1. 09 Mar, 2007 40 commits
    • Sam Ravnborg's avatar
      fix section mismatch warning in lockdep · 0ad1314a
      Sam Ravnborg authored
      lockdep_init() is marked __init but used in several places
      outside __init code. This causes following warnings:
      $ scripts/mod/modpost kernel/lockdep.o
      WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.lockdep_init_map after 'lockdep_init_map' (at offset 0x105)
      WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.lockdep_reset_lock after 'lockdep_reset_lock' (at offset 0x35)
      WARNING: kernel/built-in.o - Section mismatch: reference to .init.text:lockdep_init from .text.__lock_acquire after '__lock_acquire' (at offset 0xb2)
      
      The warnings are less obviously due to heavy inlining by gcc - this is not
      altered.
      
      Fix the section mismatch warnings by removing the __init marking, which
      seems obviously wrong.
      Signed-off-by: default avatarSam Ravnborg <sam@ravnborg.org>
      Acked-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      0ad1314a
    • Randy Dunlap's avatar
      ueagle-atm.c needs sched.h · c8f9fa24
      Randy Dunlap authored
      Driver needs sched.h for try_to_freeze().
      Signed-off-by: default avatarRandy Dunlap <randy.dunlap@oracle.com>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      c8f9fa24
    • S.Caglar Onur's avatar
      kvm: Fix asm constraint for lldt instruction · df24f7b9
      S.Caglar Onur authored
      lldt does not accept immediate operands, which "g" allows.
      Signed-off-by: default avatarS.Caglar Onur <caglar@pardus.org.tr>
      Signed-off-by: default avatarAvi Kivity <avi@qumranet.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      df24f7b9
    • Heiko Carstens's avatar
      lockdep: forward declare struct task_struct · 9edec60f
      Heiko Carstens authored
      3117df04 causes this:
      
      In file included from arch/s390/kernel/early.c:13:
      include/linux/lockdep.h:300: warning:
      		"struct task_struct" declared inside parameter list
      include/linux/lockdep.h:300:
      		warning: its scope is only this definition or
      		declaration, which is probably not what you want
      Acked-by: default avatarIngo Molnar <mingo@elte.hu>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      9edec60f
    • Jiri Slaby's avatar
      Char: specialix, isr have 2 params · e24efe94
      Jiri Slaby authored
      specialix, isr have 2 params
      
      pt_regs are no longer the third parameter of isr, call sx_interrupt without
      it.
      Signed-off-by: default avatarJiri Slaby <jirislaby@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e24efe94
    • Nick Piggin's avatar
      buffer: memorder fix · 54710f60
      Nick Piggin authored
      unlock_buffer(), like unlock_page(), must not clear the lock without
      ensuring that the critical section is closed.
      
      
      Mingming later sent the same patch, saying:
      
      We are running SDET benchmark and saw double free issue for ext3 extended
      attributes block, which complains the same xattr block already being freed (in
      ext3_xattr_release_block()).  The problem could also been triggered by
      multiple threads loop untar/rm a kernel tree.
      
      The race is caused by missing a memory barrier at unlock_buffer() before the
      lock bit being cleared, resulting in possible concurrent h_refcounter update. 
      That causes a reference counter leak, then later leads to the double free that
      we have seen.
      
      Inside unlock_buffer(), there is a memory barrier is placed *after* the lock
      bit is being cleared, however, there is no memory barrier *before* the bit is
      cleared.  On some arch the h_refcount update instruction and the clear bit
      instruction could be reordered, thus leave the critical section re-entered.
      
      The race is like this: For example, if the h_refcount is initialized as 1,
      
      cpu 0:                                   cpu1
      54710f60
    • Mathieu Desnoyers's avatar
      kernel/time/clocksource.c needs struct task_struct on m68k · 5556eaff
      Mathieu Desnoyers authored
      kernel/time/clocksource.c needs struct task_struct on m68k.
      
      Because it uses spin_unlock_irq(), which, on m68k, uses hardirq_count(), which
      uses preempt_count(), which needs to dereference struct task_struct, we
      have to include sched.h. Because it would cause a loop inclusion, we
      cannot include sched.h in any other of asm-m68k/system.h,
      linux/thread_info.h, linux/hardirq.h, which leaves this ugly include in
      a C file as the only simple solution.
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Roman Zippel <zippel@linux-m68k.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      5556eaff
    • Hirokazu Takata's avatar
      m32r: build fix for processors without ISA_DSP_LEVEL2 · cffb0fa4
      Hirokazu Takata authored
      Additional fixes for processors without ISA_DSP_LEVEL2.  sigcontext_t does not
      have dummy_acc1h, dummy_acc1l members any longer.
      Signed-off-by: default avatarHirokazu Takata <takata@linux-m32r.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      cffb0fa4
    • Ken Chen's avatar
      hugetlb: preserve hugetlb pte dirty state · 858965e6
      Ken Chen authored
      __unmap_hugepage_range() is buggy that it does not preserve dirty state of
      huge_pte when unmapping hugepage range.  It causes data corruption in the
      event of dop_caches being used by sys admin.  For example, an application
      creates a hugetlb file, modify pages, then unmap it.  While leaving the
      hugetlb file alive, comes along sys admin doing a "echo 3 >
      /proc/sys/vm/drop_caches".
      
      drop_pagecache_sb() will happily free all pages that aren't marked dirty if
      there are no active mapping.  Later when application remaps the hugetlb
      file back and all data are gone, triggering catastrophic flip over on
      application.
      
      Not only that, the internal resv_huge_pages count will also get all messed
      up.  Fix it up by marking page dirty appropriately.
      Signed-off-by: default avatarKen Chen <kenchen@google.com>
      Cc: "Nish Aravamudan" <nish.aravamudan@gmail.com>
      Cc: Adam Litke <agl@us.ibm.com>
      Cc: David Gibson <david@gibson.dropbear.id.au>
      Acked-by: default avatarWilliam Irwin <bill.irwin@oracle.com>
      Cc: Hugh Dickins <hugh@veritas.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      858965e6
    • Soeren Sonnenburg's avatar
      enable mouse button 2+3 emulation for x86 macs · ee3b6b53
      Soeren Sonnenburg authored
      As macbook/macbook pro's also have to live with a single mouse button the
      following patch just enables the Macintosh device drivers menu in Kconfig +
      adds the macintosh dir to the obj-* to make macbook* users happy (who use
      exactly that since months....
      Signed-off-by: default avatarSoeren Sonnenburg <kernel@nn7.de>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Dmitry Torokhov <dtor@mail.ru>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      ee3b6b53
    • Adrian Bunk's avatar
      v9fs_vfs_mkdir(): fix a double free · 6c087d85
      Adrian Bunk authored
      Fix a double free of "dfid" introduced by commit
      da977b2c and spotted by the Coverity
      checker.
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      6c087d85
    • Evgeniy Dushistov's avatar
      ufs: restore back support of openstep · a45d5cf5
      Evgeniy Dushistov authored
      This is a fix of regression, which triggered by ~2.6.16.
      
      Patch with name ufs-directory-and-page-cache-from-blocks-to-pages.patch: in
      additional to conversation from block to page cache mechanism added new
      checks of directory integrity, one of them that directory entry do not
      across directory chunks.
      
      But some kinds of UFS: OpenStep UFS and Apple UFS (looks like these are the
      same filesystems) have different directory chunk size, then common
      UFSes(BSD and Solaris UFS).
      
      So this patch adds ability to works with variable size of directory chunks,
      and set it for ufstype=openstep to right size.
      
      Tested on darwin ufs.
      Signed-off-by: default avatarEvgeniy Dushistov <dushistov@mail.ru>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      a45d5cf5
    • Zwane Mwaikambo's avatar
      Fix MTRR compat ioctl · 327da22c
      Zwane Mwaikambo authored
      The MTRR compat code wasn't calling the lowlevel MTRR setup due to a switch
      block not handling the compat case.
      
      Before:
      (WW) I810(0): Failed to set up write-combining range (0xd0000000,0x10000000)
      
      After:
      reg00: base=0x00000000 (   0MB), size=1024MB: write-back, count=1
      reg01: base=0x40000000 (1024MB), size= 512MB: write-back, count=1
      reg02: base=0x5f700000 (1527MB), size=   1MB: uncachable, count=1
      reg03: base=0x5f800000 (1528MB), size=   8MB: uncachable, count=1
      reg04: base=0xd0000000 (3328MB), size= 256MB: write-combining, count=1
      Signed-off-by: default avatarZwane Mwaikambo <zwane@infradead.org>
      Cc: Andi Kleen <ak@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      327da22c
    • Magnus Damm's avatar
      kexec: Fix CONFIG_SMP=n compilation V2 (ia64) · 3f246408
      Magnus Damm authored
      Kexec support for 2.6.20 on ia64 does not build properly using a config
      made up by CONFIG_SMP=n and CONFIG_HOTPLUG_CPU=n:
      
        CC      arch/ia64/kernel/machine_kexec.o
      arch/ia64/kernel/machine_kexec.c: In function `machine_shutdown':
      arch/ia64/kernel/machine_kexec.c:77: warning: implicit declaration of function `cpu_down'
        AS      arch/ia64/kernel/relocate_kernel.o
        CC      arch/ia64/kernel/crash.o
      arch/ia64/kernel/crash.c: In function `kdump_cpu_freeze':
      arch/ia64/kernel/crash.c:139: warning: implicit declaration of function `ia64_jump_to_sal'
      arch/ia64/kernel/crash.c:139: error: `sal_boot_rendez_state' undeclared (first use in this function)
      arch/ia64/kernel/crash.c:139: error: (Each undeclared identifier is reported only once
      arch/ia64/kernel/crash.c:139: error: for each function it appears in.)
      arch/ia64/kernel/crash.c: At top level:
      arch/ia64/kernel/crash.c:84: warning: 'kdump_wait_cpu_freeze' defined but not used
      make[1]: *** [arch/ia64/kernel/crash.o] Error 1
      make: *** [arch/ia64/kernel] Error 2
      Signed-off-by: default avatarMagnus Damm <magnus@valinux.co.jp>
      Acked-by: default avatarSimon Horman <horms@verge.net.au>
      Acked-by: default avatarJay Lan <jlan@sgi.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      3f246408
    • Trond Myklebust's avatar
      NLM: Fix double free in __nlm_async_call · 610a0848
      Trond Myklebust authored
      rpc_call_async() will always call rpc_release_calldata(), so it is an
      error for __nlm_async_call() to do so as well.
      
      Addresses http://bugzilla.kernel.org/show_bug.cgi?id=7923Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
      Cc: Neil Brown <neilb@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      610a0848
    • Trond Myklebust's avatar
      RPM: fix double free in portmapper code · af2fec73
      Trond Myklebust authored
      rpc_run_task is guaranteed to always call ->rpc_release.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: Neil Brown <neilb@suse.de>
      Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      af2fec73
    • Linus Torvalds's avatar
      Revert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant" · 25239266
      Linus Torvalds authored
      Revert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant"
      
      This reverts commit 39d61db0.
      
      The commit was buggy in multiple ways:
       - the conversion to ilog2() was incorrect to begin with
       - it tested the wrong #defines, so on all architectures but FRV you'd
         never see the bug except for constant arguments.
       - the new "get_order()" macro used its arguments multiple times, and
         didn't even parenthesize them properly
       - despite the comments, it was not true that you could use it for
         constant initializers, since not all architectures even use the
         generic page.h header file.
      
      All of the problems are individually fixable, but it all boils down to:
      better just revert it, and re-do it from scratch.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      25239266
    • Thomas Renninger's avatar
      Backport of psmouse suspend/shutdown cleanups · 752dae42
      Thomas Renninger authored
      This patch works back to 2.6.17 (earlier kernels seem to
      need up/down operations on mutex/semaphore).
      
      psmouse - properly reset mouse on shutdown/suspend
      
      Some people report that they need psmouse module unloaded
      for suspend to ram/disk to work properly. Let's make port
      cleanup behave the same way as driver unload.
      
      This fixes "bad state" problem on various HP laptops, such
      as nx7400.
      Signed-off-by: default avatarDmitry Torokhov <dtor@mail.ru>
      Signed-off-by: default avatarThomas Renninger <trenn@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      752dae42
    • David Brownell's avatar
      USB: usbnet driver bugfix · 252878df
      David Brownell authored
      The attached fixes an oops in the usbnet driver. The same patch is
      in 2.6.21-rc1, but that one has many whitespace changes. This is much
      smaller.
      Signed-off-by: default avatarDavid Brownell <david-b@pacbell.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      252878df
    • Ingo Molnar's avatar
      sched: fix SMT scheduler bug · d499ac7a
      Ingo Molnar authored
      The SMT scheduler incorrectly skips kernel threads even if they are
      runnable (but they are preempted by a higher-prio user-space task which got
      SMT-delayed by an even higher-priority task running on a sibling CPU).
      
      Fix this for now by only doing the SMT-nice optimization if the
      to-be-delayed task is the only runnable task.  (This should cover most of
      the real-life cases anyway.)
      
      This bug has been in the SMT scheduler since 2.6.17 or so, but has only
      been noticed now by the active check in the dynticks code.
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
      Cc: Nick Piggin <nickpiggin@yahoo.com.au>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Chuck Ebbert <cebbert@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d499ac7a
    • Aristeu Sergio Rozanski Filho's avatar
      tty_io: fix race in master pty close/slave pty close path · 530b0916
      Aristeu Sergio Rozanski Filho authored
      This patch fixes a possible race that leads to double freeing an idr index.
       When the master begin to close, release_dev() is called and then
      pty_close() is called:
      
              if (tty->driver->close)
                      tty->driver->close(tty, filp);
      
      This is done without helding any locks other than BKL.  Inside pty_close(),
      being a master close, the devpts entry will be removed:
      
      #ifdef CONFIG_UNIX98_PTYS
                      if (tty->driver == ptm_driver)
                              devpts_pty_kill(tty->index);
      #endif
      
      But devpts_pty_kill() will call get_node() that may sleep while waiting for
      &devpts_root->d_inode->i_sem.  When this happens and the slave is being
      opened, tty_open() just found the driver and index:
      
              driver = get_tty_driver(device, &index);
              if (!driver) {
                      mutex_unlock(&tty_mutex);
                      return -ENODEV;
              }
      
      This part of the code is already protected under tty_mute.  The problem is
      that the slave close already got an index.  Then init_dev() is called and
      blocks waiting for the same &devpts_root->d_inode->i_sem.
      
      When the master close resumes, it removes the devpts entry, and the
      relation between idr index and the tty is gone.  The master then sleeps
      waiting for the tty_mutex on release_dev().
      
      Slave open resumes and found no tty for that index.  As result, a NULL tty
      is returned and init_dev() doesn't flow to fast_track:
      
              /* check whether we're reopening an existing tty */
              if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
                      tty = devpts_get_tty(idx);
                      if (tty && driver->subtype == PTY_TYPE_MASTER)
                              tty = tty->link;
              } else {
                      tty = driver->ttys[idx];
              }
              if (tty) goto fast_track;
      
      The result of this, is that a new tty will be created and init_dev() returns
      sucessfull. After returning, tty_mutex is dropped and master close may resume.
      
      Master close finds it's the only use and both sides are closing, then releases
      the tty and the index. At this point, the idr index is free, but slave still
      has it.
      
      Slave open then calls pty_open() and finds that tty->link->count is 0,
      because there's no master and returns error.  Then tty_open() calls
      release_dev() which executes without any warning, as it was a case of last
      slave close when the master is already closed (master->count == 0,
      slave->count == 1).  The tty is then released with the already released idr
      index.
      
      This normally would only issue a warning on idr_remove() but in case of a
      customer's critical application, it's never too simple:
      
      thread1: opens master, gets index X
      thread1: begin closing master
      thread2: begin opening slave with index X
      thread1: finishes closing master, index X released
      thread3: opens master, gets index X, just released
      thread2: fails opening slave, releases index X         <----
      thread4: opens master, gets index X, init_dev() then find an already in use
      	 and healthy tty and fails
      
      If no more indexes are released, ptmx_open() will keep failing, as the
      first free index available is X, and it will make init_dev() fail because
      you're trying to "reopen a master" which isn't valid.
      
      The patch notices when this race happens and make init_dev() fail
      imediately.  The init_dev() function is called with tty_mutex held, so it's
      safe to continue with tty till the end of function because release_dev()
      won't make any further changes without grabbing the tty_mutex.
      
      Without the patch, on some machines it's possible get easily idr warnings
      like this one:
      
      idr_remove called for id=15 which is not allocated.
       [<c02555b9>] idr_remove+0x139/0x170
       [<c02a1b62>] release_mem+0x182/0x230
       [<c02a28e7>] release_dev+0x4b7/0x700
       [<c02a0ea7>] tty_ldisc_enable+0x27/0x30
       [<c02a1e64>] init_dev+0x254/0x580
       [<c02a0d64>] check_tty_count+0x14/0xb0
       [<c02a4f05>] tty_open+0x1c5/0x340
       [<c02a4d40>] tty_open+0x0/0x340
       [<c017388f>] chrdev_open+0xaf/0x180
       [<c017c2ac>] open_namei+0x8c/0x760
       [<c01737e0>] chrdev_open+0x0/0x180
       [<c0167bc9>] __dentry_open+0xc9/0x210
       [<c0167e2c>] do_filp_open+0x5c/0x70
       [<c0167a91>] get_unused_fd+0x61/0xd0
       [<c0167e93>] do_sys_open+0x53/0x100
       [<c0167f97>] sys_open+0x27/0x30
       [<c010303b>] syscall_call+0x7/0xb
      
      using this test application available on:
       http://www.ruivo.org/~aris/pty_sodomizer.cSigned-off-by: default avatarAristeu Sergio Rozanski Filho <aris@ruivo.org>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Chuck Ebbert <cebbert@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      530b0916
    • Ayaz Abdulla's avatar
      forcedeth: disable msix · 5697ea0f
      Ayaz Abdulla authored
      forcedeth: disable msix
      
      There seems to be an issue when both MSI-X is enabled and NAPI is
      configured. This patch disables MSI-X until the issue is root caused.
      Signed-off-by: default avatarAyaz Abdulla <aabdulla@nvidia.com>
      Signed-off-by: default avatarJeff Garzik <jeff@garzik.org>
      Cc: Chuck Ebbert <cebbert@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      5697ea0f
    • Neil Brown's avatar
      export blk_recount_segments · d50ff202
      Neil Brown authored
      On Monday February 12, marcm@liquid-nexus.net wrote:
      > > 
      > > Thanks for the quick response Neil unfortunately the kernel doesn't build with
      > > this patch due to a missing symbol:
      > > 
      > > WARNING: "blk_recount_segments" [drivers/md/raid456.ko] undefined!
      > > 
      > > Is that in another file that needs patching or within raid5.c?
      
      Yes.  I keep forgetting about that bit. Sorry.
      Signed-off-by: default avatarNeil Brown <neilb@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      d50ff202
    • Michał Mirosław's avatar
      Fix reference counting (memory leak) problem in __nfulnl_send() and callers... · 9b1e918a
      Micha� Miros�aw authored
      Fix reference counting (memory leak) problem in __nfulnl_send() and callers related to packet queueing.
      Signed-off-by: default avatarMichał Mirosław <mirq-linux@rere.qmqm.pl>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      9b1e918a
    • David Stevens's avatar
      Fix anycast procfs device leak · 9e44f708
      David Stevens authored
      [IPV6]: /proc/net/anycast6 unbalanced inet6_dev refcnt
      
      From: David Stevens <dlstevens@us.ibm.com>
      
      Reading /proc/net/anycast6 when there is no anycast address
      on an interface results in an ever-increasing inet6_dev reference
      count, as well as a reference to the netdevice you can't get rid of.
      
      From: David Stevens <dlstevens@us.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      9e44f708
    • Michal Wrobel's avatar
      Don't add anycast reference to device multiple times · 74ba050d
      Michal Wrobel authored
      [IPV6]: anycast refcnt fix
      
      This patch fixes a bug in Linux IPv6 stack which caused anycast address
      to be added to a device prior DAD has been completed. This led to
      incorrect reference count which resulted in infinite wait for
      unregister_netdevice completion on interface removal.
      Signed-off-by: default avatarMichal Wrobel <xmxwx@asn.pl>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      74ba050d
    • David Miller's avatar
      Fix TCP MD5 locking. · 2e8c347d
      David Miller authored
      [TCP]: Fix MD5 signature pool locking.
      
      The locking calls assumed that these code paths were only
      invoked in software interrupt context, but that isn't true.
      
      Therefore we need to use spin_{lock,unlock}_bh() throughout.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      2e8c347d
    • David Miller's avatar
      Fix %100 cpu spinning on sparc64 · ede6d261
      David Miller authored
      [SPARC64] bbc_i2c: Fix kenvctrld eating %100 cpu.
      
      Based almost entirely upon a patch by Joerg Friedrich
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ede6d261
    • Arnaldo Carvalho de Melo's avatar
      Fix skb data reallocation handling in IPSEC · 03670c6e
      Arnaldo Carvalho de Melo authored
      [XFRM_TUNNEL]: Reload header pointer after pskb_may_pull/pskb_expand_head
      
      Please consider applying, this was found on your latest
      net-2.6 tree while playing around with that ip_hdr() + turn
      skb->nh/h/mac pointers  as offsets on 64 bits idea :-)
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      03670c6e
    • David Miller's avatar
      Fix xfrm_add_sa_expire() return value · c7c5f798
      David Miller authored
      [XFRM] xfrm_user: Fix return values of xfrm_add_sa_expire.
      
      As noted by Kent Yoder, this function will always return an
      error.  Make sure it returns zero on success.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      c7c5f798
    • David Miller's avatar
      Fix interrupt probing on E450 sparc64 systems · d8bb5ffc
      David Miller authored
      [SPARC64]: Fix PCI interrupts on E450 et al.
      
      When the PCI controller OBP node lacks an interrupt-map
      and interrupt-map-mask property, we need to form the
      INO by hand.  The PCI swizzle logic was not doing that
      properly.
      
      This was a regression added by the of_device code.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      d8bb5ffc
    • Jiri Kosina's avatar
      HID: fix possible double-free on error path in hid parser · 01f919ed
      Jiri Kosina authored
      HID: fix possible double-free on error path in hid parser
      
      Freeing of device->collection is properly done in hid_free_device() (as
      this function is supposed to free all the device resources and could be
      called from transport specific code, e.g. usb_hid_configure()).
      
      Remove all kfree() calls preceeding the hid_free_device() call.
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      01f919ed
    • Livio Soares's avatar
      POWERPC: Fix performance monitor exception · e37713bb
      Livio Soares authored
      To the issue: some point during 2.6.20 development, Paul Mackerras
      introduced the "lazy IRQ  disabling" patch (very cool work,  BTW).
      In that patch, the performance monitor unit exception was marked as
      "maskable", in the sense that if interrupts were soft-disabled, that
      exception could be ignored.  This broke my PowerPC profiling code.
      The symptom that I see is that a varying number of interrupts
      (from 0 to $n$, typically closer to 0) get delivered, when, in
      reality, it should always be very close to $n$.
      
      The issue stems from the way masking is being done.   Masking in
      this fashion seems to  work well with the decrementer and external
      interrupts, because they are raised again until "really"  handled.
      For the PMU, however, this does not apply (at least on my Xserver
      machine with a 970FX processor).  If the PMU exception is not handled,
      it will _not_ be re-raised (at least on my machine).  The documentation
      states that the PMXE bit in MMCR0 is set to 0 when the PMU exception
      is raised.  However, software must re-set the bit to re-enable PMU
      exceptions.  If the exception is ignored (as currently) not only is
      that interrupt lost, but because software does not re-set PMXE, the
      PMU registers are "frozen" forever.
      
      [This patch means that performance monitor exceptions are taken and
      handled even if irqs are off, as long as some other interrupt hasn't
      come along and caused interrupts to be hard-disabled.  In this sense
      the PMU exception becomes like an NMI.  The oprofile code for most
      powerpc processors does nothing that is unsafe in an NMI context, but
      the Cell oprofile code does a spin_lock_irqsave.  However, that turns
      out to be OK because Cell doesn't actually use the performance
      monitor exception; performance monitor interrupts come in as a
      regular interrupt on Cell, so will be disabled when irqs are off.
       -- paulus.]
      
      From: Livio Soares <livio@eecg.toronto.edu>
      Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e37713bb
    • Tejun Heo's avatar
      libata: add missing CONFIG_PM in LLDs · 270d0c2e
      Tejun Heo authored
      Add missing #ifdef CONFIG_PM conditionals around all PM related parts
      in libata LLDs.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      270d0c2e
    • Tejun Heo's avatar
      libata: add missing PM callbacks · 7348396e
      Tejun Heo authored
      Some LLDs were missing scsi device PM callbacks while having host/port
      suspend support.  Add missing ones.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      7348396e
    • Pavel Roskin's avatar
      bcm43xx: Fix assertion failures in interrupt handler · afb39fa4
      Pavel Roskin authored
      In the bcm43xx interrupt handler, sanity checks are wrongly done before the
      verification that the interrupt is for the bcm43xx.
      Signed-off-by: default avatarPavel Roskin <proski@gnu.org>
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      afb39fa4
    • Darren Salt's avatar
      mmc: Power quirk for ENE controllers · 1e0715b5
      Darren Salt authored
      mmc: Power quirk for ENE controllers
      
      Support for these devices was broken for 2.6.18-rc1 and later by commit
      146ad66e, which added voltage level support.
      
      This restores the previous behaviour for these devices by ensuring that when
      the voltage is changed, only one write to set the voltage is performed.
      
      It may be that both writes are needed if the voltage is being changed between
      two non-zero values or that it's safe to ensure that only one write is done
      if the hardware only supports one voltage; I don't know whether either is the
      case nor can I test since I have only the one SD reader (1524:0550), and it
      supports just the one voltage.
      Signed-off-by: default avatarDarren Salt <linux@youmustbejoking.demon.co.uk>
      Signed-off-by: default avatarPierre Ossman <drzeus@drzeus.cx>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      1e0715b5
    • Jeff Dike's avatar
      UML - Fix 2.6.20 hang · 2f8432fc
      Jeff Dike authored
      A previous cleanup misused need_poll, which had a fairly broken
      interface.  It implemented a growable array, changing the used
      elements count itself, but leaving it up to the caller to fill in the
      actual elements, including the entire array if the array had to be
      reallocated.  This worked because the previous users were switching
      between two such structures, and the elements were copied from the
      inactive array to the active array after making sure the active array
      had enough room.
      
      maybe_sigio_broken was made to use need_poll, but it was operating on
      a single array, so when the buffer was reallocated, the previous
      contents were lost.
      
      This patch makes need_poll implement more sane semantics.  It merely
      assures that the array is of the proper size and that the contents are
      preserved.  It is up to the caller to adjust the used elements count
      and to ensure that the proper elements are resent.
      
      This manifested itself as a hang in 2.6.20 as the uninitialized buffer
      convinced UML that one of its own file descriptors didn't support
      SIGIO and needed to be watched by poll in a separate thread.  The
      result was an interrupt flood as control traffic over this descriptor
      sparked interrupts, which resulted in more control traffic, ad nauseum.
      Signed-off-by: default avatarJeff Dike <jdike@addtoit.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      2f8432fc
    • Hugh Dickins's avatar
      fix umask when noACL kernel meets extN tuned for ACLs · b007a087
      Hugh Dickins authored
      Fix insecure default behaviour reported by Tigran Aivazian: if an ext2
      or ext3 or ext4 filesystem is tuned to mount with "acl", but mounted by
      a kernel built without ACL support, then umask was ignored when creating
      inodes - though root or user has umask 022, touch creates files as 0666,
      and mkdir creates directories as 0777.
      
      This appears to have worked right until 2.6.11, when a fix to the default
      mode on symlinks (always 0777) assumed VFS applies umask: which it does,
      unless the mount is marked for ACLs; but ext[234] set MS_POSIXACL in
      s_flags according to s_mount_opt set according to def_mount_opts.
      
      We could revert to the 2.6.10 ext[234]_init_acl (adding an S_ISLNK test);
      but other filesystems only set MS_POSIXACL when ACLs are configured.  We
      could fix this at another level; but it seems most robust to avoid setting
      the s_mount_opt flag in the first place (at the expense of more ifdefs).
      
      Likewise don't set the XATTR_USER flag when built without XATTR support.
      Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
      Acked-by: default avatarAndreas Gruenbacher <agruen@suse.de>
      Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      b007a087
    • Tejun Heo's avatar
      sata_sil: ignore and clear spurious IRQs while executing commands by polling · 27fa3aff
      Tejun Heo authored
      sata_sil used to trigger HSM error if IRQ occurs during polling
      command.  This didn't matter because polling wasn't used in sata_sil.
      However, as of 2.6.20, all IDENTIFYs are performed by polling and
      device detection sometimes fails due to spurious IRQ.  This patch
      makes sata_sil ignore and clear spurious IRQ while executing commands
      by polling.
      
      This fixes bug#7996 and IMHO should also be included in -stable.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Cc: Jeff Garzik <jeff@garzik.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      27fa3aff