tjh.dev
commits
Use the right register to stop broadcast/multicast traffic.
Signed-off-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fixed by including <linux/dma-mapping.h>:
CC drivers/net/au1000_eth.o
drivers/net/au1000_eth.c: In function 'au1000_probe':
drivers/net/au1000_eth.c:661: warning: implicit declaration of function 'dma_alloc_noncoherent'
drivers/net/au1000_eth.c:802: warning: implicit declaration of function 'dma_free_noncoherent'
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Force irq migration path during cpu offline, is not using proper locks and
irq_chip mask/unmask routines. This will result in some races(especially
the device generating the interrupt can see some inconsistent state,
resulting in issues like stuck irq,..).
Appended patch fixes the issue by taking proper lock and encapsulating
irq_chip set_affinity() with a mask() before and an unmask() after.
This fixes a MSI irq stuck issue reported by Darrick Wong.
There are several more general bugs in this area(irq migration in the
process context). For example,
1. Possibility of missing edge triggered irq.
2. Reliable method of migrating level triggered irq in the process context.
We plan to look and close these in the near future.
Eric says:
In addition even with the fix from Suresh there is still at least one
nasty hardware race in fixup_irqs(). However we exercise that code
path rarely enough that we are unlikely to hit it in the real world,
and that race seems to have existed since the code was merged. And a
fix for that is not coming soon as it is an open investigation area
if we can fix irq migration to work outside of irq context or if
we have to rework the requirements imposed by the generic cpu hotplug
and layer on fixup_irqs(). So this may come up again.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Reported-and-tested-by: Darrick Wong <djwong@us.ibm.com>
Cc: Andi Kleen <ak@suse.de>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
set the irq_chip name for lapic.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 4449/1: more entries in arch/arm/boot/.gitignore
[ARM] 4452/1: Force the literal pool dump before reloc_end
[ARM] Update show_regs/oops register format
[ARM] Add support for pause_on_oops and display preempt/smp options
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Count timer interrupts correctly.
[MIPS] SMTC and non-SMTC kernel and modules are incompatible
[MIPS] EMMA2RH: Disable GEN_RTC, it can't possibly work.
[MIPS] Remove a duplicated local variable in test_and_clear_bit()
[MIPS] use compat_siginfo in rt_sigframe_n32
[MIPS] 20K: Handle WAIT related bugs according to errata information
[MIPS] AP/SP requires shadow registers, auto enable support.
[MIPS] Fix pb1500 reg B access
[MIPS] Alchemy: Fix wrong cast
[MIPS] remove "support for" from system type entry
[MIPS] add io_map_base to pci_controller on Cobalt
[MIPS] __ucmpdi2 arguments are unsigned long long.
Signed-off-by: Nicolas Pitre <npitre@mvista.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix subtle FP state corruption bug in signal return on SMP
[POWERPC] Fix VDSO gettimeofday() when called with NULL struct timeval
[POWERPC] Update defconfigs
[POWERPC] Update g5_defconfig
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
In the arch/arm/boot/compressed/head.S file, the contents of the
literal pool accumulated during the relocatable code must be dumped
before reloc_end.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: ftdio_sio: New IPlus device ID
USB: add new device id to option driver
USB: fix race leading to use after free in io_edgeport
USB: usblcd doesn't limit memory consumption during write
USB: memory leak in iowarrior.c
USB: ti serial driver sleeps with spinlock held
USB: g_file_storage: call allow_signal()
This fixes a bug which can cause corruption of the floating-point state
on return from a signal handler. If we have a signal handler that has
used the floating-point registers, and it happens to context-switch to
another task while copying the interrupted floating-point state from the
user stack into the thread struct (e.g. because of a page fault, or
because it gets preempted), the context switch code will think that the
FP registers contain valid FP state that needs to be copied into the
thread_struct, and will thus overwrite the values that the signal return
code has put into the thread_struct.
This can occur because we clear the MSR bits that indicate the presence
of valid FP state after copying the state into the thread_struct. To fix
this we just move the clearing of the MSR bits to before the copy. A
similar potential problem also occurs with the Altivec state, and this
fixes that in the same way.
Signed-off-by: Paul Mackerras <paulus@samba.org>
So don't allow mixing.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Add the kernel release and version information to the output of
show_regs/oops. Add the CPU PSR register. Avoid using printk
to output partial lines; always output a complete line.
Re-combine the "Control" and "Table + DAC" lines after nommu
separated them; we don't want to waste vertical screen space
needlessly.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
wrmsrl() is broken, dropping the upper 32bits of the value to be
written. This broke the NMI watchdog on AMD hardware. (and it
probably broke other code too.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported by Grzegorz Chimosz <gchimi@gmail.com>
Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Consider the prototype for gettimeofday():
int gettimofday(struct timeval *tv, struct timezone *tz);
Although it is valid to call with /either/ tv or tz being NULL, and
the C version of sys_gettimeofday() supports this, the current version
of gettimeofday() in the VDSO will SEGV if called with a NULL tv.
This adds a check for tv being NULL so that it doesn't SEGV.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Neither rtc_mips_get_time nor rtc_mips_set_time are being initialized by
the EMMA2RH setup code, so genrtc at best was a RTC dummy avoiding a few
error messages but not providing actual functionality.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Add calls to oops_enter() and oops_exit() to __die(), so that
things like lockdep know when an oops occurs.
Add suffixes to the oops report to indicate whether the running
kernel has been built with preempt or smp support.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Matthias Urlichs <smurf@smurf.noris.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Fix a sparse warning caused by 2c921d07f8c641e691b0dfd80a5cfe14c60ec489
include2/asm/bitops.h:313:23: warning: symbol 'res' shadows an earlier one
include2/asm/bitops.h:309:16: originally declared here
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The manatees, they are dancing!
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The return value of futex_find_get_task() needs to be -ESRCH in case
that the search fails. This was part of the original futex fixes and
got accidentally dropped, when the futex-tidy-up patch was split out.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stable Team <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
usb_unlink_urb() is asynchronous, therefore an URB's buffer may not
be freed without waiting for the completion handler. This patch switches
to usb_kill_urb(), which is synchronous.
Thanks to Alan for making me look at the remaining users of usb_unlink_urb()
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Update the g5_defconfig with default settings.
This is to keep things up to date, and specifically to ensure that the
CONFIG_MACINTOSH_DRIVERS option is enabled. This also turns on
CONFIG_MSI.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Pavel Kiryukhin <vksavl@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Some user space tools need to identify SYSV shared memory when examining
/proc/<pid>/maps. To do so they look for a block device with major zero, a
dentry named SYSV<sysv key>, and having the minor of the internal sysv
shared memory kernel mount.
To help these tools and to make it easier for people just browsing
/proc/<pid>/maps this patch modifies hugetlb sysv shared memory to use the
SYSV<key> dentry naming convention.
User space tools will still have to be aware that hugetlb sysv shared
memory lives on a different internal kernel mount and so has a different
block device minor number from the rest of sysv shared memory.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Albert Cahalan <acahalan@gmail.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Make skb_seq_read unmap the last fragment
[NET]: Re-enable irqs before pushing pending DMA requests
[TCP] tcp_read_sock: Allow recv_actor() return return negative error value.
[PPP]: Fix osize too small errors when decoding mppe.
[PPP]: Revert 606f585e363527da9feaed79465132c0c661fd9e
[TIPC]: Fix infinite loop in netlink handler
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
[IPV4]: include sysctl.h from inetdevice.h
[IPV6] NDISC: Fix thinko to control Router Preference support.
[NETFILTER]: nfctnetlink: Don't allow to change helper
[NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
usblcd currently has no way to limit memory consumption by fast writers.
This is a security problem, as it allows users with write access to this
device to drive the system into oom despite resource limits.
Here's the fix taken from the modern skeleton driver.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
We used to avoid the WAIT entirely on the 20K but really only need to do
this on early revs of the 20K. Without this a 20K was a bit of a
power hog. Well, in the lower power power hog category ;-)
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Here's another breakage as a result of shared memory stacked files :(
The NUMA policy for a VMA is determined by checking the following (in the
order given):
1) vma->vm_ops->get_policy() (if defined)
2) vma->vm_policy (if defined)
3) task->mempolicy (if defined)
4) Fall back to default_policy
By switching to stacked files for shared memory, get_policy() is now always
set to shm_get_policy which is a wrapper function. This causes us to stop
at step 1, which yields NULL for hugetlb instead of task->mempolicy which
was the previous (and correct) result.
This patch modifies the shm_get_policy() wrapper to maintain steps 1-3 for
the wrapped vm_ops.
(akpm: the refcounting of mempolicies is busted and this patch does nothing to
improve it)
Signed-off-by: Adam Litke <agl@us.ibm.com>
Acked-by: William Irwin <bill.irwin@oracle.com>
Cc: dean gaudet <dean@arctic.org>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Andi Kleen <ak@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Register %ebx serves as the "global offset table base register" for
position-independent code. For absolute code, %ebx serves as a local
register and has no specified role in the function calling sequence. In
either case, a function must preserve the register value for the caller.
acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt
the called data.
Kevin found that most time the value of Sx is saved in %esi, however
sometimes compiler also uses %ebx. When this happens, suspends fails since
sleep value in ebx is changed by acpi_copy_wakeup_routine.
The same funtion in X86_64 doesn't have this problem.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Looks-okay-to: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Having walked through the entire skbuff, skb_seq_read would leave the
last fragment mapped. As a consequence, the unwary caller would leak
kmaps, and proceed with preempt_count off by one. The only (kind of
non-intuitive) workaround is to use skb_seq_read_abort.
This patch makes sure skb_seq_read always unmaps frag_data after
having cycled through the skb's paged part.
Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
this is a classical memory leak in the ioctl handler. The buffer is simply
never freed. This fixes it the obvious way.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Noticed by Chris Dearman (chris@mips.com).
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
We have to take care that when we call udf_discard_prealloc() from
udf_clear_inode() we have to write inode ourselves afterwards (otherwise,
some changes might be lost leading to leakage of blocks, use of free blocks
or improperly aligned extents).
Also udf_discard_prealloc() does two different things - it removes
preallocated blocks and truncates the last extent to exactly match i_size.
We move the latter functionality to udf_truncate_tail_extent(), call
udf_discard_prealloc() when last reference to a file is dropped and call
udf_truncate_tail_extent() when inode is being removed from inode cache
(udf_clear_inode() call).
We cannot call udf_truncate_tail_extent() earlier as subsequent open+write
would find the last block of the file mapped and happily write to the end
of it, although the last extent says it's shorter.
[akpm@linux-foundation.org: Make checkpatch.pl happier]
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Eric Sandeen <sandeen@sandeen.net>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
One of error path in ext4_read_inode() leaks bh since brelse is forgoten.
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Acked-by: Vasily Averin <vvs@sw.ru>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This moves the local_irq_enable() call in net_rx_action() to before
calling the CONFIG_NET_DMA's dma_async_memcpy_issue_pending() rather
than after. This shortens the irq disabled window and allows for DMA
drivers that need to do their own irq hold.
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
you are submitting an URB with GFP_KERNEL holding a spinlock.
In this case the spinlock can be dropped earlier.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
au_readl() is correct here.
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
If ARCH_KMALLOC_MINALIGN is set to a value greater than 8 (SLUBs smallest
kmalloc cache) then SLUB may generate duplicate slabs in sysfs (yes again)
because the object size is padded to reach ARCH_KMALLOC_MINALIGN. Thus the
size of the small slabs is all the same.
No arch sets ARCH_KMALLOC_MINALIGN larger than 8 though except mips which
for some reason wants a 128 byte alignment.
This patch increases the size of the smallest cache if
ARCH_KMALLOC_MINALIGN is greater than 8. In that case more and more of the
smallest caches are disabled.
If we do that then the count of the active general caches that is displayed
on boot is not correct anymore since we may skip elements of the kmalloc
array. So count them separately.
This approach was tested by Havard yesterday.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
One of error path in ext3_read_inode() leaks bh since brelse is forgoten.
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Acked-by: Vasily Averin <vvs@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
tcp_read_sock() currently assumes that the recv_actor() only returns
number of bytes copied. For network splice receive, we may have to
return an error in some cases. So allow the actor to return a negative
error value.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
New changes in the signal-handling code require compensating changes
in g_file_storage. This patch (as913) by Oleg Nesterov makes the
code use allow_signal() instead of sigprocmask().
From: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Some changes done a while ago to avoid pounding on ptep_set_access_flags and
update_mmu_cache in some race situations break sun4c which requires
update_mmu_cache() to always be called on minor faults.
This patch reworks ptep_set_access_flags() semantics, implementations and
callers so that it's now responsible for returning whether an update is
necessary or not (basically whether the PTE actually changed). This allow
fixing the sparc implementation to always return 1 on sun4c.
[akpm@linux-foundation.org: fixes, cleanups]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: David Miller <davem@davemloft.net>
Cc: Mark Fortescue <mark@mtfhpc.demon.co.uk>
Acked-by: William Lee Irwin III <wli@holomorphy.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Removing a watched file will oops if audit is disabled (auditctl -e 0).
To reproduce:
- auditctl -e 1
- touch /tmp/foo
- auditctl -w /tmp/foo
- auditctl -e 0
- rm /tmp/foo (or mv)
Signed-off-by: Tony Jones <tonyj@suse.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The mppe_decompress() function required a buffer that is 1 byte too
small when receiving a message of mru size. This fixes buffer
allocation to prevent this from occurring.
Signed-off-by: Konstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
(As reported by linux@horizon.com)
Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output. The result of
this bug is that 16 out of 80 bits are un-folded. Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yan Zheng pointed out that ext2_remount lacks checking if -o xip should be
enabled or not. This patch checks for presence of direct_access on the
backing block device and if the blocksize meets the requirements.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Cc: Yan Zheng <yanzheng@21cn.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This can cause packet buffer overflows in certain cases,
the real bug will be fixed differently in a followon
changeset.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The x86_64 a.out.h got a definition of STACK_TOP_MAX, which interferes with
the UML version. So, just undef it like STACK_TOP.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Background:
When a userspace application wants to know about machine check events, it
opens /dev/mcelog and does a read(). Usually, we found that this interface
works well, but in some cases, when the system was taking large numbers of
machine check exceptions, the read() would hang. The system would output a
soft-lockup warning, and the daemon reading from /dev/mcelog would suck up
as much of a single CPU as it could spinning in system space.
Description:
This patch fixes this bug. In particular, there was a "continue" inside a
timeout loop that presumably was intended to break out of the outer loop,
but instead caused the inner loop to continue. This patch also makes the
condition for the break-out a little more evident by changing a
!time_before to a time_after_eq.
Result:
The read() no longer hangs in this test case.
Testing:
On my system, I could replicate the bug with the following command:
# for i in `seq 15000`; do ./inject_sbe.sh; done
where inject_sbe.sh contains commands to inject a single-bit error into the
next memory write transaction.
Patch:
This patch is against git f1518a088bde6aea49e7c472ed6ab96178fcba3e.
Signed-off-by: Joshua Wise <jwise@google.com>
Signed-off-by: Tim Hockin <thockin@google.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The tipc netlink config handler uses the nlmsg_pid from the
request header as destination for its reply. If the application
initialized nlmsg_pid to 0, the reply is looped back to the kernel,
causing hangup. Fix: use nlmsg_pid of the skb that triggered the
request.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reported by Eugene Surovegin <ebs@ebshome.net>.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Distros seem to be removing PAGE_SIZE from asm/page.h. So, the libc side of
UML should stop using it.
I replace it with UM_KERN_PAGE_SIZE, which is defined to be the same as
PAGE_SIZE on the kernel side of the house. I could also use getpagesize(),
but it's more important that UML have the same value of PAGE_SIZE everywhere.
It's conceivable that it could be built with a larger PAGE_SIZE, and use of
getpagesize() would break that badly.
PAGE_MASK got the same treatment, as it is closely tied to PAGE_SIZE.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fixed by including <linux/dma-mapping.h>:
CC drivers/net/au1000_eth.o
drivers/net/au1000_eth.c: In function 'au1000_probe':
drivers/net/au1000_eth.c:661: warning: implicit declaration of function 'dma_alloc_noncoherent'
drivers/net/au1000_eth.c:802: warning: implicit declaration of function 'dma_free_noncoherent'
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Force irq migration path during cpu offline, is not using proper locks and
irq_chip mask/unmask routines. This will result in some races(especially
the device generating the interrupt can see some inconsistent state,
resulting in issues like stuck irq,..).
Appended patch fixes the issue by taking proper lock and encapsulating
irq_chip set_affinity() with a mask() before and an unmask() after.
This fixes a MSI irq stuck issue reported by Darrick Wong.
There are several more general bugs in this area(irq migration in the
process context). For example,
1. Possibility of missing edge triggered irq.
2. Reliable method of migrating level triggered irq in the process context.
We plan to look and close these in the near future.
Eric says:
In addition even with the fix from Suresh there is still at least one
nasty hardware race in fixup_irqs(). However we exercise that code
path rarely enough that we are unlikely to hit it in the real world,
and that race seems to have existed since the code was merged. And a
fix for that is not coming soon as it is an open investigation area
if we can fix irq migration to work outside of irq context or if
we have to rework the requirements imposed by the generic cpu hotplug
and layer on fixup_irqs(). So this may come up again.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Reported-and-tested-by: Darrick Wong <djwong@us.ibm.com>
Cc: Andi Kleen <ak@suse.de>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Count timer interrupts correctly.
[MIPS] SMTC and non-SMTC kernel and modules are incompatible
[MIPS] EMMA2RH: Disable GEN_RTC, it can't possibly work.
[MIPS] Remove a duplicated local variable in test_and_clear_bit()
[MIPS] use compat_siginfo in rt_sigframe_n32
[MIPS] 20K: Handle WAIT related bugs according to errata information
[MIPS] AP/SP requires shadow registers, auto enable support.
[MIPS] Fix pb1500 reg B access
[MIPS] Alchemy: Fix wrong cast
[MIPS] remove "support for" from system type entry
[MIPS] add io_map_base to pci_controller on Cobalt
[MIPS] __ucmpdi2 arguments are unsigned long long.
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: ftdio_sio: New IPlus device ID
USB: add new device id to option driver
USB: fix race leading to use after free in io_edgeport
USB: usblcd doesn't limit memory consumption during write
USB: memory leak in iowarrior.c
USB: ti serial driver sleeps with spinlock held
USB: g_file_storage: call allow_signal()
This fixes a bug which can cause corruption of the floating-point state
on return from a signal handler. If we have a signal handler that has
used the floating-point registers, and it happens to context-switch to
another task while copying the interrupted floating-point state from the
user stack into the thread struct (e.g. because of a page fault, or
because it gets preempted), the context switch code will think that the
FP registers contain valid FP state that needs to be copied into the
thread_struct, and will thus overwrite the values that the signal return
code has put into the thread_struct.
This can occur because we clear the MSR bits that indicate the presence
of valid FP state after copying the state into the thread_struct. To fix
this we just move the clearing of the MSR bits to before the copy. A
similar potential problem also occurs with the Altivec state, and this
fixes that in the same way.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Add the kernel release and version information to the output of
show_regs/oops. Add the CPU PSR register. Avoid using printk
to output partial lines; always output a complete line.
Re-combine the "Control" and "Table + DAC" lines after nommu
separated them; we don't want to waste vertical screen space
needlessly.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Consider the prototype for gettimeofday():
int gettimofday(struct timeval *tv, struct timezone *tz);
Although it is valid to call with /either/ tv or tz being NULL, and
the C version of sys_gettimeofday() supports this, the current version
of gettimeofday() in the VDSO will SEGV if called with a NULL tv.
This adds a check for tv being NULL so that it doesn't SEGV.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
The manatees, they are dancing!
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The return value of futex_find_get_task() needs to be -ESRCH in case
that the search fails. This was part of the original futex fixes and
got accidentally dropped, when the futex-tidy-up patch was split out.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stable Team <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
usb_unlink_urb() is asynchronous, therefore an URB's buffer may not
be freed without waiting for the completion handler. This patch switches
to usb_kill_urb(), which is synchronous.
Thanks to Alan for making me look at the remaining users of usb_unlink_urb()
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Update the g5_defconfig with default settings.
This is to keep things up to date, and specifically to ensure that the
CONFIG_MACINTOSH_DRIVERS option is enabled. This also turns on
CONFIG_MSI.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Some user space tools need to identify SYSV shared memory when examining
/proc/<pid>/maps. To do so they look for a block device with major zero, a
dentry named SYSV<sysv key>, and having the minor of the internal sysv
shared memory kernel mount.
To help these tools and to make it easier for people just browsing
/proc/<pid>/maps this patch modifies hugetlb sysv shared memory to use the
SYSV<key> dentry naming convention.
User space tools will still have to be aware that hugetlb sysv shared
memory lives on a different internal kernel mount and so has a different
block device minor number from the rest of sysv shared memory.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Albert Cahalan <acahalan@gmail.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Make skb_seq_read unmap the last fragment
[NET]: Re-enable irqs before pushing pending DMA requests
[TCP] tcp_read_sock: Allow recv_actor() return return negative error value.
[PPP]: Fix osize too small errors when decoding mppe.
[PPP]: Revert 606f585e363527da9feaed79465132c0c661fd9e
[TIPC]: Fix infinite loop in netlink handler
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
[IPV4]: include sysctl.h from inetdevice.h
[IPV6] NDISC: Fix thinko to control Router Preference support.
[NETFILTER]: nfctnetlink: Don't allow to change helper
[NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
usblcd currently has no way to limit memory consumption by fast writers.
This is a security problem, as it allows users with write access to this
device to drive the system into oom despite resource limits.
Here's the fix taken from the modern skeleton driver.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Here's another breakage as a result of shared memory stacked files :(
The NUMA policy for a VMA is determined by checking the following (in the
order given):
1) vma->vm_ops->get_policy() (if defined)
2) vma->vm_policy (if defined)
3) task->mempolicy (if defined)
4) Fall back to default_policy
By switching to stacked files for shared memory, get_policy() is now always
set to shm_get_policy which is a wrapper function. This causes us to stop
at step 1, which yields NULL for hugetlb instead of task->mempolicy which
was the previous (and correct) result.
This patch modifies the shm_get_policy() wrapper to maintain steps 1-3 for
the wrapped vm_ops.
(akpm: the refcounting of mempolicies is busted and this patch does nothing to
improve it)
Signed-off-by: Adam Litke <agl@us.ibm.com>
Acked-by: William Irwin <bill.irwin@oracle.com>
Cc: dean gaudet <dean@arctic.org>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Andi Kleen <ak@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Register %ebx serves as the "global offset table base register" for
position-independent code. For absolute code, %ebx serves as a local
register and has no specified role in the function calling sequence. In
either case, a function must preserve the register value for the caller.
acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt
the called data.
Kevin found that most time the value of Sx is saved in %esi, however
sometimes compiler also uses %ebx. When this happens, suspends fails since
sleep value in ebx is changed by acpi_copy_wakeup_routine.
The same funtion in X86_64 doesn't have this problem.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Looks-okay-to: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Having walked through the entire skbuff, skb_seq_read would leave the
last fragment mapped. As a consequence, the unwary caller would leak
kmaps, and proceed with preempt_count off by one. The only (kind of
non-intuitive) workaround is to use skb_seq_read_abort.
This patch makes sure skb_seq_read always unmaps frag_data after
having cycled through the skb's paged part.
Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We have to take care that when we call udf_discard_prealloc() from
udf_clear_inode() we have to write inode ourselves afterwards (otherwise,
some changes might be lost leading to leakage of blocks, use of free blocks
or improperly aligned extents).
Also udf_discard_prealloc() does two different things - it removes
preallocated blocks and truncates the last extent to exactly match i_size.
We move the latter functionality to udf_truncate_tail_extent(), call
udf_discard_prealloc() when last reference to a file is dropped and call
udf_truncate_tail_extent() when inode is being removed from inode cache
(udf_clear_inode() call).
We cannot call udf_truncate_tail_extent() earlier as subsequent open+write
would find the last block of the file mapped and happily write to the end
of it, although the last extent says it's shorter.
[akpm@linux-foundation.org: Make checkpatch.pl happier]
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Eric Sandeen <sandeen@sandeen.net>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
One of error path in ext4_read_inode() leaks bh since brelse is forgoten.
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Acked-by: Vasily Averin <vvs@sw.ru>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This moves the local_irq_enable() call in net_rx_action() to before
calling the CONFIG_NET_DMA's dma_async_memcpy_issue_pending() rather
than after. This shortens the irq disabled window and allows for DMA
drivers that need to do their own irq hold.
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If ARCH_KMALLOC_MINALIGN is set to a value greater than 8 (SLUBs smallest
kmalloc cache) then SLUB may generate duplicate slabs in sysfs (yes again)
because the object size is padded to reach ARCH_KMALLOC_MINALIGN. Thus the
size of the small slabs is all the same.
No arch sets ARCH_KMALLOC_MINALIGN larger than 8 though except mips which
for some reason wants a 128 byte alignment.
This patch increases the size of the smallest cache if
ARCH_KMALLOC_MINALIGN is greater than 8. In that case more and more of the
smallest caches are disabled.
If we do that then the count of the active general caches that is displayed
on boot is not correct anymore since we may skip elements of the kmalloc
array. So count them separately.
This approach was tested by Havard yesterday.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
tcp_read_sock() currently assumes that the recv_actor() only returns
number of bytes copied. For network splice receive, we may have to
return an error in some cases. So allow the actor to return a negative
error value.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
New changes in the signal-handling code require compensating changes
in g_file_storage. This patch (as913) by Oleg Nesterov makes the
code use allow_signal() instead of sigprocmask().
From: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Some changes done a while ago to avoid pounding on ptep_set_access_flags and
update_mmu_cache in some race situations break sun4c which requires
update_mmu_cache() to always be called on minor faults.
This patch reworks ptep_set_access_flags() semantics, implementations and
callers so that it's now responsible for returning whether an update is
necessary or not (basically whether the PTE actually changed). This allow
fixing the sparc implementation to always return 1 on sun4c.
[akpm@linux-foundation.org: fixes, cleanups]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: David Miller <davem@davemloft.net>
Cc: Mark Fortescue <mark@mtfhpc.demon.co.uk>
Acked-by: William Lee Irwin III <wli@holomorphy.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Removing a watched file will oops if audit is disabled (auditctl -e 0).
To reproduce:
- auditctl -e 1
- touch /tmp/foo
- auditctl -w /tmp/foo
- auditctl -e 0
- rm /tmp/foo (or mv)
Signed-off-by: Tony Jones <tonyj@suse.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(As reported by linux@horizon.com)
Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output. The result of
this bug is that 16 out of 80 bits are un-folded. Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yan Zheng pointed out that ext2_remount lacks checking if -o xip should be
enabled or not. This patch checks for presence of direct_access on the
backing block device and if the blocksize meets the requirements.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Cc: Yan Zheng <yanzheng@21cn.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Background:
When a userspace application wants to know about machine check events, it
opens /dev/mcelog and does a read(). Usually, we found that this interface
works well, but in some cases, when the system was taking large numbers of
machine check exceptions, the read() would hang. The system would output a
soft-lockup warning, and the daemon reading from /dev/mcelog would suck up
as much of a single CPU as it could spinning in system space.
Description:
This patch fixes this bug. In particular, there was a "continue" inside a
timeout loop that presumably was intended to break out of the outer loop,
but instead caused the inner loop to continue. This patch also makes the
condition for the break-out a little more evident by changing a
!time_before to a time_after_eq.
Result:
The read() no longer hangs in this test case.
Testing:
On my system, I could replicate the bug with the following command:
# for i in `seq 15000`; do ./inject_sbe.sh; done
where inject_sbe.sh contains commands to inject a single-bit error into the
next memory write transaction.
Patch:
This patch is against git f1518a088bde6aea49e7c472ed6ab96178fcba3e.
Signed-off-by: Joshua Wise <jwise@google.com>
Signed-off-by: Tim Hockin <thockin@google.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The tipc netlink config handler uses the nlmsg_pid from the
request header as destination for its reply. If the application
initialized nlmsg_pid to 0, the reply is looped back to the kernel,
causing hangup. Fix: use nlmsg_pid of the skb that triggered the
request.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Distros seem to be removing PAGE_SIZE from asm/page.h. So, the libc side of
UML should stop using it.
I replace it with UM_KERN_PAGE_SIZE, which is defined to be the same as
PAGE_SIZE on the kernel side of the house. I could also use getpagesize(),
but it's more important that UML have the same value of PAGE_SIZE everywhere.
It's conceivable that it could be built with a larger PAGE_SIZE, and use of
getpagesize() would break that badly.
PAGE_MASK got the same treatment, as it is closely tied to PAGE_SIZE.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>