000 (14:37 -0800)]
gfs2: fix locking mistake

Fix a locking mistake in the quota code, we do a mutex_lock instead of a
mutex_unlock.

Signed-off-by: Josef Whiter <jwhiter@redhat.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoATA: convert GSI to irq on ia64
Zhang, Yanmin [Thu, 15 Feb 2007 07:37:03 +0000 (23:37 -0800)]
ATA: convert GSI to irq on ia64

If an ATA drive uses legacy mode, ata driver will choose 14 and 15 as the
fixed irq number.  On ia64 platform, such numbers are GSI and should be
converted to irq vector.

Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com>
Cc: Jeff Garzik <jeff@garzik.org>
Cc: Tony Luck <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agopktcdvd: Correctly set cmd_len field in pkt_generic_packet
Gerhard Dirschl [Tue, 13 Feb 2007 05:32:43 +0000 (21:32 -0800)]
pktcdvd: Correctly set cmd_len field in pkt_generic_packet

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=7810 - a silly
copy-paste bug introduced by the latest change.

Signed-off-by: Gerhard Dirschl <gd@spherenet.de>
Cc: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agovideo/aty/mach64_ct.c: fix bogus delay loop
David Miller [Mon, 5 Mar 2007 23:53:45 +0000 (15:53 -0800)]
video/aty/mach64_ct.c: fix bogus delay loop

CT based mach64 cards were reported to hang on sparc64 boxes when
compiled with gcc-4.1.x and later.

Looking at this piece of code, it's no surprise.  A critical
delay was implemented as an empty for() loop, and gcc 4.0.x
and previous did not optimize it away, so we did get a delay.

But gcc-4.1.x and later can optimize it away, and we get crashes.

Use a real udelay() to fix this.  Fix verified on SunBlade100.

Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agorevert "drivers/net/tulip/dmfe: support basic carrier detection"
Andrew Morton [Tue, 6 Mar 2007 10:41:49 +0000 (02:41 -0800)]
revert "drivers/net/tulip/dmfe: support basic carrier detection"

Revert 7628b0a8c01a02966d2228bdf741ddedb128e8f8.  Thomas Bachler
reports:

  Commit 7628b0a8c01a02966d2228bdf741ddedb128e8f8 (drivers/net/tulip/dmfe:
  support basic carrier detection) breaks networking on my Davicom DM9009.
  ethtool always reports there is no link.  tcpdump shows incoming packets,
  but TX is disabled.  Reverting the above patch fixes the problem.

Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Jeff Garzik <jeff@garzik.org>
Cc: Valerie Henson <val_henson@linux.intel.com>
Cc: Thomas Bachler <thomas@archlinux.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agothrottle_vm_writeout(): don't loop on GFP_NOFS and GFP_NOIO allocations
Andrew Morton [Thu, 1 Mar 2007 04:13:21 +0000 (20:13 -0800)]
throttle_vm_writeout(): don't loop on GFP_NOFS and GFP_NOIO allocations

throttle_vm_writeout() is designed to wait for the dirty levels to subside.
But if the caller holds IO or FS locks, we might be holding up that writeout.

So change it to take a single nap to give other devices a chance to clean some
memory, then return.

Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Kumar Gala <galak@kernel.crashing.org>
Cc: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agofix section mismatch warning in lockdep
Sam Ravnborg [Thu, 1 Mar 2007 04:12:31 +0000 (20:12 -0800)]
fix section mismatch warning in lockdep

lockdep_init() is marked __init but used in several places
outside __init code. This causes following warnings:
$ scripts/mod/modpost kernel/lockdep.o
WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.lockdep_init_map after 'lockdep_init_map' (at offset 0x105)
WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.lockdep_reset_lock after 'lockdep_reset_lock' (at offset 0x35)
WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.__lock_acquire after '__lock_acquire' (at offset 0xb2)

The warnings are less obviously due to heavy inlining by gcc - this is not
altered.

Fix the section mismatch warnings by removing the __init marking, which
seems obviously wrong.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoueagle-atm.c needs sched.h
Randy Dunlap [Fri, 16 Feb 2007 09:47:33 +0000 (01:47 -0800)]
ueagle-atm.c needs sched.h

Driver needs sched.h for try_to_freeze().

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agokvm: Fix asm constraint for lldt instruction
S.Caglar Onur [Mon, 12 Feb 2007 08:54:34 +0000 (00:54 -0800)]
kvm: Fix asm constraint for lldt instruction

lldt does not accept immediate operands, which "g" allows.

Signed-off-by: S.Caglar Onur <caglar@pardus.org.tr>
Signed-off-by: Avi Kivity <avi@qumranet.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agolockdep: forward declare struct task_struct
Heiko Carstens [Mon, 12 Feb 2007 08:52:20 +0000 (00:52 -0800)]
lockdep: forward declare struct task_struct

3117df0453828bd045c16244e6f50e5714667a8a causes this:

In file included from arch/s390/kernel/early.c:13:
include/linux/lockdep.h:300: warning:
"struct task_struct" declared inside parameter list
include/linux/lockdep.h:300:
warning: its scope is only this definition or
declaration, which is probably not what you want

Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoChar: specialix, isr have 2 params
Jiri Slaby [Mon, 12 Feb 2007 08:52:30 +0000 (00:52 -0800)]
Char: specialix, isr have 2 params

specialix, isr have 2 params

pt_regs are no longer the third parameter of isr, call sx_interrupt without
it.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agobuffer: memorder fix
Nick Piggin [Sat, 10 Feb 2007 09:46:22 +0000 (01:46 -0800)]
buffer: memorder fix

unlock_buffer(), like unlock_page(), must not clear the lock without
ensuring that the critical section is closed.

Mingming later sent the same patch, saying:

We are running SDET benchmark and saw double free issue for ext3 extended
attributes block, which complains the same xattr block already being freed (in
ext3_xattr_release_block()).  The problem could also been triggered by
multiple threads loop untar/rm a kernel tree.

The race is caused by missing a memory barrier at unlock_buffer() before the
lock bit being cleared, resulting in possible concurrent h_refcounter update.
That causes a reference counter leak, then later leads to the double free that
we have seen.

Inside unlock_buffer(), there is a memory barrier is placed *after* the lock
bit is being cleared, however, there is no memory barrier *before* the bit is
cleared.  On some arch the h_refcount update instruction and the clear bit
instruction could be reordered, thus leave the critical section re-entered.

The race is like this: For example, if the h_refcount is initialized as 1,

cpu 0:                                   cpu1

17 years agokernel/time/clocksource.c needs struct task_struct on m68k
Mathieu Desnoyers [Sat, 10 Feb 2007 09:43:43 +0000 (01:43 -0800)]
kernel/time/clocksource.c needs struct task_struct on m68k

kernel/time/clocksource.c needs struct task_struct on m68k.

Because it uses spin_unlock_irq(), which, on m68k, uses hardirq_count(), which
uses preempt_count(), which needs to dereference struct task_struct, we
have to include sched.h. Because it would cause a loop inclusion, we
cannot include sched.h in any other of asm-m68k/system.h,
linux/thread_info.h, linux/hardirq.h, which leaves this ugly include in
a C file as the only simple solution.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roman Zippel <zippel@linux-m68k.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agom32r: build fix for processors without ISA_DSP_LEVEL2
Hirokazu Takata [Sat, 10 Feb 2007 09:43:35 +0000 (01:43 -0800)]
m32r: build fix for processors without ISA_DSP_LEVEL2

Additional fixes for processors without ISA_DSP_LEVEL2.  sigcontext_t does not
have dummy_acc1h, dummy_acc1l members any longer.

Signed-off-by: Hirokazu Takata <takata@linux-m32r.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agohugetlb: preserve hugetlb pte dirty state
Ken Chen [Thu, 8 Feb 2007 22:20:27 +0000 (14:20 -0800)]
hugetlb: preserve hugetlb pte dirty state

__unmap_hugepage_range() is buggy that it does not preserve dirty state of
huge_pte when unmapping hugepage range.  It causes data corruption in the
event of dop_caches being used by sys admin.  For example, an application
creates a hugetlb file, modify pages, then unmap it.  While leaving the
hugetlb file alive, comes along sys admin doing a "echo 3 >
/proc/sys/vm/drop_caches".

drop_pagecache_sb() will happily free all pages that aren't marked dirty if
there are no active mapping.  Later when application remaps the hugetlb
file back and all data are gone, triggering catastrophic flip over on
application.

Not only that, the internal resv_huge_pages count will also get all messed
up.  Fix it up by marking page dirty appropriately.

Signed-off-by: Ken Chen <kenchen@google.com>
Cc: "Nish Aravamudan" <nish.aravamudan@gmail.com>
Cc: Adam Litke <agl@us.ibm.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Acked-by: William Irwin <bill.irwin@oracle.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoenable mouse button 2+3 emulation for x86 macs
Soeren Sonnenburg [Thu, 8 Feb 2007 22:20:38 +0000 (14:20 -0800)]
enable mouse button 2+3 emulation for x86 macs

As macbook/macbook pro's also have to live with a single mouse button the
following patch just enables the Macintosh device drivers menu in Kconfig +
adds the macintosh dir to the obj-* to make macbook* users happy (who use
exactly that since months....

Signed-off-by: Soeren Sonnenburg <kernel@nn7.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agov9fs_vfs_mkdir(): fix a double free
Adrian Bunk [Thu, 8 Feb 2007 22:20:38 +0000 (14:20 -0800)]
v9fs_vfs_mkdir(): fix a double free

Fix a double free of "dfid" introduced by commit
da977b2c7eb4d6312f063a7b486f2aad99809710 and spotted by the Coverity
checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoufs: restore back support of openstep
Evgeniy Dushistov [Thu, 8 Feb 2007 22:20:25 +0000 (14:20 -0800)]
ufs: restore back support of openstep

This is a fix of regression, which triggered by ~2.6.16.

Patch with name ufs-directory-and-page-cache-from-blocks-to-pages.patch: in
additional to conversation from block to page cache mechanism added new
checks of directory integrity, one of them that directory entry do not
across directory chunks.

But some kinds of UFS: OpenStep UFS and Apple UFS (looks like these are the
same filesystems) have different directory chunk size, then common
UFSes(BSD and Solaris UFS).

So this patch adds ability to works with variable size of directory chunks,
and set it for ufstype=openstep to right size.

Tested on darwin ufs.

Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix MTRR compat ioctl
Zwane Mwaikambo [Tue, 6 Feb 2007 00:45:06 +0000 (16:45 -0800)]
Fix MTRR compat ioctl

The MTRR compat code wasn't calling the lowlevel MTRR setup due to a switch
block not handling the compat case.

Before:
(WW) I810(0): Failed to set up write-combining range (0xd0000000,0x10000000)

After:
reg00: base=0x00000000 (   0MB), size=1024MB: write-back, count=1
reg01: base=0x40000000 (1024MB), size= 512MB: write-back, count=1
reg02: base=0x5f700000 (1527MB), size=   1MB: uncachable, count=1
reg03: base=0x5f800000 (1528MB), size=   8MB: uncachable, count=1
reg04: base=0xd0000000 (3328MB), size= 256MB: write-combining, count=1

Signed-off-by: Zwane Mwaikambo <zwane@infradead.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agokexec: Fix CONFIG_SMP=n compilation V2 (ia64)
Magnus Damm [Tue, 6 Feb 2007 00:20:09 +0000 (16:20 -0800)]
kexec: Fix CONFIG_SMP=n compilation V2 (ia64)

Kexec support for 2.6.20 on ia64 does not build properly using a config
made up by CONFIG_SMP=n and CONFIG_HOTPLUG_CPU=n:

  CC      arch/ia64/kernel/machine_kexec.o
arch/ia64/kernel/machine_kexec.c: In function `machine_shutdown':
arch/ia64/kernel/machine_kexec.c:77: warning: implicit declaration of function `cpu_down'
  AS      arch/ia64/kernel/relocate_kernel.o
  CC      arch/ia64/kernel/crash.o
arch/ia64/kernel/crash.c: In function `kdump_cpu_freeze':
arch/ia64/kernel/crash.c:139: warning: implicit declaration of function `ia64_jump_to_sal'
arch/ia64/kernel/crash.c:139: error: `sal_boot_rendez_state' undeclared (first use in this function)
arch/ia64/kernel/crash.c:139: error: (Each undeclared identifier is reported only once
arch/ia64/kernel/crash.c:139: error: for each function it appears in.)
arch/ia64/kernel/crash.c: At top level:
arch/ia64/kernel/crash.c:84: warning: 'kdump_wait_cpu_freeze' defined but not used
make[1]: *** [arch/ia64/kernel/crash.o] Error 1
make: *** [arch/ia64/kernel] Error 2

Signed-off-by: Magnus Damm <magnus@valinux.co.jp>
Acked-by: Simon Horman <horms@verge.net.au>
Acked-by: Jay Lan <jlan@sgi.com>
Cc: Tony Luck <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoNLM: Fix double free in __nlm_async_call
Trond Myklebust [Mon, 5 Feb 2007 20:33:23 +0000 (12:33 -0800)]
NLM: Fix double free in __nlm_async_call

rpc_call_async() will always call rpc_release_calldata(), so it is an
error for __nlm_async_call() to do so as well.

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=7923

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoRPM: fix double free in portmapper code
Trond Myklebust [Mon, 5 Feb 2007 20:33:22 +0000 (12:33 -0800)]
RPM: fix double free in portmapper code

rpc_run_task is guaranteed to always call ->rpc_release.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Neil Brown <neilb@suse.de>
Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoRevert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant"
Linus Torvalds [Wed, 7 Mar 2007 07:56:00 +0000 (07:56 +0000)]
Revert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant"

Revert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant"

This reverts commit 39d61db0edb34d60b83c5e0d62d0e906578cc707.

The commit was buggy in multiple ways:
 - the conversion to ilog2() was incorrect to begin with
 - it tested the wrong #defines, so on all architectures but FRV you'd
   never see the bug except for constant arguments.
 - the new "get_order()" macro used its arguments multiple times, and
   didn't even parenthesize them properly
 - despite the comments, it was not true that you could use it for
   constant initializers, since not all architectures even use the
   generic page.h header file.

All of the problems are individually fixable, but it all boils down to:
better just revert it, and re-do it from scratch.

Cc: David Howells <dhowells@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Andrew Morton <akpm@osdl.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoBackport of psmouse suspend/shutdown cleanups
Thomas Renninger [Thu, 22 Feb 2007 12:52:40 +0000 (13:52 +0100)]
Backport of psmouse suspend/shutdown cleanups

This patch works back to 2.6.17 (earlier kernels seem to
need up/down operations on mutex/semaphore).

psmouse - properly reset mouse on shutdown/suspend

Some people report that they need psmouse module unloaded
for suspend to ram/disk to work properly. Let's make port
cleanup behave the same way as driver unload.

This fixes "bad state" problem on various HP laptops, such
as nx7400.

Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB: usbnet driver bugfix
David Brownell [Wed, 21 Feb 2007 16:50:33 +0000 (11:50 -0500)]
USB: usbnet driver bugfix

The attached fixes an oops in the usbnet driver. The same patch is
in 2.6.21-rc1, but that one has many whitespace changes. This is much
smaller.

Signed-off-by: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosched: fix SMT scheduler bug
Ingo Molnar [Thu, 1 Mar 2007 23:58:51 +0000 (18:58 -0500)]
sched: fix SMT scheduler bug

The SMT scheduler incorrectly skips kernel threads even if they are
runnable (but they are preempted by a higher-prio user-space task which got
SMT-delayed by an even higher-priority task running on a sibling CPU).

Fix this for now by only doing the SMT-nice optimization if the
to-be-delayed task is the only runnable task.  (This should cover most of
the real-life cases anyway.)

This bug has been in the SMT scheduler since 2.6.17 or so, but has only
been noticed now by the active check in the dynticks code.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agotty_io: fix race in master pty close/slave pty close path
Aristeu Sergio Rozanski Filho [Fri, 2 Mar 2007 00:02:55 +0000 (19:02 -0500)]
tty_io: fix race in master pty close/slave pty close path

This patch fixes a possible race that leads to double freeing an idr index.
 When the master begin to close, release_dev() is called and then
pty_close() is called:

        if (tty->driver->close)
                tty->driver->close(tty, filp);

This is done without helding any locks other than BKL.  Inside pty_close(),
being a master close, the devpts entry will be removed:

#ifdef CONFIG_UNIX98_PTYS
                if (tty->driver == ptm_driver)
                        devpts_pty_kill(tty->index);
#endif

But devpts_pty_kill() will call get_node() that may sleep while waiting for
&devpts_root->d_inode->i_sem.  When this happens and the slave is being
opened, tty_open() just found the driver and index:

        driver = get_tty_driver(device, &index);
        if (!driver) {
                mutex_unlock(&tty_mutex);
                return -ENODEV;
        }

This part of the code is already protected under tty_mute.  The problem is
that the slave close already got an index.  Then init_dev() is called and
blocks waiting for the same &devpts_root->d_inode->i_sem.

When the master close resumes, it removes the devpts entry, and the
relation between idr index and the tty is gone.  The master then sleeps
waiting for the tty_mutex on release_dev().

Slave open resumes and found no tty for that index.  As result, a NULL tty
is returned and init_dev() doesn't flow to fast_track:

        /* check whether we're reopening an existing tty */
        if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
                tty = devpts_get_tty(idx);
                if (tty && driver->subtype == PTY_TYPE_MASTER)
                        tty = tty->link;
        } else {
                tty = driver->ttys[idx];
        }
        if (tty) goto fast_track;

The result of this, is that a new tty will be created and init_dev() returns
sucessfull. After returning, tty_mutex is dropped and master close may resume.

Master close finds it's the only use and both sides are closing, then releases
the tty and the index. At this point, the idr index is free, but slave still
has it.

Slave open then calls pty_open() and finds that tty->link->count is 0,
because there's no master and returns error.  Then tty_open() calls
release_dev() which executes without any warning, as it was a case of last
slave close when the master is already closed (master->count == 0,
slave->count == 1).  The tty is then released with the already released idr
index.

This normally would only issue a warning on idr_remove() but in case of a
customer's critical application, it's never too simple:

thread1: opens master, gets index X
thread1: begin closing master
thread2: begin opening slave with index X
thread1: finishes closing master, index X released
thread3: opens master, gets index X, just released
thread2: fails opening slave, releases index X         <----
thread4: opens master, gets index X, init_dev() then find an already in use
 and healthy tty and fails

If no more indexes are released, ptmx_open() will keep failing, as the
first free index available is X, and it will make init_dev() fail because
you're trying to "reopen a master" which isn't valid.

The patch notices when this race happens and make init_dev() fail
imediately.  The init_dev() function is called with tty_mutex held, so it's
safe to continue with tty till the end of function because release_dev()
won't make any further changes without grabbing the tty_mutex.

Without the patch, on some machines it's possible get easily idr warnings
like this one:

idr_remove called for id=15 which is not allocated.
 [<c02555b9>] idr_remove+0x139/0x170
 [<c02a1b62>] release_mem+0x182/0x230
 [<c02a28e7>] release_dev+0x4b7/0x700
 [<c02a0ea7>] tty_ldisc_enable+0x27/0x30
 [<c02a1e64>] init_dev+0x254/0x580
 [<c02a0d64>] check_tty_count+0x14/0xb0
 [<c02a4f05>] tty_open+0x1c5/0x340
 [<c02a4d40>] tty_open+0x0/0x340
 [<c017388f>] chrdev_open+0xaf/0x180
 [<c017c2ac>] open_namei+0x8c/0x760
 [<c01737e0>] chrdev_open+0x0/0x180
 [<c0167bc9>] __dentry_open+0xc9/0x210
 [<c0167e2c>] do_filp_open+0x5c/0x70
 [<c0167a91>] get_unused_fd+0x61/0xd0
 [<c0167e93>] do_sys_open+0x53/0x100
 [<c0167f97>] sys_open+0x27/0x30
 [<c010303b>] syscall_call+0x7/0xb

using this test application available on:
 http://www.ruivo.org/~aris/pty_sodomizer.c

Signed-off-by: Aristeu Sergio Rozanski Filho <aris@ruivo.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoforcedeth: disable msix
Ayaz Abdulla [Fri, 2 Mar 2007 00:05:16 +0000 (19:05 -0500)]
forcedeth: disable msix

forcedeth: disable msix

There seems to be an issue when both MSI-X is enabled and NAPI is
configured. This patch disables MSI-X until the issue is root caused.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoexport blk_recount_segments
Neil Brown [Fri, 9 Mar 2007 18:50:27 +0000 (10:50 -0800)]
export blk_recount_segments

On Monday February 12, marcm@liquid-nexus.net wrote:
> >
> > Thanks for the quick response Neil unfortunately the kernel doesn't build with
> > this patch due to a missing symbol:
> >
> > WARNING: "blk_recount_segments" [drivers/md/raid456.ko] undefined!
> >
> > Is that in another file that needs patching or within raid5.c?

Yes.  I keep forgetting about that bit. Sorry.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix reference counting (memory leak) problem in __nfulnl_send() and callers related...
MichaÅ\82 MirosÅ\82aw [Fri, 9 Mar 2007 18:50:27 +0000 (10:50 -0800)]
Fix reference counting (memory leak) problem in __nfulnl_send() and callers related to packet queueing.

Signed-off-by: MichaÅ\82 MirosÅ\82aw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix anycast procfs device leak
David Stevens [Tue, 27 Feb 2007 19:14:00 +0000 (11:14 -0800)]
Fix anycast procfs device leak

[IPV6]: /proc/net/anycast6 unbalanced inet6_dev refcnt

From: David Stevens <dlstevens@us.ibm.com>

Reading /proc/net/anycast6 when there is no anycast address
on an interface results in an ever-increasing inet6_dev reference
count, as well as a reference to the netdevice you can't get rid of.

From: David Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDon't add anycast reference to device multiple times
Michal Wrobel [Tue, 27 Feb 2007 19:12:45 +0000 (11:12 -0800)]
Don't add anycast reference to device multiple times

[IPV6]: anycast refcnt fix

This patch fixes a bug in Linux IPv6 stack which caused anycast address
to be added to a device prior DAD has been completed. This led to
incorrect reference count which resulted in infinite wait for
unregister_netdevice completion on interface removal.

Signed-off-by: Michal Wrobel <xmxwx@asn.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix TCP MD5 locking.
David Miller [Tue, 27 Feb 2007 19:11:09 +0000 (11:11 -0800)]
Fix TCP MD5 locking.

[TCP]: Fix MD5 signature pool locking.

The locking calls assumed that these code paths were only
invoked in software interrupt context, but that isn't true.

Therefore we need to use spin_{lock,unlock}_bh() throughout.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix %100 cpu spinning on sparc64
David Miller [Tue, 27 Feb 2007 19:10:07 +0000 (11:10 -0800)]
Fix %100 cpu spinning on sparc64

[SPARC64] bbc_i2c: Fix kenvctrld eating %100 cpu.

Based almost entirely upon a patch by Joerg Friedrich

Signed-off-by: David S. Miller <davem@davemloft.net>
17 years agoFix skb data reallocation handling in IPSEC
Arnaldo Carvalho de Melo [Tue, 27 Feb 2007 19:08:33 +0000 (11:08 -0800)]
Fix skb data reallocation handling in IPSEC

[XFRM_TUNNEL]: Reload header pointer after pskb_may_pull/pskb_expand_head

Please consider applying, this was found on your latest
net-2.6 tree while playing around with that ip_hdr() + turn
skb->nh/h/mac pointers  as offsets on 64 bits idea :-)

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix xfrm_add_sa_expire() return value
David Miller [Tue, 27 Feb 2007 19:04:27 +0000 (11:04 -0800)]
Fix xfrm_add_sa_expire() return value

[XFRM] xfrm_user: Fix return values of xfrm_add_sa_expire.

As noted by Kent Yoder, this function will always return an
error.  Make sure it returns zero on success.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix interrupt probing on E450 sparc64 systems
David Miller [Tue, 27 Feb 2007 19:01:38 +0000 (11:01 -0800)]
Fix interrupt probing on E450 sparc64 systems

[SPARC64]: Fix PCI interrupts on E450 et al.

When the PCI controller OBP node lacks an interrupt-map
and interrupt-map-mask property, we need to form the
INO by hand.  The PCI swizzle logic was not doing that
properly.

This was a regression added by the of_device code.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoHID: fix possible double-free on error path in hid parser
Jiri Kosina [Thu, 1 Mar 2007 11:02:52 +0000 (12:02 +0100)]
HID: fix possible double-free on error path in hid parser

HID: fix possible double-free on error path in hid parser

Freeing of device->collection is properly done in hid_free_device() (as
this function is supposed to free all the device resources and could be
called from transport specific code, e.g. usb_hid_configure()).

Remove all kfree() calls preceeding the hid_free_device() call.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPOWERPC: Fix performance monitor exception
Livio Soares [Thu, 22 Feb 2007 05:13:17 +0000 (16:13 +1100)]
POWERPC: Fix performance monitor exception

To the issue: some point during 2.6.20 development, Paul Mackerras
introduced the "lazy IRQ  disabling" patch (very cool work,  BTW).
In that patch, the performance monitor unit exception was marked as
"maskable", in the sense that if interrupts were soft-disabled, that
exception could be ignored.  This broke my PowerPC profiling code.
The symptom that I see is that a varying number of interrupts
(from 0 to $n$, typically closer to 0) get delivered, when, in
reality, it should always be very close to $n$.

The issue stems from the way masking is being done.   Masking in
this fashion seems to  work well with the decrementer and external
interrupts, because they are raised again until "really"  handled.
For the PMU, however, this does not apply (at least on my Xserver
machine with a 970FX processor).  If the PMU exception is not handled,
it will _not_ be re-raised (at least on my machine).  The documentation
states that the PMXE bit in MMCR0 is set to 0 when the PMU exception
is raised.  However, software must re-set the bit to re-enable PMU
exceptions.  If the exception is ignored (as currently) not only is
that interrupt lost, but because software does not re-set PMXE, the
PMU registers are "frozen" forever.

[This patch means that performance monitor exceptions are taken and
handled even if irqs are off, as long as some other interrupt hasn't
come along and caused interrupts to be hard-disabled.  In this sense
the PMU exception becomes like an NMI.  The oprofile code for most
powerpc processors does nothing that is unsafe in an NMI context, but
the Cell oprofile code does a spin_lock_irqsave.  However, that turns
out to be OK because Cell doesn't actually use the performance
monitor exception; performance monitor interrupts come in as a
regular interrupt on Cell, so will be disabled when irqs are off.
 -- paulus.]

From: Livio Soares <livio@eecg.toronto.edu>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agolibata: add missing CONFIG_PM in LLDs
Tejun Heo [Fri, 2 Mar 2007 08:46:49 +0000 (17:46 +0900)]
libata: add missing CONFIG_PM in LLDs

Add missing #ifdef CONFIG_PM conditionals around all PM related parts
in libata LLDs.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agolibata: add missing PM callbacks
Tejun Heo [Fri, 2 Mar 2007 08:45:30 +0000 (17:45 +0900)]
libata: add missing PM callbacks

Some LLDs were missing scsi device PM callbacks while having host/port
suspend support.  Add missing ones.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agobcm43xx: Fix assertion failures in interrupt handler
Pavel Roskin [Tue, 6 Mar 2007 01:28:00 +0000 (19:28 -0600)]
bcm43xx: Fix assertion failures in interrupt handler

In the bcm43xx interrupt handler, sanity checks are wrongly done before the
verification that the interrupt is for the bcm43xx.

Signed-off-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agommc: Power quirk for ENE controllers
Darren Salt [Tue, 27 Feb 2007 02:47:18 +0000 (02:47 +0000)]
mmc: Power quirk for ENE controllers

mmc: Power quirk for ENE controllers

Support for these devices was broken for 2.6.18-rc1 and later by commit
146ad66eac836c0b976c98f428d73e1f6a75270d, which added voltage level support.

This restores the previous behaviour for these devices by ensuring that when
the voltage is changed, only one write to set the voltage is performed.

It may be that both writes are needed if the voltage is being changed between
two non-zero values or that it's safe to ensure that only one write is done
if the hardware only supports one voltage; I don't know whether either is the
case nor can I test since I have only the one SD reader (1524:0550), and it
supports just the one voltage.

Signed-off-by: Darren Salt <linux@youmustbejoking.demon.co.uk>
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUML - Fix 2.6.20 hang
Jeff Dike [Thu, 22 Feb 2007 16:48:38 +0000 (11:48 -0500)]
UML - Fix 2.6.20 hang

A previous cleanup misused need_poll, which had a fairly broken
interface.  It implemented a growable array, changing the used
elements count itself, but leaving it up to the caller to fill in the
actual elements, including the entire array if the array had to be
reallocated.  This worked because the previous users were switching
between two such structures, and the elements were copied from the
inactive array to the active array after making sure the active array
had enough room.

maybe_sigio_broken was made to use need_poll, but it was operating on
a single array, so when the buffer was reallocated, the previous
contents were lost.

This patch makes need_poll implement more sane semantics.  It merely
assures that the array is of the proper size and that the contents are
preserved.  It is up to the caller to adjust the used elements count
and to ensure that the proper elements are resent.

This manifested itself as a hang in 2.6.20 as the uninitialized buffer
convinced UML that one of its own file descriptors didn't support
SIGIO and needed to be watched by poll in a separate thread.  The
result was an interrupt flood as control traffic over this descriptor
sparked interrupts, which resulted in more control traffic, ad nauseum.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agofix umask when noACL kernel meets extN tuned for ACLs
Hugh Dickins [Fri, 23 Feb 2007 21:53:49 +0000 (21:53 +0000)]
fix umask when noACL kernel meets extN tuned for ACLs

Fix insecure default behaviour reported by Tigran Aivazian: if an ext2
or ext3 or ext4 filesystem is tuned to mount with "acl", but mounted by
a kernel built without ACL support, then umask was ignored when creating
inodes - though root or user has umask 022, touch creates files as 0666,
and mkdir creates directories as 0777.

This appears to have worked right until 2.6.11, when a fix to the default
mode on symlinks (always 0777) assumed VFS applies umask: which it does,
unless the mount is marked for ACLs; but ext[234] set MS_POSIXACL in
s_flags according to s_mount_opt set according to def_mount_opts.

We could revert to the 2.6.10 ext[234]_init_acl (adding an S_ISLNK test);
but other filesystems only set MS_POSIXACL when ACLs are configured.  We
could fix this at another level; but it seems most robust to avoid setting
the s_mount_opt flag in the first place (at the expense of more ifdefs).

Likewise don't set the XATTR_USER flag when built without XATTR support.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: Andreas Gruenbacher <agruen@suse.de>
Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosata_sil: ignore and clear spurious IRQs while executing commands by polling
Tejun Heo [Sat, 24 Feb 2007 13:30:36 +0000 (22:30 +0900)]
sata_sil: ignore and clear spurious IRQs while executing commands by polling

sata_sil used to trigger HSM error if IRQ occurs during polling
command.  This didn't matter because polling wasn't used in sata_sil.
However, as of 2.6.20, all IDENTIFYs are performed by polling and
device detection sometimes fails due to spurious IRQ.  This patch
makes sata_sil ignore and clear spurious IRQ while executing commands
by polling.

This fixes bug#7996 and IMHO should also be included in -stable.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoswsusp: Fix possible oops in userland interface
Stefan Seyfried [Sat, 24 Feb 2007 22:06:43 +0000 (23:06 +0100)]
swsusp: Fix possible oops in userland interface

Fix the Oops occuring when SNAPSHOT_PMOPS or SNAPSHOT_S2RAM ioctl is called on
a system without pm_ops defined (eg. a non-ACPI kernel on x86 PC).

Signed-off-by: Stefan Seyfried <seife@suse.de>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix posix-cpu-timer breakage caused by stale p->last_ran value
Thomas Gleixner [Thu, 22 Feb 2007 00:33:29 +0000 (01:33 +0100)]
Fix posix-cpu-timer breakage caused by stale p->last_ran value

Problem description at:
http://bugzilla.kernel.org/show_bug.cgi?id=8048

Commit b18ec80396834497933d77b81ec0918519f4e2a7
    [PATCH] sched: improve migration accuracy
optimized the scheduler time calculations, but broke posix-cpu-timers.

The problem is that the p->last_ran value is not updated after a context
switch. So a subsequent call to current_sched_time() calculates with a
stale p->last_ran value, i.e. accounts the full time, which the task was
scheduled away.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoV4L: cx88-blackbird: allow usage of 376836 and 262144 sized firmware images
Michael Krufky [Sat, 3 Mar 2007 14:36:15 +0000 (09:36 -0500)]
V4L: cx88-blackbird: allow usage of 376836 and 262144 sized firmware images

This updates the cx88-blackbird driver to be able to use the new cx23416
firmware image released by Hauppauge Computer Works, while retaining
compatibility with the older firmware images.
cx2341x firmware can be downloaded at: http://dl.ivtvdriver.org/ivtv/firmware/

(cherry picked from commit af70dbd3346999570db73b3bc3d4f7b7c004f2ea)

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoV4L: fix cx25840 firmware loading
Hans Verkuil [Thu, 15 Feb 2007 06:40:34 +0000 (03:40 -0300)]
V4L: fix cx25840 firmware loading

Due to changes in the i2c handling in 2.6.20 this cx25840 bug surfaced,
causing the firmware load to fail for the ivtv driver. The correct
sequence is to first attach the i2c client, then use the client's
device to load the firmware.

(cherry picked from commit d55c7aec666658495e5b57a6b194c8c2a1ac255f)

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Acked-by: Mike Isely <isely@pobox.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDVB: digitv: open nxt6000 i2c_gate for TDED4 tuner handling
Michael Krufky [Sat, 3 Mar 2007 14:36:09 +0000 (09:36 -0500)]
DVB: digitv: open nxt6000 i2c_gate for TDED4 tuner handling

dvb-pll normally opens the i2c gate before attempting to communicate with
the pll, but the code for this device is not using dvb-pll.  This should
be cleaned up in the future, but for now, just open the i2c gate at the
appropriate place in order to fix this driver bug.

(cherry picked from commit 2fe22dcdc79b8dd34e61a3f1231caffd6180a626)

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDVB: cxusb: fix firmware patch for big endian systems
Jin-Bong lee [Sat, 3 Mar 2007 14:36:05 +0000 (09:36 -0500)]
DVB: cxusb: fix firmware patch for big endian systems

Without this patch, the device will not be detected after firmware download
on big endian systems.

(cherry picked from commit 1d1370a48ca285ebe197ecd3197a8d5f161bc291)

Signed-off-by: Jin-Bong lee <jinbong.lee@samsung.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoV4L: pvrusb2: Handle larger cx2341x firmware images
Mike Isely [Sat, 3 Mar 2007 14:36:02 +0000 (09:36 -0500)]
V4L: pvrusb2: Handle larger cx2341x firmware images

Rework the cx23416 firmware loader so that it longer requires the
firmware size to be a multiple of 8KB.  Until recently all cx2341x
firmware images were exactly 256KB, but newer firmware is larger than
that and also appears to have arbitrary size.  We still must check
against a multiple of 4 bytes (because the cx23416 itself uses a 32
bit word size).

This fix is already in the upstream driver source and has proven
itself there; this is a backport for the 2.6.20.y kernel series.

(backported from commit 90060d32ca0a941b158994f78e60d0381871c84b)

Signed-off-by: Mike Isely <isely@pobox.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoV4L: pvrusb2: Fix video corruption on stream start
Mike Isely [Sat, 3 Mar 2007 14:35:54 +0000 (09:35 -0500)]
V4L: pvrusb2: Fix video corruption on stream start

This introduces some extra cx23416 commands when streaming is
started.  The addition of these commands fix random sporadic video
corruption that can take place when the video stream is temporarily
disrupted through loss of signal (e.g. changing the channel in the RF
tuner).

This fix is already in the upstream driver source and has proven
itself there; this is a backport for the 2.6.20.y kernel series.

(backported from commit 6fe7d2c4660174110c6872cacc4fc2acb6e00acf)

Signed-off-by: Mike Isely <isely@pobox.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodvbdev: fix illegal re-usage of fileoperations struct
Marcel Siegert [Sat, 3 Mar 2007 14:35:48 +0000 (09:35 -0500)]
dvbdev: fix illegal re-usage of fileoperations struct

Arjan van de Ven <arjan@infradead.org> reported an illegal re-usage of
the fileoperations struct if more than one dvb device (e.g. frontend) is
present.

This patch fixes this issue.

It allocates a new fileoperations struct each time a device is
registered and copies the default template fileops.

(backported from commit b61901024776b25ce7b8edc31bb1757c7382a88e)

Signed-off-by: Marcel Siegert <mws@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agomd: Fix raid10 recovery problem.
NeilBrown [Tue, 20 Feb 2007 06:34:47 +0000 (17:34 +1100)]
md: Fix raid10 recovery problem.

There are two errors that can lead to recovery problems with raid10
when used in 'far' more (not the default).

Due to a '>' instead of '>=' the wrong block is located which would
result in garbage being written to some random location, quite
possible outside the range of the device, causing the newly
reconstructed device to fail.

The device size calculation had some rounding errors (it didn't round
when it should) and so recovery would go a few blocks too far which
would again cause a write to a random block address and probably
a device error.

The code for working with device sizes was fairly confused and spread
out, so this has been tided up a bit.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agobcm43xx: fix for 4309
Stefano Brivio [Sat, 17 Feb 2007 17:43:14 +0000 (18:43 +0100)]
bcm43xx: fix for 4309

BCM4309 devices aren't working properly as A PHYs aren't supported yet, but
we probe 802.11a cores anyway. This fixes it, while still allowing for A PHY code
to be developed in the future.

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoi386: Fix broken CONFIG_COMPAT_VDSO on i386
Jan Beulich [Sat, 17 Feb 2007 12:33:31 +0000 (13:33 +0100)]
i386: Fix broken CONFIG_COMPAT_VDSO on i386

After updating several machines to 2.6.20, I can't boot  anymore the single
one of them that supports the NX bit and is configured as a 32-bit system.

My understanding is that the VDSO changes in 2.6.20-rc7 were not fully
cooked, in that with that config option enabled VDSO_SYM(x) now equals
x, meaning that an address in the fixmap area is now being passed to
apps via AT_SYSINFO. However, the page is mapped with PAGE_READONLY
rather than PAGE_READONLY_EXEC.

I'm not certain whether having app code go through the fixmap area is
intended, but in case it is here is the simple patch that makes things work
again.

Cc: Theodore Tso <tytso@mit.edu>
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agox86: Don't require the vDSO for handling a.out signals
Andi Kleen [Sat, 17 Feb 2007 12:33:00 +0000 (13:33 +0100)]
x86: Don't require the vDSO for handling a.out signals

x86: Don't require the vDSO for handling a.out signals

and in other strange binfmts. vDSO is not necessarily mapped there.

This fixes signals in a.out programs

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agox86_64: Fix wrong gcc check in bitops.h
Andi Kleen [Sat, 17 Feb 2007 12:35:00 +0000 (13:35 +0100)]
x86_64: Fix wrong gcc check in bitops.h

gcc 5.0 will likely not have the constraint problem

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: transmit timeout deadlock
Stephen Hemminger [Fri, 16 Feb 2007 22:56:11 +0000 (14:56 -0800)]
sky2: transmit timeout deadlock

The code in transmit timeout incorrectly assumed that netif_tx_lock
was not set.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: dont flush good pause frames
Stephen Hemminger [Fri, 16 Feb 2007 22:56:10 +0000 (14:56 -0800)]
sky2: dont flush good pause frames

Don't mark pause frames as errors. This problem caused transmitter not
to pause and would effectively take out a gigabit switch because the
it can't handle overrun.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix oops in xfrm_audit_log()
David Miller [Wed, 14 Feb 2007 02:22:46 +0000 (18:22 -0800)]
Fix oops in xfrm_audit_log()

[XFRM]: Fix OOPSes in xfrm_audit_log().

Make sure that this function is called correctly, and
add BUG() checking to ensure the arguments are sane.

Based upon a patch by Joy Latten.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPrevent pseudo garbage in SYN's advertized window
Ilpo Järvinen [Tue, 13 Feb 2007 20:42:11 +0000 (12:42 -0800)]
Prevent pseudo garbage in SYN's advertized window

TCP may advertize up to 16-bits window in SYN packets (no window
scaling allowed). At the same time, TCP may have rcv_wnd
(32-bits) that does not fit to 16-bits without window scaling
resulting in pseudo garbage into advertized window from the
low-order bits of rcv_wnd. This can happen at least when
mss <= (1<<wscale) (see tcp_select_initial_window). This patch
fixes the handling of SYN advertized windows (compile tested
only).

In worst case (which is unlikely to occur though), the receiver
advertized window could be just couple of bytes. I'm not sure
that such situation would be handled very well at all by the
receiver!? Fortunately, the situation normalizes after the
first non-SYN ACK is received because it has the correct,
scaled window.

Alternatively, tcp_select_initial_window could be changed to
prevent too large rcv_wnd in the first place.

[ tcp_make_synack() has the same bug, and I've added a fix for
  that to this patch -DaveM ]

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix IPX module unload
Jiri Bohac [Wed, 14 Feb 2007 02:19:47 +0000 (18:19 -0800)]
Fix IPX module unload

[IPX]: Fix NULL pointer dereference on ipx unload

Fixes a null pointer dereference when unloading the ipx module.

On initialization of the ipx module, registering certain packet
types can fail. When this happens, unloading the module later
dereferences NULL pointers.  This patch fixes that. Please apply.

Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoClear TCP segmentation offload state in ipt_REJECT
Herbert Xu [Wed, 14 Feb 2007 02:12:38 +0000 (18:12 -0800)]
Clear TCP segmentation offload state in ipt_REJECT

[NETFILTER]: Clear GSO bits for TCP reset packet

The TCP reset packet is copied from the original.  This
includes all the GSO bits which do not apply to the new
packet.  So we should clear those bits.

Spotted by Patrick McHardy.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix atmarp.h for userspace
David Miller [Wed, 14 Feb 2007 02:11:27 +0000 (18:11 -0800)]
Fix atmarp.h for userspace

[ATM]: atmarp.h needs to always include linux/types.h

To provide the __be* types, even for userspace includes.

Reported by Andrew Walrond.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUHCI: fix port resume problem
Alan Stern [Mon, 26 Feb 2007 22:16:06 +0000 (17:16 -0500)]
UHCI: fix port resume problem

This patch (as863) fixes a problem encountered sometimes when resuming
a port on a UHCI controller.  The hardware may turn off the
Resume-Detect bit before turning off the Suspend bit, leading usbcore
to think that the port is still suspended and the resume has failed.
The patch makes uhci_finish_suspend() wait until both bits are safely
off.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix recently introduced problem with shutting down a busy NFS server.
NeilBrown [Tue, 6 Mar 2007 06:11:33 +0000 (17:11 +1100)]
Fix recently introduced problem with shutting down a busy NFS server.

When the last thread of nfsd exits, it shuts down all related sockets.
It currently uses svc_close_socket to do this, but that only is
immediately effective if the socket is not SK_BUSY.

If the socket is busy - i.e. if a request has arrived that has not yet
been processes - svc_close_socket is not effective and the shutdown
process spins.

So create a new svc_force_close_socket which removes the SK_BUSY flag
is set and then calls svc_close_socket.

Also change some open-codes loops in svc_destroy to use
list_for_each_entry_safe.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoAvoid using nfsd process pools on SMP machines.
NeilBrown [Tue, 6 Mar 2007 06:11:29 +0000 (17:11 +1100)]
Avoid using nfsd process pools on SMP machines.

process-pools have real benefits for NUMA, but on SMP
machines they only work if network interface interrupts
go to all CPUs (via round-robin or multiple nics).  This is
not always the case, so disable the pools in this case until
a better solution is developped.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff .prev/net/sunrpc/svc.c ./net/sunrpc/svc.c

17 years agoEHCI: turn off remote wakeup during shutdown
Alan Stern [Tue, 13 Feb 2007 19:53:06 +0000 (14:53 -0500)]
EHCI: turn off remote wakeup during shutdown

This patch (as850b) disables remote wakeup (and everything else!) on
all EHCI ports when the shutdown() method is called.  If remote wakeup
is left active then some systems will reboot instead of powering off.
This fixes Bugzilla #7828.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoIPV6: HASHTABLES: Use appropriate seed for caluculating ehash index.
YOSHIFUJI Hideaki [Tue, 13 Feb 2007 00:48:41 +0000 (09:48 +0900)]
IPV6: HASHTABLES: Use appropriate seed for caluculating ehash index.

Tetsuo Handa <handat@pm.nttdata.co.jp> told me that connect(2) with TCPv6
socket almost always took a few minutes to return when we did not have any
ports available in the range of net.ipv4.ip_local_port_range.

The reason was that we used incorrect seed for calculating index of
hash when we check established sockets in __inet6_check_established().

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoMTD: Fatal regression in drivers/mtd/redboot.c in 2.6.20
David Woodhouse [Mon, 12 Feb 2007 23:26:22 +0000 (09:56 +1030)]
MTD: Fatal regression in drivers/mtd/redboot.c in 2.6.20

[MTD] Fix regression in RedBoot partition scanning

This fixes a regression introduced by the attempt to handle RedBoot FIS
tables which are smaller than an eraseblock, in commit
0b47d654089c5ce3f2ea26a4485db9bcead1e515

It moves the recalculation of the number of slots in the table to the
correct place, and improves the heuristic for when we think we need to
byte-swap what we read from the flash.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Rod Whitby <rod@whitby.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoKconfig: FAULT_INJECTION can be selected only if LOCKDEP is enabled.
Paolo 'Blaisorblade' Giarrusso [Sat, 10 Feb 2007 16:45:37 +0000 (17:45 +0100)]
Kconfig: FAULT_INJECTION can be selected only if LOCKDEP is enabled.

There is no prompt for STACKTRACE, so it is enabled only when 'select'ed.
FAULT_INJECTION depends on it, while LOCKDEP selects it. So FAULT_INJECTION
becomes visible in Kconfig only when LOCKDEP is enabled.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB HID: Fix USB vendor and product IDs endianness for USB HID devices
Julien BLACHE [Sun, 11 Feb 2007 17:27:09 +0000 (18:27 +0100)]
USB HID: Fix USB vendor and product IDs endianness for USB HID devices

The USB vendor and product IDs are not byteswapped appropriately, and
thus come out in the wrong endianness when fetched through the evdev
using ioctl() on big endian platforms.

Signed-off-by: Julien BLACHE <jb@jblache.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix null pointer dereference in appledisplay driver
Michael Hanselmann [Sat, 10 Feb 2007 00:18:23 +0000 (01:18 +0100)]
Fix null pointer dereference in appledisplay driver

Commit 40b20c257a13c5a526ac540bc5e43d0fdf29792a by Len Brown introduced
a null pointer dereference in the appledisplay driver. This patch fixes
it.

Signed-off-by: Michael Hanselmann <linux-kernel@hansmi.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoieee1394: fix host device registering when nodemgr disabled
Stefan Richter [Fri, 9 Feb 2007 23:44:44 +0000 (00:44 +0100)]
ieee1394: fix host device registering when nodemgr disabled

Since my commit 8252bbb1363b7fe963a3eb6f8a36da619a6f5a65 in 2.6.20-rc1,
host devices have a dummy driver attached.  Alas the driver was not
registered before use if ieee1394 was loaded with disable_nodemgr=1.

This resulted in non-functional FireWire drivers or kernel lockup.
http://bugzilla.kernel.org/show_bug.cgi?id=7942

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoieee1394: video1394: DMA fix
David Moore [Fri, 9 Feb 2007 23:41:28 +0000 (00:41 +0100)]
ieee1394: video1394: DMA fix

This together with the phys_to_virt fix in lib/swiotlb.c::swiotlb_sync_sg
fixes video1394 DMA on machines with DMA bounce buffers, especially Intel
x86-64 machines with > 3GB RAM.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: David Moore <dcm@acm.org>
Tested-by: Nicolas Turro <Nicolas.Turro@inrialpes.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix compile error for e500 core based processors
Rojhalat Ibrahim [Fri, 9 Feb 2007 15:39:57 +0000 (09:39 -0600)]
Fix compile error for e500 core based processors

We get the following compiler error:

   CC      arch/ppc/kernel/ppc_ksyms.o
arch/ppc/kernel/ppc_ksyms.c:275: error: '__mtdcr' undeclared here (not in a function)
arch/ppc/kernel/ppc_ksyms.c:275: warning: type defaults to 'int' in declaration of '__mtdcr'
arch/ppc/kernel/ppc_ksyms.c:276: error: '__mfdcr' undeclared here (not in a function)
arch/ppc/kernel/ppc_ksyms.c:276: warning: type defaults to 'int' in declaration of '__mfdcr'
make[1]: *** [arch/ppc/kernel/ppc_ksyms.o] Error 1

This is due to the EXPORT_SYMBOL for __mtdcr/__mfdcr not having the proper CONFIG protection

Signed-off-by: Rojhalat Ibrahim <imr@rtschenk.de>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agomd: Avoid possible BUG_ON in md bitmap handling.
Neil Brown [Wed, 7 Feb 2007 22:28:28 +0000 (09:28 +1100)]
md: Avoid possible BUG_ON in md bitmap handling.

md/bitmap tracks how many active write requests are pending on blocks
associated with each bit in the bitmap, so that it knows when it can
clear the bit (when count hits zero).

The counter has 14 bits of space, so if there are ever more than 16383,
we cannot cope.

Currently the code just calles BUG_ON as "all" drivers have request queue
limits much smaller than this.

However is seems that some don't.  Apparently some multipath configurations
can allow more than 16383 concurrent write requests.

So, in this unlikely situation, instead of calling BUG_ON we now wait
for the count to drop down a bit.  This requires a new wait_queue_head,
some waiting code, and a wakeup call.

Tested by limiting the counter to 20 instead of 16383 (writes go a lot slower
in that case...).

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff .prev/drivers/md/bitmap.c ./drivers/md/bitmap.c

17 years agoFix allocation failure handling in multicast
Alexey Dobriyan [Wed, 7 Feb 2007 05:58:27 +0000 (21:58 -0800)]
Fix allocation failure handling in multicast

[IPV4/IPV6] multicast: Check add_grhead() return value

add_grhead() allocates memory with GFP_ATOMIC and in at least two places skb
from it passed to skb_put() without checking.

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix TCP FIN handling
John Heffner [Wed, 7 Feb 2007 05:57:34 +0000 (21:57 -0800)]
Fix TCP FIN handling

We can accidently spit out a huge burst of packets with TSO
when the FIN back is piggybacked onto the final packet.

[TCP]: Don't apply FIN exception to full TSO segments.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix ATM initcall ordering.
Daniel Walker [Wed, 7 Feb 2007 05:56:37 +0000 (21:56 -0800)]
Fix ATM initcall ordering.

[ATM]: Fix for crash in adummy_init()

This was reported by Ingo Molnar here,

http://lkml.org/lkml/2006/12/18/119

The problem is that adummy_init() depends on atm_init() , but adummy_init()
is called first.

So I put atm_init() into subsys_initcall which seems appropriate, and it
will still get module_init() if it becomes a module.

Interesting to note that you could crash your system here if you just load
the modules in the wrong order.

Signed-off-by: Daniel Walker <dwalker@mvista.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix various bugs with aligned reads in RAID5.
Neil Brown [Tue, 6 Feb 2007 23:26:56 +0000 (10:26 +1100)]
Fix various bugs with aligned reads in RAID5.

Fix various bugs with aligned reads in RAID5.

It is possible for raid5 to be sent a bio that is too big
for an underlying device.  So if it is a READ that we
pass stright down to a device, it will fail and confuse
RAID5.

So in 'chunk_aligned_read' we check that the bio fits within the
parameters for the target device and if it doesn't fit, fall back
on reading through the stripe cache and making lots of one-page
requests.

Note that this is the earliest time we can check against the device
because earlier we don't have a lock on the device, so it could change
underneath us.

Also, the code for handling a retry through the cache when a read
fails has not been tested and was badly broken.  This patch fixes that
code.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agohda-intel - Don't try to probe invalid codecs
Takashi Iwai [Tue, 6 Feb 2007 18:15:26 +0000 (19:15 +0100)]
hda-intel - Don't try to probe invalid codecs

[ALSA] hda-intel - Don't try to probe invalid codecs

Fix the max number of codecs detected by HD-intel (and compatible)
controllers to 3.  Some hardware reports extra bits as if
connected, and the driver gets confused to probe unexisting codecs.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>