1. 15 May, 2006 23 commits
    • Latchesar Ionkov's avatar
      [PATCH] v9fs: Twalk memory leak · 343f1fe6
      Latchesar Ionkov authored
      v9fs leaks memory if the file server responds with Rerror to a Twalk
      message.  The patch fixes the leak.
      Signed-off-by: default avatarLatchesar Ionkov <lucho@ionkov.net>
      Cc: Eric Van Hensbergen <ericvh@hera.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      343f1fe6
    • Richard Purdie's avatar
      [PATCH] LED: Fix sysfs store function error handling · 3dc7b82e
      Richard Purdie authored
      Fix the error handling of some LED _store functions.  This corrects them to
      return -EINVAL if the value is not numeric with an optional byte of trailing
      whitespace.
      Signed-off-by: default avatarRichard Purdie <rpurdie@rpsys.net>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      3dc7b82e
    • Richard Purdie's avatar
      [PATCH] LED: Add maintainer entry for the LED subsystem · 263de9b5
      Richard Purdie authored
      Add a MAINTAINERS entry for the LED subsystem.
      Signed-off-by: default avatarRichard Purdie <rpurdie@rpsys.net>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      263de9b5
    • Richard Purdie's avatar
      [PATCH] Backlight/LCD Class: Fix sysfs _store error handling · 68673afd
      Richard Purdie authored
      The backlight and LCD class _store functions currently accept values like "34
      some random strings" without error.  This corrects them to return -EINVAL if
      the value is not numeric with an optional byte of trailing whitespace.
      Signed-off-by: default avatarRichard Purdie <rpurdie@rpsys.net>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      68673afd
    • Richard Purdie's avatar
      [PATCH] LED: Improve Kconfig information · a8d2e7d9
      Richard Purdie authored
      Improve the NEW_LEDS Kconfig information to say what it does as well as what
      it doesn't.
      Signed-off-by: default avatarRichard Purdie <rpurdie@rpsys.net>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      a8d2e7d9
    • Mike Kravetz's avatar
      [PATCH] add slab_is_available() routine for boot code · 39d24e64
      Mike Kravetz authored
      slab_is_available() indicates slab based allocators are available for use.
      SPARSEMEM code needs to know this as it can be called at various times
      during the boot process.
      Signed-off-by: default avatarMike Kravetz <kravetz@us.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      39d24e64
    • Jan Niehusmann's avatar
      [PATCH] smbfs: Fix slab corruption in samba error path · 48564e62
      Jan Niehusmann authored
      Yesterday, I got the following error with 2.6.16.13 during a file copy from
      a smb filesystem over a wireless link.  I guess there was some error on the
      wireless link, which in turn caused an error condition for the smb
      filesystem.
      
      In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also
      shows up in the slab dumps, and also is -ERESTARTSYS.  Error code 27499
      corresponds to 0x6b6b, so the rq_errno field seems to be the only one being
      set after freeing the slab.
      
      In smb_add_request (which is the only place in smbfs where I found
      ERESTARTSYS), I found the following:
      
              if (!timeleft || signal_pending(current)) {
                      /*
                       * On timeout or on interrupt we want to try and remove the
                       * request from the recvq/xmitq.
                       */
                      smb_lock_server(server);
                      if (!(req->rq_flags & SMB_REQ_RECEIVED)) {
                              list_del_init(&req->rq_queue);
                              smb_rput(req);
                      }
                      smb_unlock_server(server);
              }
      	[...]
              if (signal_pending(current))
                      req->rq_errno = -ERESTARTSYS;
      
      I guess that some codepath like smbiod_flush() caused the request to be
      removed from the queue, and smb_rput(req) be called, without
      SMB_REQ_RECEIVED being set.  This violates an asumption made by the quoted
      code.
      
      Then, the above code calls smb_rput(req) again, the req gets freed, and
      req->rq_errno = -ERESTARTSYS writes into the already freed slab.  As
      list_del_init doesn't cause an error if called multiple times, that does
      cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS).
      
      If this observation is correct, the following patch should fix it.
      
      I wonder why the smb code uses list_del_init everywhere - using list_del
      instead would catch such situations by poisoning the next and prev
      pointers.
      
      May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected.  Restarting.
      May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured.
      May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected.  Restarting.
      May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists.
      May  4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5)
      May  4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b
      May  4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244
      May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
      May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
      May  4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff
      May  4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244
      May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
      May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5)
      May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected.  Restarting.
      May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists.
      May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected.  Restarting.
      May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists.
      May  4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b
      May  4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244
      May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
      May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
      May  4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff
      May  4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244
      May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
      May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5)
      May  4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b
      May  4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244
      May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
      May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
      May  4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff
      May  4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244
      May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
      May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
      May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
      May  4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5)
      May  4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784
      May  4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784
      Signed-off-by: default avatarJan Niehusmann <jan@gondor.com>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      48564e62
    • Marcelo Tosatti's avatar
      [PATCH] Marcelo has moved · 2e367a82
      Marcelo Tosatti authored
      Signed-off-by: default avatarMarcelo Tosatti <marcelo@kvack.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      2e367a82
    • Trent Piepho's avatar
      [PATCH] symbol_put_addr() locks kernel · 5e376613
      Trent Piepho authored
      Even since a previous patch:
      
      Fix race between CONFIG_DEBUG_SLABALLOC and modules
      Sun, 27 Jun 2004 17:55:19 +0000 (17:55 +0000)
      http://www.kernel.org/git/?p=linux/kernel/git/torvalds/old-2.6-bkcvs.git;a=commit;h=92b3db26d31cf21b70e3c1eadc56c179506d8fbe
      
      The function symbol_put_addr() will deadlock the kernel.
      
      symbol_put_addr() would acquire modlist_lock, then while holding the lock call
      two functions kernel_text_address() and module_text_address() which also try
      to acquire the same lock.  This deadlocks the kernel of course.
      
      This patch changes symbol_put_addr() to not acquire the modlist_lock, it
      doesn't need it since it never looks at the module list directly.  Also, it
      now uses core_kernel_text() instead of kernel_text_address().  The latter has
      an additional check for addr inside a module, but we don't need to do that
      since we call module_text_address() (the same function kernel_text_address
      uses) ourselves.
      Signed-off-by: default avatarTrent Piepho <xyzzy@speakeasy.org>
      Cc: Zwane Mwaikambo <zwane@fsmlabs.com>
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Cc: Johannes Stezenbach <js@linuxtv.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      5e376613
    • Martin Schwidefsky's avatar
      [PATCH] s390: add vmsplice system call · 01596778
      Martin Schwidefsky authored
      Add new vmsplice system call and add missing __NR_xxx defines for
      sys_set_robust_list, sys_get_robust_list, sys_splice, sys_sync_file_range
      and sys_tee.
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      01596778
    • Mark Huang's avatar
      [PATCH] initramfs: fix CPIO hardlink check · 6a050da4
      Mark Huang authored
      Copy the filenames of hardlinks when inserting them into the hash, since
      the "name" pointer may point to scratch space (name_buf).  Not doing so
      results in corruption if the scratch space is later overwritten: the wrong
      file may be hardlinked, or, if the scratch space contains garbage, the link
      will fail and a 0-byte file will be created instead.
      Signed-off-by: default avatarMark Huang <mlhuang@cs.princeton.edu>
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      6a050da4
    • Greg Smith's avatar
      [PATCH] s390: lcs incorrect test · 698d0707
      Greg Smith authored
      While debugging why our LCS emulator is having some problems I noticed the
      following weirdness in drivers/s390/net/lcs.c routine lcs_irq.  The `if'
      statement is always true since SCHN_STAT_PCI is defined as 0x80.
      
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      698d0707
    • Andrew Morton's avatar
      [PATCH] setup_per_zone_pages_min() overflow fix · ac924c60
      Andrew Morton authored
      As pointed out in http://bugzilla.kernel.org/show_bug.cgi?id=6490, this
      function can experience overflows on 32-bit machines, causing our response to
      changed values of min_free_kbytes to go whacky.
      
      Fixing it efficiently is all too hard, so fix it with 64-bit math instead.
      
      Cc: Ake Sandgren <ake.sandgren@hpc2n.umu.se>
      Cc: Martin Bligh <mbligh@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      ac924c60
    • Heiko Carstens's avatar
      [PATCH] s390: exploit rcu_needs_cpu() interface · 5afdbd6e
      Heiko Carstens authored
      Exploit rcu_needs_cpu() interface to keep the cpu 'ticking' if necessary.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      5afdbd6e
    • Heiko Carstens's avatar
      [PATCH] RCU: introduce rcu_needs_cpu() interface · 986733e0
      Heiko Carstens authored
      With "Paul E. McKenney" <paulmck@us.ibm.com>
      
      Introduce rcu_needs_cpu() interface.  This can be used to tell if there
      will be a new rcu batch on a cpu soon by looking at the curlist pointer.
      This can be used to avoid to enter a tickless idle state where the cpu
      would miss that a new batch is ready when rcu_start_batch would be called
      on a different cpu.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      986733e0
    • Olaf Kirch's avatar
      [PATCH] smbfs chroot issue (CVE-2006-1864) · 3b7c8108
      Olaf Kirch authored
      Mark Moseley reported that a chroot environment on a SMB share can be left
      via "cd ..\\".  Similar to CVE-2006-1863 issue with cifs, this fix is for
      smbfs.
      
      Steven French <sfrench@us.ibm.com> wrote:
      
      Looks fine to me.  This should catch the slash on lookup or equivalent,
      which will be all obvious paths of interest.
      Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      3b7c8108
    • Chris Wedgwood's avatar
      [PATCH] VIA quirk fixup, additional PCI IDs · a7b862f6
      Chris Wedgwood authored
      An earlier commit (75cf7456) changed an
      overly-zealous PCI quirk to only poke those VIA devices that need it.
      However, some PCI devices were not included in what I hope is now the full
      list.  Consequently we're failing to run the quirk on all machines which need
      it, causing IRQ routing failures.
      
      This should I hope correct this.
      
      Thanks to Masoud Sharbiani <masouds@masoud.ir> for pointing this out
      and testing the fix.
      Signed-off-by: default avatarChris Wedgwood <cw@f00f.org>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      a7b862f6
    • Benjamin Herrenschmidt's avatar
      [PATCH] pcmcia Oopses fixes · 73d58588
      Benjamin Herrenschmidt authored
      Fix some NULL dereferences in the pcmcia code when using old userland
      tools.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Acked-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      73d58588
    • Kylene Jo Hall's avatar
      [PATCH] tpm: update module dependencies · 94585136
      Kylene Jo Hall authored
      The TIS driver is dependent upon information from the ACPI table for device
      discovery thus it compiles but does no actual work without this dependency.
      Signed-off-by: default avatarKylene Hall <kjhall@us.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      94585136
    • Stefan Schweizer's avatar
      [PATCH] Fix capi reload by unregistering the correct major · 90d5ede5
      Stefan Schweizer authored
      I am having the bug FATAL: Error inserting capi ([..]/capi.ko): Device or
      resource busy when I try to reload capi after loading it.  in dmesg:
      capi20: unable to get major 68
      
      Fix the issue which is caused by setting the major to zero when registering
      the chrdev succeeded.
      
      (akpm: this means that we can again not use `major=0' (dynamic major
      allocation) for this driver).
      
      Cc: Karsten Keil <kkeil@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      90d5ede5
    • Ian Kent's avatar
      [PATCH] autofs4: NFY_NONE wait race fix · a5370553
      Ian Kent authored
      This patch fixes two problems.
      
      First, the comparison of entries in the waitq.c was incorrect.
      
      Second, the NFY_NONE check was incorrect. The test of whether the dentry
      is mounted if ineffective, for example, if an expire fails then we could
      wait forever on a non existant expire. The bug was identified by Jeff
      Moyer.
      
      The patch changes autofs4 to wait on expires only as this is all that's
      needed.  If there is no existing wait when autofs4_wait is call with a type
      of NFY_NONE it delays until either a wait appears or the the expire flag is
      cleared.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      a5370553
    • Adrian Bunk's avatar
      [PATCH] fs/open.c: unexport sys_openat · 6aff5cb8
      Adrian Bunk authored
      Remove the unused EXPORT_SYMBOL_GPL(sys_openat).
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      6aff5cb8
    • Serge E. Hallyn's avatar
      [PATCH] selinux: check for failed kmalloc in security_sid_to_context() · 0cccca06
      Serge E. Hallyn authored
      Check for NULL kmalloc return value before writing to it.
      Signed-off-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
      Acked-by: default avatarJames Morris <jmorris@namei.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      0cccca06
  2. 13 May, 2006 2 commits
    • Linus Torvalds's avatar
      Revert "[PATCH] i386: export: memory more than 4G through /proc/iomem" · 9be2f7c3
      Linus Torvalds authored
      This reverts commit 10dbe196.
      
      The resource struct is still 32-bit, so trying to save a 64-bit memory
      size there obviously won't work.
      
      When we merge the 64-bit resource series, we can re-enable this.
      
      Thanks to Sachin Sant and Maneesh Soni for debugging
      
      Cc: Maneesh Soni <maneesh@in.ibm.com>
      Cc: Sachin Sant <sachinp@in.ibm.com>
      Cc: Russell King <rmk+lkml@arm.linux.org.uk>
      Cc: Sharyathi Nagesh <sharyath@in.ibm.com>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Vivek Goyal <vgoyal@in.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      9be2f7c3
    • Linus Torvalds's avatar
      Alternative fix for MMC oops on unmount after removal · 032ebf26
      Linus Torvalds authored
      Make sure to clear the driverfs_dev pointer when we do del_gendisk() (on
      disk removal), so that other users that may still have a ref to the disk
      won't try to use the stale pointer.
      
      Also move the KOBJ_REMOVE uevent handler up, so that the uevent still
      has access to the driverfs_dev data.
      
      This all should hopefully fix the problems with MMC umounts after device
      removals that caused commit 56cf6504 and
      its reversal (1a2acc9e).
      
      Original problem reported by Todd Blumer and others.
      Acked-by: default avatarGreg KH <gregkh@suse.de>
      Cc: Russell King <rmk+lkml@arm.linux.org.uk>
      Cc: James Bottomley <James.Bottomley@SteelEye.com>
      Cc: Erik Mouw <erik@harddisk-recovery.com>
      Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
      Cc: Todd Blumer <todd@sdgsystems.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      032ebf26
  3. 12 May, 2006 15 commits
    • Linus Torvalds's avatar
      Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 · 18552b8f
      Linus Torvalds authored
      * master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
        [NEIGH]: Fix IP-over-ATM and ARP interaction.
        [TG3]: ethtool always report port is TP.
      18552b8f
    • Linus Torvalds's avatar
      Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 · faa88df8
      Linus Torvalds authored
      * master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
        [SPARC]: Fix warning on prom_getproperty in openprom.c
        [SPARC]: Handle UNWIND_INFO properly.
        [SPARC64]: Update defconfig.
        [SPARC]: show device name in /proc/dvma_map
        [SPARC]: Remove duplicate symbol exports
      faa88df8
    • Sean Hefty's avatar
      IB: refcount race fixes · 1b52fa98
      Sean Hefty authored
      Fix race condition during destruction calls to avoid possibility of
      accessing object after it has been freed.  Instead of waking up a wait
      queue directly, which is susceptible to a race where the object is
      freed between the reference count going to 0 and the wake_up(), use a
      completion to wait in the function doing the freeing.
      Signed-off-by: default avatarSean Hefty <sean.hefty@intel.com>
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      1b52fa98
    • Roland Dreier's avatar
      IB/ipath: Properly terminate PCI ID table · 6f4bb3d8
      Roland Dreier authored
      The ipath driver's table of PCI IDs needs a { 0, } entry at the end.
      This makes all of the device aliases visible to userspace so hotplug
      loads the module for all supported devices.  Without the patch,
      modinfo ipath_core only shows:
      
          alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*
      
      instead of the correct:
      
          alias:          pci:v00001FC1d00000010sv*sd*bc*sc*i*
          alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      Signed-off-by: default avatarBryan O'Sullivan <bos@pathscale.com>
      6f4bb3d8
    • Simon Kelley's avatar
      [NEIGH]: Fix IP-over-ATM and ARP interaction. · bd89efc5
      Simon Kelley authored
      The classical IP over ATM code maintains its own IPv4 <-> <ATM stuff>
      ARP table, using the standard neighbour-table code. The
      neigh_table_init function adds this neighbour table to a linked list
      of all neighbor tables which is used by the functions neigh_delete()
      neigh_add() and neightbl_set(), all called by the netlink code.
      
      Once the ATM neighbour table is added to the list, there are two
      tables with family == AF_INET there, and ARP entries sent via netlink
      go into the first table with matching family. This is indeterminate
      and often wrong.
      
      To see the bug, on a kernel with CLIP enabled, create a standard IPv4
      ARP entry by pinging an unused address on a local subnet. Then attempt
      to complete that entry by doing
      
      ip neigh replace <ip address> lladdr <some mac address> nud reachable
      
      Looking at the ARP tables by using 
      
      ip neigh show
      
      will reveal two ARP entries for the same address. One of these can be
      found in /proc/net/arp, and the other in /proc/net/atm/arp.
      
      This patch adds a new function, neigh_table_init_no_netlink() which
      does everything the neigh_table_init() does, except add the table to
      the netlink all-arp-tables chain. In addition neigh_table_init() has a
      check that all tables on the chain have a distinct address family.
      The init call in clip.c is changed to call
      neigh_table_init_no_netlink().
      
      Since ATM ARP tables are rather more complicated than can currently be
      handled by the available rtattrs in the netlink protocol, no
      functionality is lost by this patch, and non-ATM ARP manipulation via
      netlink is rescued. A more complete solution would involve a rtattr
      for ATM ARP entries and some way for the netlink code to give
      neigh_add and friends more information than just address family with
      which to find the correct ARP table.
      
      [ I've changed the assertion checking in neigh_table_init() to not
        use BUG_ON() while holding neigh_tbl_lock.  Instead we remember that
        we found an existing tbl with the same family, and after dropping
        the lock we'll give a diagnostic kernel log message and a stack dump.
        -DaveM ]
      Signed-off-by: default avatarSimon Kelley <simon@thekelleys.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bd89efc5
    • Martin Habets's avatar
    • Karsten Keil's avatar
      [TG3]: ethtool always report port is TP. · ef348144
      Karsten Keil authored
      Even with fiber cards ethtool reports that the connected port is TP,
      the patch fix this.
      Signed-off-by: default avatarKarsten Keil <kkeil@suse.de>
      Acked-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef348144
    • David S. Miller's avatar
      [SPARC]: Handle UNWIND_INFO properly. · 06a1be16
      David S. Miller authored
      For sparc32 we need R_SPARC_UA32 relocation support, for
      sparc64 we need the handle R_SPARC_DISP32 relocations.
      
      Based upon reports and initial patch by Martin Habets.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06a1be16
    • Linus Torvalds's avatar
      Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6 · be1fd94f
      Linus Torvalds authored
      * master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6:
        [PATCH] scx200_acb: Fix for the CS5535 errata
        [PATCH] scx200_acb: Fix resource name use after free
        [PATCH] scx200_acb: Fix return on init error
      be1fd94f
    • Linus Torvalds's avatar
      Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6 · 0d38edda
      Linus Torvalds authored
      * master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
        [PATCH] USB: fix omninet driver bug
        [PATCH] USB: add ark3116 usb to serial driver
        [PATCH] usbserial: Fixes leak in serial_open() error path.
        [PATCH] usbserial: Fixes use-after-free in serial_open().
        [PATCH] USB: Emagic USB firmware loading fixes
        [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
        [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
        [PATCH] USB: ftdi_sio: add device id for ACT Solutions HomePro ZWave interface
        [PATCH] USB: ftdi_sio: Add support for HCG HF Dual ISO RFID Reader
        [PATCH] USB: ub oops in block_uevent
        [PATCH] USB: usbcore: don't check the device's power source
        [PATCH] USB: fix OHCI PM regression
        [PATCH] USB: pegasus fixes (logstorm, suspend)
        [PATCH] USBATM: fix modinfo output
        [PATCH] USBATM: change the default speedtouch iso altsetting
        [PATCH] USB: fix bug in ohci-hcd.c ohci_restart()
      0d38edda
    • Linus Torvalds's avatar
      Revert "[BLOCK] Fix oops on removal of SD/MMC card" · 1a2acc9e
      Linus Torvalds authored
      This reverts commit 56cf6504.
      
      Both Erik Mouw and Andrew Vasquez independently pinpointed this commit
      as causing problems, where the slab cache for a driver is never released
      (most obviously causing problems when immediately re-loading that
      driver, resulting in a "kmem_cache_create: duplicate cache <xyz>"
      message, but it can also cause other trouble).
      
      James Bottomley dug into it, and reports:
      
        "OK, here's the scoop.  The problem patch adds a get of driverfs_dev in
         add_disk(), but doesn't put it again until disk_release() (which occurs
         on final put_disk() of the gendisk).
      
         However, in SCSI, the driverfs_dev is the sdev_gendev.  That means
         there's a reference held on sdev_gendev  until final disk put.
         Unfortunately, we use the driver model driver_remove to trigger
         del_gendisk (which removes the gendisk from visibility and decrements
         the refcount), so we've introduced an unbreakable deadlock in the
         reference counting with this.
      
         I suggest simply reversing this patch at the moment.  If Russell and
         Jens can tell me what they're trying to do I'll see if there's another
         way to do it."
      
      so hereby the patch gets reverted, waiting for a better fix.
      
      Cc: Jens Axboe <axboe@suse.de>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Cc: James Bottomley <James.Bottomley@SteelEye.com>
      Cc: Erik Mouw <erik@harddisk-recovery.com>
      Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      1a2acc9e
    • Greg Kroah-Hartman's avatar
      [PATCH] USB: fix omninet driver bug · df3fccb1
      Greg Kroah-Hartman authored
      I introduced this way back in 2.6.13 when adding the port lock logic.
      This device talks out through different "ports" all at the same time, so
      the lock logic was wrong, preventing any data from ever being sent
      properly.
      
      Thanks a lot to Bernhard Reiter <bernhard@intevation.de> for being
      patient and helping with debugging this.
      
      Cc: Bernhard Reiter <bernhard@intevation.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      df3fccb1
    • Greg Kroah-Hartman's avatar
      [PATCH] USB: add ark3116 usb to serial driver · 815ddc99
      Greg Kroah-Hartman authored
      Based on Simon's original driver, with some minor code cleanups and
      tidying by me.
      
      Cc: Simon Schulz <simon@auctionant.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      815ddc99
    • Luiz Fernando Capitulino's avatar
      [PATCH] usbserial: Fixes leak in serial_open() error path. · 71a84163
      Luiz Fernando Capitulino authored
      If serial_open() fails at the port assignment or mutex_lock_interruptible()
      is interrupted, the 'serial' object will never be freed.
      
      We should call kref_put() when those errors happens.
      Signed-off-by: default avatarLuiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      71a84163
    • Luiz Fernando Capitulino's avatar
      [PATCH] usbserial: Fixes use-after-free in serial_open(). · 704936a2
      Luiz Fernando Capitulino authored
      If the device is disconnected while serial_open() is executing and
      either try_module_get() or the device specific open function fails, the
      kref_put() call in the 'bailout_kref_put' label will free the memory
      pointed out by 'port'.
      
      The subsequent dereferences in the 'bailout_kref_put' label will be
      invalid.
      
      The fix is just to assure kref_put() is called after any 'port' usage.
      Signed-off-by: default avatarLuiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      704936a2