mac80211: make "decrypt failed" messages conditional upon MAC80211_DEBUG
Make "decrypt failed" and "have no key" debugging messages compile
conditionally upon CONFIG_MAC80211_DEBUG. They have been useful for
finding certain problems in the past, but in many cases they just
clutter a user's logs.
A typical example is an enviornment where multiple SSIDs are using a
single BSSID but with different protection schemes or different keys
for each SSID. In such an environment these messages are just noise.
Let's just leave them for those interested enough to turn-on debugging.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sat, 3 Nov 2007 13:11:10 +0000 (13:11 +0000)]
mac80211: use IW_AUTH_PRIVACY_INVOKED rather than IW_AUTH_KEY_MGMT
In the long bug-hunt for why dynamic WEP networks didn't work it
turned out that mac80211 incorrectly uses IW_AUTH_KEY_MGMT while
it should use IW_AUTH_PRIVACY_INVOKED to determine whether to
associate to protected networks or not.
This patch changes the behaviour to be that way and clarifies the
existing code.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Jouni Malinen <j@w1.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 30 Oct 2007 14:58:18 +0000 (15:58 +0100)]
mac80211: remove unused driver ops
The driver operations set_ieee8021x(), set_port_auth() and
set_privacy_invoked() are not used by any drivers, except
set_privacy_invoked() they aren't even used by mac80211.
Remove them at least until we need to support drivers with
mac80211 that require getting this information.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Mon, 5 Nov 2007 13:32:35 +0000 (14:32 +0100)]
softmac: MAINTAINERS update
This patch marks softmac as obsolete in MAINTAINERS and removes Joe and
myself as maintainers, we're no longer using it nor interested in the
code in any way. Also remove the website reference because I took it
offline. Hopefully the code will go away in 2.6.25.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Joseph Jezak <josejx@gentoo.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sun, 28 Oct 2007 14:16:50 +0000 (15:16 +0100)]
rfkill: Use mutex_lock() at register and add sanity check
Replace mutex_lock_interruptible() by mutex_lock() in rfkill_register(),
as interruptible doesn't make sense there.
Add a sanity check for rfkill->type, as that's used for an unchecked dereference
in an array and might cause hard to debug crashes if the driver sets this
to an invalid value.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:53:36 +0000 (14:53 +0100)]
iwlwifi: select proper rate control algorithm
Prior to this patch, iwlwifi would always use the first
registered rate control algorithm which, depending on system
setup, could be anything. After the mac80211 patch to make
the simple algorithm built-in, it would always be simple.
This has always been a bug in iwlwifi.
This fixes it by requesting that mac80211 selects the right
rate control algorithm.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:51:05 +0000 (14:51 +0100)]
mac80211: allow driver to ask for a rate control algorithm
This allows a driver to ask for a specific rate control algorithm.
The rate control algorithm asked for must be registered and be
available as a module or built-in.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:49:33 +0000 (14:49 +0100)]
mac80211: don't allow registering the same rate control twice
Previously, mac80211 would allow registering the same rate control
algorithm twice. This is a programming error in the registration
and should not happen; additionally the second version could never
be selected. Disallow this and warn about it.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:17:44 +0000 (14:17 +0100)]
mac80211: make simple rate control algorithm built-in
Too frequently people do not have module autoloading enabled
or fail to install the rate control module correctly, hence
their hardware probing fails due to no rate control algorithm
being available. This makes the 'simple' algorithm built into
the mac80211 module unless EMBEDDED is enabled in which case
it can be disabled (eg. if the wanted driver requires another
rate control algorithm.)
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sun, 28 Oct 2007 12:07:54 +0000 (13:07 +0100)]
rfkill: Register LED triggers before registering switch
Registering the switch triggers a LED event, so we must register
LED triggers before the switch.
This has a potential to fix a crash, depending on how the device
driver initializes the rfkill data structure.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sat, 27 Oct 2007 13:14:39 +0000 (15:14 +0200)]
ssb: Fix initcall ordering
ssb must init after PCI but before the ssb drivers.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: Christian Casteyde <casteyde.christian@free.fr>
Fixes-bug: #9219 Signed-off-by: John W. Linville <linville@tuxdriver.com>
The MLME request reason code is host-endian and our passing
it to the low level functions is host-endian as well since
they do the swapping. I noticed that the reason code 768 was
sent (0x300) rather than 3 when wpa_supplicant terminates.
This removes the superfluous cpu_to_le16() call.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Radu Rendec [Sun, 11 Nov 2007 05:54:50 +0000 (21:54 -0800)]
[PKT_SCHED] CLS_U32: Use ffs() instead of C code on hash mask to get first set bit.
Computing the rank of the first set bit in the hash mask (for using later
in u32_hash_fold()) was done with plain C code. Using ffs() instead makes
the code more readable and improves performance (since ffs() is better
optimized in assembler).
Using the conditional operator on hash mask before applying ntohl() also
saves one ntohl() call if mask is 0.
Signed-off-by: Radu Rendec <radu.rendec@ines.ro> Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
Chuck Lever [Sun, 11 Nov 2007 05:53:30 +0000 (21:53 -0800)]
[NET]: Fix skb_truesize_check() assertion
The intent of the assertion in skb_truesize_check() is to check
for skb->truesize being decremented too much by other code,
resulting in a wraparound below zero.
The type of the right side of the comparison causes the compiler to
promote the left side to an unsigned type, despite the presence of an
explicit type cast. This defeats the check for negativity.
Ensure both sides of the comparison are a signed type to prevent the
implicit type conversion.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Sun, 11 Nov 2007 05:47:39 +0000 (21:47 -0800)]
[INET]: Add missed tunnel64_err handler
The tunnel64_protocol uses the tunnel4_protocol's err_handler and
thus calls the tunnel4_protocol's handlers.
This is not very good, as in case of (icmp) error the wrong error
handlers will be called (e.g. ipip ones instead of sit) and this
won't be noticed at all, because the error is not reported.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Sun, 11 Nov 2007 05:39:26 +0000 (21:39 -0800)]
[IPX]: Use existing sock refcnt debugging infrastructure
Just like in the af_packet.c, the ipx_sock_nr variable is used
for debugging purposes.
Switch to using existing infrastructure. Thanks to Arnaldo for
pointing this out.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Sun, 11 Nov 2007 05:38:48 +0000 (21:38 -0800)]
[PACKET]: Use existing sock refcnt debugging infrastructure
The packet_socks_nr variable is used purely for debugging
the number of sockets.
As Arnaldo pointed out, there's already an infrastructure
for this purposes, so switch to using it.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 11 Nov 2007 05:24:19 +0000 (21:24 -0800)]
[TCP]: Split SACK FRTO flag clearing (fixes FRTO corner case bug)
In case we run out of mem when fragmenting, the clearing of
FLAG_ONLY_ORIG_SACKED might get missed which then feeds FRTO
with false information. Move clearing outside skb processing
loop so that it will get executed even if the skb loop
terminates prematurely due to out-of-mem.
Besides, now the core of the loop truly deals with a single
skb only, which also enables creation a more self-contained
of tcp_sacktag_one later on.
In addition, small reorganization of if branches was made.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 11 Nov 2007 05:22:18 +0000 (21:22 -0800)]
[TCP]: Fix reord detection due to snd_una covered holes
Fixes subtle bug like the one with fastpath_cnt_hint happening
due to the way the GSO and hints interact. Because hints are not
reset when just a GSOed skb is partially ACKed, there's no
guarantee that the relevant part of the write queue is going to
be processed in sacktag at all (skbs below snd_una) because
fastpath hint can fast forward the entrypoint.
This was also on the way of future reductions in sacktag's skb
processing. Also future cleanups in sacktag can be made after
this (in 2.6.25).
This may make reordering update in tcp_try_undo_partial
redundant but I'm not too sure so I left it there.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 11 Nov 2007 05:20:59 +0000 (21:20 -0800)]
[TCP]: Consider GSO while counting reord in sacktag
Reordering detection fails to take account that the reordered
skb may have pcount larger than 1. In such case the lowest of
them had the largest reordering, the old formula used the
highest of them which is pcount - 1 packets less reordered.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Jerome Pinot [Sat, 10 Nov 2007 18:01:10 +0000 (03:01 +0900)]
ACPI: add documentation for deprecated /proc/acpi/battery in ACPI_PROCFS
Add documentation in Kconfig help about the move of /proc/acpi/battery
to /sys/class/power_supply when selecting ACPI_PROCFS. This will impact
a lot of users and should be documented.
Linus Torvalds [Sat, 10 Nov 2007 22:26:04 +0000 (14:26 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: Don't fail device revalidation for bad _GTF methods
libata: port and host should be stopped before hardware resources are released
libata: skip 0xff polling for PATA controllers
libata: pata_platform: Support polling-mode configuration.
libata: Support PIO polling-only hosts.
libata sata_qstor conversion to new error handling (EH).
libata sata_qstor workaround for spurious interrupts
libata sata_qstor nuke idle state
nv_hardreset: update dangling reference to bugzilla entry
ata_piix: add SATELLITE PRO U200 to broken suspend list
Francois Romieu [Thu, 8 Nov 2007 22:23:21 +0000 (23:23 +0100)]
r8169: prevent bit sign expansion error in mdio_write
Oops.
The current code does not like being given an u16 with the highest
bit set as an argument to mdio_write. Let's enforce a correct range of
values for both the register address and value (resp. 5 and 16 bits).
The callers are currently left as-is.
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Ron Mercer [Wed, 7 Nov 2007 21:59:06 +0000 (13:59 -0800)]
qla3xxx: bugfix: Move link state machine into a worker thread
The link state machine requires access to some resources that
are shared with the iSCSI function on the chip. (See iSCSI
driver at drivers/scsi/qla4xxx) If the interface is being
up/downed at a rapid pace this driver may need to sleep
waiting to get access to the common resources. For this we
are moving the state machine to run as a work thread.
Signed-off-by: Ron Mercer <ron.mercer@qlogic.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Jay Vosburgh [Tue, 6 Nov 2007 21:33:29 +0000 (13:33 -0800)]
bonding: don't validate address at device open
The standard validate_addr handler refuses to accept the all zeroes address
as valid. However, it's common historical practice for the bonding
master to be configured up prior to having any slaves, at which time the
master will have a MAC address of all zeroes.
Resolved by setting the dev->validate_addr to NULL. The master still can't
end up with an invalid address, as the set_mac_address function tests
for validity.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Jay Vosburgh [Tue, 6 Nov 2007 21:33:28 +0000 (13:33 -0800)]
bonding: fix rtnl locking merge error
Looks like I incorrectly merged one of the rtnl lock changes,
so that one function, bonding_show_active_slave, held rtnl but didn't
release it, and another, bonding_store_active_slave, never held rtnl but
did release it.
Fixed so the first function doesn't mess with rtnl, and the
second correctly acquires and releases rtnl.
Bug reported by Moni Shoua <monis@voltaire.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Stefano Brivio [Wed, 7 Nov 2007 17:33:37 +0000 (18:33 +0100)]
b43legacy: fix shared IRQ race condition
Fix an IRQ race condition in b43legacy. If we call
b43legacy_wireless_core_stop(), it will set the status of the device to
INITIALIZED and the IRQ handler won't care any longer about IRQs, thus the
kernel will disable the IRQ if it's shared (unless we boot it with the
'irqpoll' option). So we must disable IRQs before changing the device
status.
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stefano Brivio [Wed, 7 Nov 2007 17:16:11 +0000 (18:16 +0100)]
b43: fix shared IRQ race condition
Fix an IRQ race condition in b43. If we call b43_stop_wireless_core(), it
will set the status of the device to INITIALIZED and the IRQ handler won't
care any longer about IRQs, thus the kernel will disable the IRQ if it's
shared (unless we boot it with the 'irqpoll' option). So we must disable
IRQs before changing the device status.
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stefano Brivio [Tue, 6 Nov 2007 21:48:56 +0000 (22:48 +0100)]
b43legacy: add me as maintainer and fix URLs
As b43legacy is going to be orphaned, add me as a maintainer. Fix URLs for
the related website and fix my e-mail address in MAINTAINERS file.
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Cc: Larry Finger <larry.finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sat, 3 Nov 2007 13:34:32 +0000 (14:34 +0100)]
b43: Rewrite and fix rfkill init
The rfkill subsystem doesn't like code like that
rfkill_allocate();
rfkill_register();
rfkill_unregister();
rfkill_register(); /* <- This will crash */
This sequence happens with
modprobe b43
ifconfig wlanX up
ifconfig wlanX down
ifconfig wlanX up
Fix this by always re-allocating the rfkill stuff before register.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Roel Kluin [Mon, 5 Nov 2007 22:55:02 +0000 (23:55 +0100)]
ipw2100: fix postfix decrement errors
If i reaches zero, the loop ends, but the postfix decrement subtracts it to -1.
Testing for 'i == 0', later in the function, will not fulfill its purpose.
Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sun, 28 Oct 2007 13:39:52 +0000 (14:39 +0100)]
rt2x00: Block adhoc & master mode
rt2x00 is broken when it comes down to adhoc and master mode.
The main problem is the beaconing, which is completely failing.
Untill a solution has been found, both beacon requiring modes
must be disabled to prevent numerous bug reports.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Holger Schurig [Tue, 9 Oct 2007 08:41:57 +0000 (10:41 +0200)]
libertas: fixes for slow hardware
Fixes for slow hardware.
Signed-off-by: Vitaly V. Bursov <vitalyvb@ukr.net> Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The Intel device supported by the hermes driver core is the IPW2011. The
"Intel PRO/Wireless" wording suggests the later Centrino devices and may
be confusing to some users.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Various symptoms depending on the .config options:
- the card stops working after some (short) time
- the card does not work at all
- the card disappears (nothing in lspci/dmesg)
A real power-off is needed to recover the card.
Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Francois Romieu [Tue, 6 Nov 2007 21:56:10 +0000 (22:56 +0100)]
r8169: do not enable the TBI for the 8168 and the 81x0
The 8168c and the 8100e choke on it. I have not seen an indication
nor received a report that the TBI is being actively used on the
remaining 8168b and 8110. Let's disable it for now until someone
complains.
eric miao [Tue, 30 Oct 2007 01:48:41 +0000 (09:48 +0800)]
add support for smc91x ethernet interface on zylonite
This patch adds LAN91C111 ethernet interface support for zylonite
(a.k.a Marvell's PXA3xx Development Platform) with smc91x driver.
It would be better if a patch would support zylonite along with all
other PXA boards with a single binary of smc91x driver, but it looks
quite difficult for the moment, so ugly #ifdef is still used here.
Signed-off-by: Aleksey Makarov <amakarov@ru.mvista.com> Acked-by: eric miao <eric.miao@marvell.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
The PCI AER support may not work for a couple of reasons.
It may not be configured into the kernel or there may be a BIOS
bug that prevents MMCONFIG from working. If MMCONFIG doesn't work
then the PCI registers that control AER will not be accessible via
pci_read_config functions; luckly there is another window to access
PCI space in the device, so use that.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
The D-Link PCI-X board (and maybe others) can lie about status
ring entries. It seems it will update the register for last status
index before completing the DMA for the ring entry. To avoid reading
stale data, zap the old entry and check.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Chuck Ebbert [Wed, 7 Nov 2007 15:48:39 +0000 (10:48 -0500)]
x86 - 32-bit ptrace emulation mishandles 6th arg
[ jdike - Pushing Chuck's patch - see
http://lkml.org/lkml/2005/9/16/261 for some history and a test
program. UML is also broken without this patch - its processes get
SIGBUS from the corrupt 6th argument to mmap being interpretted as a
file offset ]
When the 32-bit vDSO is used to make a system call, the %ebp register for
the 6th syscall arg has to be loaded from the user stack (where it's pushed
by the vDSO user code). The native i386 kernel always does this before
stopping for syscall tracing, so %ebp can be seen and modified via ptrace
to access the 6th syscall argument. The x86-64 kernel fails to do this,
presenting the stack address to ptrace instead. This makes the %rbp value
seen by 64-bit ptrace of a 32-bit process, and the %ebp value seen by a
32-bit caller of ptrace, both differ from the native i386 behavior.
This patch fixes the problem by putting the word loaded from the user stack
into %rbp before calling syscall_trace_enter, and reloading the 6th syscall
argument from there afterwards (so ptrace can change it). This makes the
behavior match that of i386 kernels.
Original-Patch-By: Roland McGrath <roland@redhat.com> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Roland McGrath [Tue, 6 Nov 2007 23:30:38 +0000 (15:30 -0800)]
x86_64: ia32 ptrace THREAD_AREA fix
The addr argument to PTRACE_GET_THREAD_AREA and PTRACE_SET_THREAD_AREA is
not a magic constant. It's derived from the segment register values being
used, which are computed originally from the index used with set_thread_area.
The value does not need to match what a native i386 kernel would accept.
It needs to match the segment selectors that can actually be in use in this
32-bit process. The 64-bit ptrace support for PTRACE_GET_THREAD_AREA
(normally used only on 32-bit processes) is correct, but the 32-bit emulation
of ptrace is broken.
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Randy Dunlap [Sat, 10 Nov 2007 03:30:36 +0000 (04:30 +0100)]
voyager: use struct instead of PARAM
Use struct boot_params instead of PARAM + 0xoffsets.
Fixes one of many Voyager build problems.
arch/x86/kernel/setup_32.c:543: error: 'PARAM' undeclared (first use in this function)
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
David Miller [Wed, 7 Nov 2007 05:13:56 +0000 (21:13 -0800)]
[FUTEX] Fix address computation in compat code.
compat_exit_robust_list() computes a pointer to the
futex entry in userspace as follows:
(void __user *)entry + futex_offset
'entry' is a 'struct robust_list __user *', and
'futex_offset' is a 'compat_long_t' (typically a 's32').
Things explode if the 32-bit sign bit is set in futex_offset.
Type promotion sign extends futex_offset to a 64-bit value before
adding it to 'entry'.
This triggered a problem on sparc64 running 32-bit applications which
would lock up a cpu looping forever in the fault handling for the
userspace load in handle_futex_death().
Compat userspace runs with address masking (wherein the cpu zeros out
the top 32-bits of every effective address given to a memory operation
instruction) so the sparc64 fault handler accounts for this by
zero'ing out the top 32-bits of the fault address too.
Since the kernel properly uses the compat_uptr interfaces, kernel side
accesses to compat userspace work too since they will only use
addresses with the top 32-bit clear.
Because of this compat futex layer bug we get into the following loop
when executing the get_user() load near the top of handle_futex_death():
1) load from address '0xfffffffff7f16bd8', FAULT
2) fault handler clears upper 32-bits, processes fault
for address '0xf7f16bd8' which succeeds
3) goto #1
I want to thank Bernd Zeimetz, Josip Rodin, and Fabio Massimo Di Nitto
for their tireless efforts helping me track down this bug.
Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 9 Nov 2007 23:28:11 +0000 (15:28 -0800)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] IOSAPIC bogus error cleanup
[IA64] Update printing of feature set bits
[IA64] Fix IOSAPIC delivery mode setting
[IA64] XPC heartbeat timer function must run on CPU 0
[IA64] Clean up /proc/interrupts output
[IA64] Disable/re-enable CPE interrupts on Altix
[IA64] Clean-up McKinley Errata message
[IA64] Add gate.lds to list of files ignored by Git
[IA64] Fix section mismatch in contig.c version of per_cpu_init()
[IA64] Wrong args to memset in efi_gettimeofday()
[IA64] Remove duplicate includes from ia32priv.h
[IA64] fix number of bytes zeroed by sys_fw_init() in arch/ia64/hp/sim/boot/fw-emu.c
[IA64] Fix perfmon sysctl directory modes
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6: (26 commits)
sh: remove dead config symbols from SH code
sh: Kill off broken snapgear ds1302 code.
sh: Add a dummy vga.h.
rtc: rtc-sh: Zero out tm value for invalid rtc states.
rtc: sh-rtc: Handle rtc_device_register() failure properly.
sh: Fix heartbeart on Solution Engine series
sh: Remove SCI_NPORTS from sh-sci.h
sh: Fix up PAGE_KERNEL_PCC() for nommu.
sh: hs7751rvoip: Kill off dead IPR IRQ mappings.
sh: hs7751rvoip: irq.c needs linux/interrupt.h.
sh: Kill off __{copy,clear}_user_page().
sh: Optimized copy_{to,from}_user_page() for SH-4.
sh: Wire up clear_user_highpage().
sh: Kill off the remaining ST40 cruft.
superhyway: Handle device_register() retval properly.
sh: kgdb sysrq depends on magic sysrq.
sh: Add -Werror for clean directories.
sh: Fix up kgdb build with modular sh-sci.
sh: Export __{s,u}divsi3_i4i on all CPUs.
sh: Fix up kgdb-on-NMI branch target.
...
Linus Torvalds [Fri, 9 Nov 2007 23:16:52 +0000 (15:16 -0800)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (37 commits)
[POWERPC] EEH: Make sure warning message is printed
[POWERPC] Make altivec code in swsusp_32.S depend on CONFIG_ALTIVEC
[POWERPC] windfarm: Fix windfarm thread freezer interaction
[POWERPC] Fix si_addr value on low level hash failures
[POWERPC] Refresh ppc64_defconfig and enable pasemi-related options
[POWERPC] pasemi: Update defconfig
[POWERPC] iSeries: Fix ref counting in vio setup
[POWERPC] ] Fix memset size error
[POWERPC] Fix link errors for allyesconfig
[POWERPC] iSeries_init_IRQ non-PCI tidy
[POWERPC] Change fallocate to match unistd.h on powerpc
[POWERPC] EEH: Avoid crash on null device
[POWERPC] EEH: Drivers that need reset trump others
[POWERPC] EEH: Clean up comments
[POWERPC] Fix off-by-one error in setting decrementer on Book E/4xx (v2)
[POWERPC] Fix switch_slb handling of 1T ESID values
[POWERPC] Fix build failure when CONFIG_VIRT_CPU_ACCOUNTING is not defined
[POWERPC] Include udbg.h when using udbg_printf
[POWERPC] Fix cache line vs. block size confusion
[POWERPC] Fix sysctl table check failure on PowerMac
...
Alan Cox [Wed, 7 Nov 2007 16:53:00 +0000 (16:53 +0000)]
frv: Remove bogus NO_IRQ = -1 define
The old NO_IRQ define some platforms had was long ago declared obsolete
and wrong. FRV should therefore not be re-introducing this, especially as
IRQs are usually unsigned in the kernel. The "no IRQ" case is defined to be
zero and Linus made this rather clear at the time.
arch/frv shows no dependancy on this but it might show up driver fixes
needing doing I guess
Signed-off-by: Alan Cox <alan@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 9 Nov 2007 23:08:37 +0000 (15:08 -0800)]
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Use "is_power_of_2" macro for simplicity.
[SPARC]: Remove duplicate includes.
Linus Torvalds [Fri, 9 Nov 2007 23:02:43 +0000 (15:02 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux: add more validity checks on policy load
SELinux: fix bug in new ebitmap code.
SELinux: suppress a warning for 64k pages.
Peter Zijlstra [Fri, 9 Nov 2007 21:39:39 +0000 (22:39 +0100)]
sched: avoid large irq-latencies in smp-balancing
SMP balancing is done with IRQs disabled and can iterate the full rq.
When rqs are large this can cause large irq-latencies. Limit the nr of
iterations on each run.
This fixes a scheduling latency regression reported by the -rt folks.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Steven Rostedt <rostedt@goodmis.org> Tested-by: Gregory Haskins <ghaskins@novell.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
sched: fix copy_namespace() <-> sched_fork() dependency in do_fork
Sukadev Bhattiprolu reported a kernel crash with control groups.
There are couple of problems discovered by Suka's test:
- The test requires the cgroup filesystem to be mounted with
atleast the cpu and ns options (i.e both namespace and cpu
controllers are active in the same hierarchy).
# mkdir /dev/cpuctl
# mount -t cgroup -ocpu,ns none cpuctl
(or simply)
# mount -t cgroup none cpuctl -> Will activate all controllers
in same hierarchy.
- The test invokes clone() with CLONE_NEWNS set. This causes a a new child
to be created, also a new group (do_fork->copy_namespaces->ns_cgroup_clone->
cgroup_clone) and the child is attached to the new group (cgroup_clone->
attach_task->sched_move_task). At this point in time, the child's scheduler
related fields are uninitialized (including its on_rq field, which it has
inherited from parent). As a result sched_move_task thinks its on
runqueue, when it isn't.
As a solution to this problem, I moved sched_fork() call, which
initializes scheduler related fields on a new task, before
copy_namespaces(). I am not sure though whether moving up will
cause other side-effects. Do you see any issue?
- The second problem exposed by this test is that task_new_fair()
assumes that parent and child will be part of the same group (which
needn't be as this test shows). As a result, cfs_rq->curr can be NULL
for the child.
The solution is to test for curr pointer being NULL in
task_new_fair().
With the patch below, I could run ns_exec() fine w/o a crash.