firefly-linux-kernel-4.4.55.git
17 years ago[PATCH] knfsd: replace some warning ins nfsfh.h with BUG_ON or WARN_ON
NeilBrown [Fri, 26 Jan 2007 08:56:59 +0000 (00:56 -0800)]
[PATCH] knfsd: replace some warning ins nfsfh.h with BUG_ON or WARN_ON

A couple of the warnings will be followed by an Oops if they ever fire, so may
as well be BUG_ON.  Another isn't obviously fatal but has never been known to
fire, so make it a WARN_ON.

Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] knfsd: fix an NFSD bug with full sized, non-page-aligned reads
NeilBrown [Fri, 26 Jan 2007 08:56:59 +0000 (00:56 -0800)]
[PATCH] knfsd: fix an NFSD bug with full sized, non-page-aligned reads

NFSd assumes that largest number of pages that will be needed for a
request+response is 2+N where N pages is the size of the largest permitted
read/write request.  The '2' are 1 for the non-data part of the request, and 1
for the non-data part of the reply.

However, when a read request is not page-aligned, and we choose to use
->sendfile to send it directly from the page cache, we may need N+1 pages to
hold the whole reply.  This can overflow and array and cause an Oops.

This patch increases size of the array for holding pages by one and makes sure
that entry is NULL when it is not in use.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] knfsd: fix setting of ACL server versions
NeilBrown [Fri, 26 Jan 2007 08:56:58 +0000 (00:56 -0800)]
[PATCH] knfsd: fix setting of ACL server versions

Due to silly typos, if the nfs versions are explicitly set, no NFSACL versions
get enabled.

Also improve an error message that would have made this bug a little easier to
find.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] knfsd: update email address and status for NFSD in MAINTAINERS
NeilBrown [Fri, 26 Jan 2007 08:56:57 +0000 (00:56 -0800)]
[PATCH] knfsd: update email address and status for NFSD in MAINTAINERS

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Gigaset ISDN driver error handling fixes
Tilman Schmidt [Fri, 26 Jan 2007 08:56:56 +0000 (00:56 -0800)]
[PATCH] Gigaset ISDN driver error handling fixes

Fix several flaws in the error handling of the Siemens Gigaset ISDN driver,
including one that would cause an Oops when connecting more than one device
of the same type.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] ACPI: fix cpufreq regression
Ingo Molnar [Fri, 26 Jan 2007 08:56:55 +0000 (00:56 -0800)]
[PATCH] ACPI: fix cpufreq regression

Recently cpufreq support on my laptop (Lenovo T60) broke completely: when
it's plugged into AC it would never go higher than 1 GHz - neither 1.3 GHz
nor 1.83 GHz is possible - no matter which governor (userspace, speed or
ondemand) is used.

After some cpufreq debugging i tracked the regression back to the following
(totally correct) bug-fix commit:

   commit 0916bd3ebb7cefdd0f432e8491abe24f4b5a101e
   Author: Dave Jones <davej@redhat.com>
   Date:   Wed Nov 22 20:42:01 2006 -0500

    [PATCH] Correct bound checking from the value returned from _PPC method.

This bugfix, which makes other laptops work, made a previously hidden
(BIOS) bug visible on my laptop.

The bug is the following: if the _PPC (Performance Present Capabilities)
optional ACPI object is queried /after/ bootup then the BIOS reports an
incorrect value of '2'.

My laptop (Lenovo T60) has the following performance states supported:

   0: 1833000
   1: 1333000
   2: 1000000

Per ACPI specification, a _PPC value of '0' means that all 3 performance
states are usable.  A _PPC value of '1' means states 1 ..  2 are usable, a
value of '2' means only state '2' (slowest) is usable.

now, the _PPC object is optional, and it also comes with notification.
Furthermore, when a CPU object is initialized, the _PPC object is
initialized as well.  So the following evaluation of the _PPC object is
superfluous:

 [<c028ba5f>] acpi_processor_get_platform_limit+0xa1/0xaf
 [<c028c040>] acpi_processor_register_performance+0x3b9/0x3ef
 [<c0111a85>] acpi_cpufreq_cpu_init+0xb7/0x596
 [<c03dab74>] cpufreq_add_dev+0x160/0x4a8
 [<c02bed90>] sysdev_driver_register+0x5a/0xa0
 [<c03d9c4c>] cpufreq_register_driver+0xb4/0x176
 [<c068ac08>] acpi_cpufreq_init+0xe5/0xeb
 [<c010056e>] init+0x14f/0x3dd

And this is the point where my laptop's BIOS returns the incorrect value of
'2'.  Note that it has not sent any notification event, so the value is
probably not really intentional (possibly spurious), and Windows likely
doesnt query it after bootup either.  Maybe the value is kept at '2'
normally, and is only set to the real value when a true asynchronous event
(such as AC plug event, battery switch, etc.) occurs.

So i /think/ this is a grey area of the ACPI spec: per the letter of the
spec the _PPC value only changes when notified, so there's no reason to
query it after the system has booted up.  So in my opinion the best (and
most compatible) strategy would be to do the change below, and to not
evaluate the _PPC object in the acpi_processor_get_performance_info() call,
but only evaluate it if _PPC is present during CPU object init, or if it's
notified during an asynchronous event.  This change is more permissive than
the previous logic, so it definitely shouldnt break any existing system.

This also happens to fix my laptop, which is merrily chugging along at
1.83 GHz now. Yay!

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Dave Jones <davej@redhat.com>
Acked-by: Len Brown <lenb@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] SPI: alternative fix for spi_busnum_to_master
Atsushi Nemoto [Fri, 26 Jan 2007 08:56:54 +0000 (00:56 -0800)]
[PATCH] SPI: alternative fix for spi_busnum_to_master

If a SPI master device exists, udev (udevtrigger) causes kernel crash, due
to wrong kobj pointer in kobject_uevent_env().  This problem was not in
2.6.19.

The backtrace (on MIPS) was:
[<8024db6c>] kobject_uevent_env+0x54c/0x5e8
[<802a8264>] store_uevent+0x1c/0x3c  (in drivers/class.c)
[<801cb14c>] subsys_attr_store+0x2c/0x50
[<801cb80c>] flush_write_buffer+0x38/0x5c
[<801cb900>] sysfs_write_file+0xd0/0x190
[<80181444>] vfs_write+0xc4/0x1a0
[<80181cdc>] sys_write+0x54/0xa0
[<8010dae4>] stack_done+0x20/0x3c

flush_write_buffer() passes kobject of spi_master_class.subsys to
subsys_addr_store(), then subsys_addr_store() passes a pointer to a struct
subsystem to store_uevent() which expects a pointer to a struct
class_device.  The problem seems subsys_attr_store() called instead of
class_device_attr_store().

This mismatch was caused by commit
3bd0f6943520e459659d10f3282285e43d3990f1, which overrides kset of master
class.  This made spi_master_class.subsys.kset.ktype NULL so
subsys_sysfs_ops is used instead of class_dev_sysfs_ops.

The commit was to fix spi_busnum_to_master().  Here is a patch fixes
this function in other way, just searching children list of
class_device.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts
Alexey Dobriyan [Fri, 26 Jan 2007 08:56:53 +0000 (00:56 -0800)]
[PATCH] Fix NULL ->nsproxy dereference in /proc/*/mounts

/proc/*/mounstats was fixed, all right, but...

To reproduce:

while true; do
find /proc -type f 2>/dev/null | xargs cat 1>/dev/null 2>/dev/null;
done

BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000c
 printing eip:
c01754df
*pde = 00000000
Oops: 0000 [#28]
Modules linked in: af_packet ohci_hcd e1000 ehci_hcd uhci_hcd usbcore xfs
CPU:    0
EIP:    0060:[<c01754df>]    Not tainted VLI
EFLAGS: 00010286   (2.6.20-rc5 #1)
EIP is at mounts_open+0x1c/0xac
eax: 00000000   ebx: d5898ac0   ecx: d1d27b18   edx: d1d27a50
esi: e6083e10   edi: d3c87f38   ebp: d5898ac0   esp: d3c87ef0
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 18071, ti=d3c86000 task=f7d5f070 task.ti=d3c86000)
Stack: d5898ac0 e6083e10 d3c87f38 c01754c3 c0147c91 c18c52c0 d343f314 d5898ac0
       00008000 d3c87f38 ffffff9c c0147e09 d5898ac0 00000000 00000000 c0147e4b
       00000000 d3c87f38 d343f314 c18c52c0 c015e53e 00001000 08051000 00000101
Call Trace:
 [<c01754c3>] mounts_open+0x0/0xac
 [<c0147c91>] __dentry_open+0xa1/0x18c
 [<c0147e09>] nameidata_to_filp+0x31/0x3a
 [<c0147e4b>] do_filp_open+0x39/0x40
 [<c015e53e>] seq_read+0x128/0x2aa
 [<c0147e8c>] do_sys_open+0x3a/0x6d
 [<c0147efa>] sys_open+0x1c/0x20
 [<c0102b76>] sysenter_past_esp+0x5f/0x85
 [<c02a0033>] unix_stream_recvmsg+0x3bf/0x4bf
 =======================
Code: 5d c3 89 d8 e8 06 e0 f9 ff eb bd 0f 0b eb fe 55 57 56 53 89 d5 8b 40 f0 31 d2 e8 02 c1 fa ff 89 c2 85 c0 74 5c 8b 80 48 04 00 00 <8b> 58 0c 85 db 74 02 ff 03 ff 4a 08 0f 94 c0 84 c0 75 74 85 db
EIP: [<c01754df>] mounts_open+0x1c/0xac SS:ESP 0068:d3c87ef0

A race with do_exit()'s call to exit_namespaces().

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] x86_64 ia32 vDSO: define arch_vma_name
Roland McGrath [Fri, 26 Jan 2007 08:56:52 +0000 (00:56 -0800)]
[PATCH] x86_64 ia32 vDSO: define arch_vma_name

This patch makes x86_64 define arch_vma_name for CONFIG_IA32_EMULATION.  This
makes the ia32 vDSO mapping appear in /proc/PID/maps with "[vdso]" for ia32
processes, as it does on native i386.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] powerpc vDSO: use VM_ALWAYSDUMP
Roland McGrath [Fri, 26 Jan 2007 08:56:51 +0000 (00:56 -0800)]
[PATCH] powerpc vDSO: use VM_ALWAYSDUMP

This patch fixes core dumps to include the vDSO vma, which is left out now.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] x86_64 ia32 vDSO: use VM_ALWAYSDUMP
Roland McGrath [Fri, 26 Jan 2007 08:56:50 +0000 (00:56 -0800)]
[PATCH] x86_64 ia32 vDSO: use VM_ALWAYSDUMP

This patch fixes ia32 core dumps on x86_64 to include just one phdr for the
vDSO vma.  Currently it writes a confused format with two phdrs for the
address, one without contents and one with.  This patch removes the
special-case core writing macros for the ia32 vDSO.  Instead, it uses
VM_ALWAYSDUMP in the vma.  This changes core dumps so they no longer include
the non-PT_LOAD phdrs from the vDSO, consistent with fixed native i386 core
dumps.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] i386 vDSO: use VM_ALWAYSDUMP
Roland McGrath [Fri, 26 Jan 2007 08:56:49 +0000 (00:56 -0800)]
[PATCH] i386 vDSO: use VM_ALWAYSDUMP

This patch fixes core dumps to include the vDSO vma, which is left out now.
It removes the special-case core writing macros, which were not doing the
right thing for the vDSO vma anyway.  Instead, it uses VM_ALWAYSDUMP in the
vma; there is no need for the fixmap page to be installed.  It handles the
CONFIG_COMPAT_VDSO case by making elf_core_dump use the fake vma from
get_gate_vma after real vmas in the same way the /proc/PID/maps code does.

This changes core dumps so they no longer include the non-PT_LOAD phdrs from
the vDSO.  I made the change to add them in the first place, but in turned out
that nothing ever wanted them there since the advent of NT_AUXV.  It's cleaner
to leave them out, and just let the phdrs inside the vDSO image speak for
themselves.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Add VM_ALWAYSDUMP
Roland McGrath [Fri, 26 Jan 2007 08:56:48 +0000 (00:56 -0800)]
[PATCH] Add VM_ALWAYSDUMP

This patch adds the VM_ALWAYSDUMP flag for vm_flags in vm_area_struct.  This
provides a clean explicit way to have a vma always included in core dumps, as
is needed for vDSO's.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Fix gate_vma.vm_flags
Roland McGrath [Fri, 26 Jan 2007 08:56:47 +0000 (00:56 -0800)]
[PATCH] Fix gate_vma.vm_flags

This patch fixes the initialization of gate_vma.vm_flags and
gate_vma.vm_page_prot to reflect reality.  This makes the "[vdso]" line in
/proc/PID/maps correctly show r-xp instead of ---p, when gate_vma is used
(CONFIG_COMPAT_VDSO on i386).

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Fix CONFIG_COMPAT_VDSO
Roland McGrath [Fri, 26 Jan 2007 08:56:46 +0000 (00:56 -0800)]
[PATCH] Fix CONFIG_COMPAT_VDSO

I wouldn't mind if CONFIG_COMPAT_VDSO went away entirely.  But if it's there,
it should work properly.  Currently it's quite haphazard: both real vma and
fixmap are mapped, both are put in the two different AT_* slots, sysenter
returns to the vma address rather than the fixmap address, and core dumps yet
are another story.

This patch makes CONFIG_COMPAT_VDSO disable the real vma and use the fixmap
area consistently.  This makes it actually compatible with what the old vdso
implementation did.

Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] spi: fix error setting the spi mode in pxa2xx_spi.c
Justin Clacherty [Fri, 26 Jan 2007 08:56:44 +0000 (00:56 -0800)]
[PATCH] spi: fix error setting the spi mode in pxa2xx_spi.c

Currently the spi mode can be set to the wrong mode if you are switching
from any mode other than mode 0.  This is because the mode is set using a
bitwise or on uncleared bits.  The following patch clears the mode bits
before setting the new mode.  I've also modified it to use the appropriate
defines from pxa-regs.h for readability.

Signed-off-by: Justin Clacherty <justin@redfish-group.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] S3C24XX: fix passing spi chipselect to select routine
Ben Dooks [Fri, 26 Jan 2007 08:56:43 +0000 (00:56 -0800)]
[PATCH] S3C24XX: fix passing spi chipselect to select routine

It turns out that the spi chipselect was not being passed to the set_cs
routine if one was specified in the platform data.

As part of the fix, change to using a set_cs field in the controller state,
and put a default gpio routine in if the data passed does not specify it.

Also remove the //#define DEBUG

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: SVM: Propagate cpu shutdown events to userspace
Joerg Roedel [Fri, 26 Jan 2007 08:56:42 +0000 (00:56 -0800)]
[PATCH] KVM: SVM: Propagate cpu shutdown events to userspace

This patch implements forwarding of SHUTDOWN intercepts from the guest on to
userspace on AMD SVM.  A SHUTDOWN event occurs when the guest produces a
triple fault (e.g.  on reboot).  This also fixes the bug that a guest reboot
actually causes a host reboot under some circumstances.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: MMU: Report nx faults to the guest
Avi Kivity [Fri, 26 Jan 2007 08:56:41 +0000 (00:56 -0800)]
[PATCH] KVM: MMU: Report nx faults to the guest

With the recent guest page fault change, we perform access checks on our
own instead of relying on the cpu.  This means we have to perform the nx
checks as well.

Software like the google toolbar on windows appears to rely on this
somehow.

Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: MMU: Perform access checks in walk_addr()
Avi Kivity [Fri, 26 Jan 2007 08:56:41 +0000 (00:56 -0800)]
[PATCH] KVM: MMU: Perform access checks in walk_addr()

Check pte permission bits in walk_addr(), instead of scattering the checks all
over the code.  This has the following benefits:

1. We no longer set the accessed bit for accessed which fail permission checks.
2. Setting the accessed bit is simplified.
3. Under some circumstances, we used to pretend a page fault was fixed when
   it would actually fail the access checks.  This caused an unnecessary
   vmexit.
4. The error code for guest page faults is now correct.

The fix helps netbsd further along booting, and allows kvm to pass the new mmu
testsuite.

Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: Emulate IA32_MISC_ENABLE msr
Avi Kivity [Fri, 26 Jan 2007 08:56:40 +0000 (00:56 -0800)]
[PATCH] KVM: Emulate IA32_MISC_ENABLE msr

This allows netbsd 3.1 i386 to get further along installing.

Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: SVM: Fix SVM idt confusion
Leonard Norrgard [Fri, 26 Jan 2007 08:56:38 +0000 (00:56 -0800)]
[PATCH] KVM: SVM: Fix SVM idt confusion

There's an obvious typo in svm_{get,set}_idt, causing it to access the ldt
instead.

Because these functions are only called for save/load on AMD, the bug does not
impact normal operation.  With the fix, save/load works as expected on AMD
hosts.

Signed-off-by: Uri Lublin <uril@qumranet.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoWrite back inode data pages even when the inode itself is locked
Linus Torvalds [Fri, 26 Jan 2007 20:53:20 +0000 (12:53 -0800)]
Write back inode data pages even when the inode itself is locked

In __writeback_single_inode(), when we find a locked inode and we're not
doing a data-integrity sync, we used to just skip writing entirely,
since we didn't want to wait for the inode to unlock.

However, there's really no reason to skip writing the data pages, which
are likely to be the the bulk of the dirty state anyway (and the main
reason why writeback was started for the non-data-integrity case, of
course!)

Acked-by: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Andrew Morton <akpm@osdl.org>,
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoResurrect 'try_to_free_buffers()' VM hackery
Linus Torvalds [Fri, 26 Jan 2007 20:47:06 +0000 (12:47 -0800)]
Resurrect 'try_to_free_buffers()' VM hackery

It's not pretty, but it appears that ext3 with data=journal will clean
pages without ever actually telling the VM that they are clean.  This,
in turn, will result in the VM (and balance_dirty_pages() in particular)
to never realize that the pages got cleaned, and wait forever for an
event that already happened.

Technically, this seems to be a problem with ext3 itself, but it used to
be hidden by 'try_to_free_buffers()' noticing this situation on its own,
and just working around the filesystem problem.

This commit re-instates that hack, in order to avoid a regression for
the 2.6.20 release. This fixes bugzilla 7844:

http://bugzilla.kernel.org/show_bug.cgi?id=7844

Peter Zijlstra points out that we should probably retain the debugging
code that this removes from cancel_dirty_page(), and I agree, but for
the imminent release we might as well just silence the warning too
(since it's not a new bug: anything that triggers that warning has been
around forever).

Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] x86_64: fix put_user for 64-bit constant
Roland McGrath [Fri, 26 Jan 2007 01:19:51 +0000 (17:19 -0800)]
[PATCH] x86_64: fix put_user for 64-bit constant

On x86-64, a put_user call using a 64-bit pointer and a constant value that
is > 0xffffffff will produce code that doesn't assemble.  This patch fixes
the asm construct to use the Z constraint for 32-bit constants.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoLinux 2.6.20-rc6
Linus Torvalds [Thu, 25 Jan 2007 02:19:28 +0000 (18:19 -0800)]
Linux 2.6.20-rc6

17 years agoMerge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Wed, 24 Jan 2007 20:31:28 +0000 (12:31 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] Fix wrong checksum calculation on 64-bit MIPS
  [MIPS] VPE loader: Initialize lists before they're actually being used ...
  [MIPS] Fix reported amount of freed memory - it's in kB not bytes
  [MIPS] vr41xx: need one more nop with mtc0_tlbw_hazard()
  [MIPS] SMTC: Fix module build by exporting symbol
  [MIPS] SMTC: Fix TLB sizing bug for TLB of 64 >= entries
  [MIPS] Fix APM build
  [MIPS] There is no __GNUC_MAJOR__

17 years ago[PATCH] NFS: Fix races in nfs_revalidate_mapping()
Trond Myklebust [Wed, 24 Jan 2007 19:54:55 +0000 (11:54 -0800)]
[PATCH] NFS: Fix races in nfs_revalidate_mapping()

Prevent the call to invalidate_inode_pages2() from racing with file writes
by taking the inode->i_mutex across the page cache flush and invalidate.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] NFS: Fix Oops in rpc_call_sync()
Trond Myklebust [Wed, 24 Jan 2007 19:54:53 +0000 (11:54 -0800)]
[PATCH] NFS: Fix Oops in rpc_call_sync()

Fix the Oops in http://bugzilla.linux-nfs.org/show_bug.cgi?id=138
We shouldn't be calling rpc_release_task() for tasks that are not active.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[MIPS] Fix wrong checksum calculation on 64-bit MIPS
Atsushi Nemoto [Wed, 24 Jan 2007 06:43:34 +0000 (15:43 +0900)]
[MIPS] Fix wrong checksum calculation on 64-bit MIPS

The commit 8e3d8433d8c22ca6c42cba4a67d300c39aae7822 ([NET]: MIPS
checksum annotations and cleanups) broke 64-bit MIPS.

The problem is the commit replaces some unsigned long with __be32.  On
64bit MIPS, a __be32 (i.e. unsigned int) value is represented as a
sign-extented 32-bit value in a 64-bit argument register.  So the
address 192.168.0.1 (0xc0a80001) is passed as 0xffffffffc0a80001 to
csum_tcpudp_nofold() but the asm code in the function expects
0x00000000c0a80001, therefore it returns a wrong checksum.  Explicit
cast to unsigned long is needed to drop high 32bit.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] VPE loader: Initialize lists before they're actually being used ...
Ralf Baechle [Wed, 24 Jan 2007 19:13:08 +0000 (19:13 +0000)]
[MIPS] VPE loader: Initialize lists before they're actually being used ...

kspd which due to makefile order happens to be initialized before the
vpe loader causes references to vpecontrol lists before they're actually
been initialized.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] Fix reported amount of freed memory - it's in kB not bytes
Thiemo Seufer [Wed, 24 Jan 2007 01:29:15 +0000 (01:29 +0000)]
[MIPS] Fix reported amount of freed memory - it's in kB not bytes

While at it, change message on DEC for consistency.

Signed-off-by: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] vr41xx: need one more nop with mtc0_tlbw_hazard()
Yoichi Yuasa [Wed, 24 Jan 2007 13:22:06 +0000 (22:22 +0900)]
[MIPS] vr41xx: need one more nop with mtc0_tlbw_hazard()

NEC VR4111 and VR4121 need one more nop with mtc0_tlbw_hazard().

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] SMTC: Fix module build by exporting symbol
Ralf Baechle [Wed, 24 Jan 2007 19:23:21 +0000 (19:23 +0000)]
[MIPS] SMTC: Fix module build by exporting symbol

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] SMTC: Fix TLB sizing bug for TLB of 64 >= entries
Ralf Baechle [Fri, 19 Jan 2007 14:35:14 +0000 (14:35 +0000)]
[MIPS] SMTC: Fix TLB sizing bug for TLB of 64 >= entries

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] Fix APM build
Ralf Baechle [Wed, 24 Jan 2007 12:31:47 +0000 (12:31 +0000)]
[MIPS] Fix APM build

Definitions for TIF_FREEZE and _TIF_FREEZE were missing.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] There is no __GNUC_MAJOR__
Alexey Dobriyan [Tue, 23 Jan 2007 18:30:14 +0000 (21:30 +0300)]
[MIPS] There is no __GNUC_MAJOR__

Gcc major version number is in __GNUC__. As side effect fix checking
with sparse if sparse was built with gcc 4.1 and mips cross-compiler
is 3.4.

Sparse will inherit version 4.1, __GNUC__ won't be filtered from
"-dM -E -xc" output, sparse will pick only new major, effectively becoming
gcc version 3.1 which is unsupported.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
Linus Torvalds [Wed, 24 Jan 2007 17:46:54 +0000 (09:46 -0800)]
Merge git://git./linux/kernel/git/sfrench/cifs-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  [CIFS] Fix oops when Windows server sent bad domain name null terminator
  [CIFS]  cifs sprintf fix
  [CIFS] Remove 2 unneeded kzalloc casts
  [CIFS] Update CIFS version number

17 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Wed, 24 Jan 2007 15:45:35 +0000 (07:45 -0800)]
Merge /pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (23 commits)
  [SCTP]: Fix compiler warning.
  [IP] TUNNEL: Fix to be built with user application.
  [IPV6]: Fixed the size of the netlink message notified by inet6_rt_notify().
  [TCP]: rare bad TCP checksum with 2.6.19
  [NET]: Process include/linux/if_{addr,link}.h with unifdef
  [NETFILTER]: Fix iptables ABI breakage on (at least) CRIS
  [IRDA] vlsi_ir.{h,c}: remove kernel 2.4 code
  [TCP]: skb is unexpectedly freed.
  [IPSEC]: Policy list disorder
  [IrDA]: Removed incorrect IRDA_ASSERT()
  [IrDA]: irda-usb TX path optimization (was Re: IrDA spams logfiles - since 2.6.19)
  [X.25]: Add missing sock_put in x25_receive_data
  [SCTP]: Fix SACK sequence during shutdown
  [SCTP]: Correctly handle unexpected INIT-ACK chunk.
  [SCTP]: Verify some mandatory parameters.
  [SCTP]: Set correct error cause value for missing parameters
  [NETFILTER]: fix xt_state compile failure
  [NETFILTER]: ctnetlink: fix leak in ctnetlink_create_conntrack error path
  [SELINUX]: increment flow cache genid
  [IPV6] MCAST: Fix joining all-node multicast group on device initialization.
  ...

17 years agoMerge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
Linus Torvalds [Wed, 24 Jan 2007 15:42:31 +0000 (07:42 -0800)]
Merge branch 'upstream-linus' of /linux/kernel/git/jgarzik/netdev-2.6

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  mv643xx_eth: Fix race condition in mv643xx_eth_free_tx_descs
  s2io bogus memset

17 years agoMerge branch 'master' into upstream-fixes
Jeff Garzik [Wed, 24 Jan 2007 07:14:25 +0000 (02:14 -0500)]
Merge branch 'master' into upstream-fixes

17 years agolibata: Initialize qc->pad_len
Brian King [Wed, 17 Jan 2007 18:32:28 +0000 (12:32 -0600)]
libata: Initialize qc->pad_len

Initialize qc->pad_len for each new command. This ensures
that pad_len is not set to a stale value for zero data
length commands.

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agolibata: Fixup n_elem initialization
Brian King [Wed, 17 Jan 2007 18:32:12 +0000 (12:32 -0600)]
libata: Fixup n_elem initialization

Fixup the inialization of qc->n_elem. It currently gets
initialized to 1 for commands that do not transfer any data.
Fix this by initializing n_elem to 0 and only setting to 1
in ata_scsi_qc_new when there is data to transfer. This fixes
some problems seen with SATA devices attached to ipr adapters.

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agoahci: don't enter slumber on power down
Tejun Heo [Sat, 20 Jan 2007 17:10:11 +0000 (02:10 +0900)]
ahci: don't enter slumber on power down

Some ATA/ATAPI devices act weirdly after the link is put into slumber
mode.  Some hang completely requiring physical power removal while
others fail to wake up till the link is hardreset a couple of times.

The addition of slumber on power down was never driven by real need.
It just followed what ahci spec said literally.  The spec itself seems
faulty in that it doesn't consider devices (not controllers) which
don't support link powersaving mode.

Theory never matches reality when it comes to dark allys of cheap
ATA/ATAPI world.  It's just unrealistic to expect vendors to test
rarely used link powersaving feature rigorously.  This patch makes
ahci more friendly to the coldness of reality.

This shouldn't have any negative effect - when suspend operation
succeeds, we power off the whole machine; otherwise, we wake up
everything.  I can't see any reason to be so elaborate with powering
down the link in the first place.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agosata_nv: don't rely on NV_INT_DEV indication with ADMA
Robert Hancock [Wed, 24 Jan 2007 02:09:02 +0000 (20:09 -0600)]
sata_nv: don't rely on NV_INT_DEV indication with ADMA

Several people reported issues with certain drive commands timing out on
sata_nv controllers running in ADMA mode. The commands in question were
non-DMA-mapped commands, usually FLUSH CACHE or FLUSH CACHE EXT.

 From experimentation it appears that the NV_INT_DEV indication isn't
always set when a legitimate command completion interrupt is received on
a legacy-mode command, at least not on these controllers in ADMA mode.
When a command is pending on the port, force the flag on always in the
irq_stat value before calling nv_host_intr so that the drive busy state
is always checked by ata_host_intr.

This also fixes some questionable code in nv_host_intr which called
ata_check_status when a command was pending and ata_host_intr returned
"unhandled". If the device interrupted at just the wrong time this could
cause interrupts to be lost.

Signed-off-by: Robert Hancock <hancockr@shaw.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agoahci: make ULi M5288 ignore interface fatal error bit
Tejun Heo [Tue, 23 Jan 2007 06:13:39 +0000 (15:13 +0900)]
ahci: make ULi M5288 ignore interface fatal error bit

As with JMicron controllers, ULi M5288 sets interface fatal error bit
on device error including ATAPI CC.  This makes libata hardreset the
port on ATAPI CC thus making it impossible to use.  Ignore interface
fatal error bit on ULi M5288.  This fixes bugzilla bug #7837.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years ago[SCTP]: Fix compiler warning.
Brian Haley [Wed, 24 Jan 2007 06:32:23 +0000 (22:32 -0800)]
[SCTP]: Fix compiler warning.

> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -462,24 +461,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,

> - if (!init_tag) {
> - struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
> - if (!reply)
> - goto nomem;

This introduced a compiler warning, easily fixed.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IP] TUNNEL: Fix to be built with user application.
Masahide NAKAMURA [Wed, 24 Jan 2007 06:17:23 +0000 (22:17 -0800)]
[IP] TUNNEL: Fix to be built with user application.

include/linux/if_tunnel.h is broken for user application
because it was changed to use __be32 which is required
to include linux/types.h in advance but didn't.

(This issue is found when building MIPL2 daemon. We are not sure this
is the last header to be fixed about __be32.)

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: TAKAMIYA Noriaki <takamiya@po.ntts.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IPV6]: Fixed the size of the netlink message notified by inet6_rt_notify().
Noriaki TAKAMIYA [Wed, 24 Jan 2007 06:09:41 +0000 (22:09 -0800)]
[IPV6]: Fixed the size of the netlink message notified by inet6_rt_notify().

I think the return value of rt6_nlmsg_size() should includes the
amount of RTA_METRICS.

Signed-off-by: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[TCP]: rare bad TCP checksum with 2.6.19
Jarek Poplawski [Wed, 24 Jan 2007 06:07:12 +0000 (22:07 -0800)]
[TCP]: rare bad TCP checksum with 2.6.19

The patch "Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE"
changed to unconditional copying of ip_summed field from collapsed
skb. This patch reverts this change.

The majority of substantial work including heavy testing
and diagnosing by: Michael Tokarev <mjt@tls.msk.ru>
Possible reasons pointed by: Herbert Xu and Patrick McHardy.

Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[NET]: Process include/linux/if_{addr,link}.h with unifdef
Adrian Bunk [Wed, 24 Jan 2007 06:04:35 +0000 (22:04 -0800)]
[NET]: Process include/linux/if_{addr,link}.h with unifdef

After commit d3dcc077bf88806201093f86325ec656e4dbfbce,
include/linux/if_{addr,link}.h should be processed with unifdef.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6
David S. Miller [Wed, 24 Jan 2007 06:02:15 +0000 (22:02 -0800)]
Merge /linux/kernel/git/holtmann/bluetooth-2.6

17 years ago[NETFILTER]: Fix iptables ABI breakage on (at least) CRIS
Patrick McHardy [Wed, 24 Jan 2007 06:00:13 +0000 (22:00 -0800)]
[NETFILTER]: Fix iptables ABI breakage on (at least) CRIS

With the introduction of x_tables we accidentally broke compatibility
by defining IPT_TABLE_MAXNAMELEN to XT_FUNCTION_MAXNAMELEN instead of
XT_TABLE_MAXNAMELEN, which is two bytes larger.

On most architectures it doesn't really matter since we don't have
any tables with names that long in the kernel and the structure
layout didn't change because of alignment requirements of following
members. On CRIS however (and other architectures that don't align
data) this changed the structure layout and thus broke compatibility
with old iptables binaries.

Changing it back will break compatibility with binaries compiled
against recent kernels again, but since the breakage has only been
there for three releases this seems like the better choice.

Spotted by Jonas Berlin <xkr47@outerspace.dyndns.org>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IRDA] vlsi_ir.{h,c}: remove kernel 2.4 code
Adrian Bunk [Wed, 24 Jan 2007 05:16:40 +0000 (21:16 -0800)]
[IRDA] vlsi_ir.{h,c}: remove kernel 2.4 code

This patch removes kernel 2.4 compatibility code.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[TCP]: skb is unexpectedly freed.
Masayuki Nakagawa [Wed, 24 Jan 2007 04:15:06 +0000 (20:15 -0800)]
[TCP]: skb is unexpectedly freed.

I encountered a kernel panic with my test program, which is a very
simple IPv6 client-server program.

The server side sets IPV6_RECVPKTINFO on a listening socket, and the
client side just sends a message to the server.  Then the kernel panic
occurs on the server.  (If you need the test program, please let me
know. I can provide it.)

This problem happens because a skb is forcibly freed in
tcp_rcv_state_process().

When a socket in listening state(TCP_LISTEN) receives a syn packet,
then tcp_v6_conn_request() will be called from
tcp_rcv_state_process().  If the tcp_v6_conn_request() successfully
returns, the skb would be discarded by __kfree_skb().

However, in case of a listening socket which was already set
IPV6_RECVPKTINFO, an address of the skb will be stored in
treq->pktopts and a ref count of the skb will be incremented in
tcp_v6_conn_request().  But, even if the skb is still in use, the skb
will be freed.  Then someone still using the freed skb will cause the
kernel panic.

I suggest to use kfree_skb() instead of __kfree_skb().

Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IPSEC]: Policy list disorder
Herbert Xu [Wed, 17 Jan 2007 00:52:02 +0000 (16:52 -0800)]
[IPSEC]: Policy list disorder

The recent hashing introduced an off-by-one bug in policy list insertion.
Instead of adding after the last entry with a lesser or equal priority,
we're adding after the successor of that entry.

This patch fixes this and also adds a warning if we detect a duplicate
entry in the policy list.  This should never happen due to this if clause.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IrDA]: Removed incorrect IRDA_ASSERT()
Samuel Ortiz [Tue, 16 Jan 2007 03:40:34 +0000 (19:40 -0800)]
[IrDA]: Removed incorrect IRDA_ASSERT()

With USB2.0 bulk out MTU can be 512 bytes, so checking it only for 64
bytes is incorrect.

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IrDA]: irda-usb TX path optimization (was Re: IrDA spams logfiles - since 2.6.19)
Samuel Ortiz [Tue, 16 Jan 2007 03:37:25 +0000 (19:37 -0800)]
[IrDA]: irda-usb TX path optimization (was Re: IrDA spams logfiles - since 2.6.19)

Since we stop using dev_alloc_skb on the IrDA TX frame, we constantly run
into the case of the skb headroom being 0, and thus we call skb_cow for
every IrDA TX frame.
This patch uses a local buffer and memcpy the skb to it, saving us a
kmalloc for each of those IrDA TX frames.

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[X.25]: Add missing sock_put in x25_receive_data
Andrew Hendry [Tue, 16 Jan 2007 03:29:31 +0000 (19:29 -0800)]
[X.25]: Add missing sock_put in x25_receive_data

__x25_find_socket does a sock_hold.
This adds a missing sock_put in x25_receive_data.

Signed-off-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[SCTP]: Fix SACK sequence during shutdown
Vlad Yasevich [Tue, 16 Jan 2007 03:20:21 +0000 (19:20 -0800)]
[SCTP]: Fix SACK sequence during shutdown

Currently, when association enters SHUTDOWN state,the
implementation will SACK any DATA first and then transmit
the SHUTDOWN chunk.  This is against the order required by
2960bis spec.  SHUTDOWN must always be first, followed by
SACK. This change forces this order and also enables bundling.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[SCTP]: Correctly handle unexpected INIT-ACK chunk.
Vlad Yasevich [Tue, 16 Jan 2007 03:18:30 +0000 (19:18 -0800)]
[SCTP]: Correctly handle unexpected INIT-ACK chunk.

Consider the chunk as Out-of-the-Blue if we don't have
an endpoint.  Otherwise discard it as before.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[SCTP]: Verify some mandatory parameters.
Vlad Yasevich [Tue, 16 Jan 2007 03:15:45 +0000 (19:15 -0800)]
[SCTP]: Verify some mandatory parameters.

Verify init_tag and a_rwnd mandatory parameters in INIT and
INIT-ACK chunks.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[SCTP]: Set correct error cause value for missing parameters
Vlad Yasevich [Tue, 16 Jan 2007 03:12:31 +0000 (19:12 -0800)]
[SCTP]: Set correct error cause value for missing parameters

sctp_process_missing_param() needs to use the SCTP_ERROR_MISS_PARAM
error cause value.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[NETFILTER]: fix xt_state compile failure
Mikael Pettersson [Tue, 16 Jan 2007 01:17:31 +0000 (17:17 -0800)]
[NETFILTER]: fix xt_state compile failure

In file included from net/netfilter/xt_state.c:13:
include/net/netfilter/nf_conntrack_compat.h: In function 'nf_ct_l3proto_try_module_get':
include/net/netfilter/nf_conntrack_compat.h:70: error: 'PF_INET' undeclared (first use in this function)
include/net/netfilter/nf_conntrack_compat.h:70: error: (Each undeclared identifier is reported only once
include/net/netfilter/nf_conntrack_compat.h:70: error: for each function it appears in.)
include/net/netfilter/nf_conntrack_compat.h:71: warning: control reaches end of non-void function
make[2]: *** [net/netfilter/xt_state.o] Error 1
make[1]: *** [net/netfilter] Error 2
make: *** [net] Error 2

A simple fix is to have nf_conntrack_compat.h #include <linux/socket.h>.

Signed-off-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[NETFILTER]: ctnetlink: fix leak in ctnetlink_create_conntrack error path
Patrick McHardy [Tue, 16 Jan 2007 01:16:03 +0000 (17:16 -0800)]
[NETFILTER]: ctnetlink: fix leak in ctnetlink_create_conntrack error path

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[SELINUX]: increment flow cache genid
Venkat Yekkirala [Tue, 16 Jan 2007 00:38:45 +0000 (16:38 -0800)]
[SELINUX]: increment flow cache genid

Currently, old flow cache entries remain valid even after
a reload of SELinux policy.

This patch increments the flow cache generation id
on policy (re)loads so that flow cache entries are
revalidated as needed.

Thanks to Herbet Xu for pointing this out. See:
http://marc.theaimsgroup.com/?l=linux-netdev&m=116841378704536&w=2

There's also a general issue as well as a solution proposed
by David Miller for when flow_cache_genid wraps. I might be
submitting a separate patch for that later.

I request that this be applied to 2.6.20 since it's
a security relevant fix.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IPV6] MCAST: Fix joining all-node multicast group on device initialization.
YOSHIFUJI Hideaki [Mon, 15 Jan 2007 05:48:40 +0000 (21:48 -0800)]
[IPV6] MCAST: Fix joining all-node multicast group on device initialization.

Join all-node multicast group after assignment of dev->ip6_ptr
because it must be assigned when ipv6_dev_mc_inc() is called.
This fixes Bug#7817, reported by <gernoth@informatik.uni-erlangen.de>.

Closes: 7817
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years ago[IPSEC] flow: Fix potential memory leak
Herbert Xu [Thu, 11 Jan 2007 06:06:32 +0000 (22:06 -0800)]
[IPSEC] flow: Fix potential memory leak

When old flow cache entries that are not at the head of their chain
trigger a transient security error they get unlinked along with all
the entries preceding them in the chain.  The preceding entries are
not freed correctly.

This patch fixes this by simply leaving the entry around.  It's based
on a suggestion by Venkat Yekkirala.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
17 years agoV4L/DVB (5123): Buf_qbuf: fix: videobuf_queue->stream corruption and lockup
Oleg Nesterov [Tue, 23 Jan 2007 23:04:13 +0000 (20:04 -0300)]
V4L/DVB (5123): Buf_qbuf: fix: videobuf_queue->stream corruption and lockup

We are doing ->buf_prepare(buf) before adding buf to q->stream list. This
means that videobuf_qbuf() should not try to re-add a STATE_PREPARED buffer.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
17 years agoChange Linus' email address too
Linus Torvalds [Tue, 23 Jan 2007 22:22:35 +0000 (14:22 -0800)]
Change Linus' email address too

This changes a few mentions of my email address to point to the new one,
leaving things like old copyright messages alone.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] email change for shemminger@osdl.org
Stephen Hemminger [Tue, 23 Jan 2007 19:38:57 +0000 (11:38 -0800)]
[PATCH] email change for shemminger@osdl.org

Change my email address to reflect OSDL merger.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[ The irony. Somebody still has his sign-off message hardcoded
  in a script or his brainstem ;^]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoClear spurious irq stat information when adding irq handler
Linus Torvalds [Tue, 23 Jan 2007 22:16:31 +0000 (14:16 -0800)]
Clear spurious irq stat information when adding irq handler

Any newly added irq handler may obviously make any old spurious irq
status invalid, since the new handler may well be the thing that is
supposed to handle any interrupts that came in.

So just clear the statistics when adding handlers.

Pointed-out-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agomv643xx_eth: Fix race condition in mv643xx_eth_free_tx_descs
Dale Farnsworth [Tue, 23 Jan 2007 16:52:25 +0000 (09:52 -0700)]
mv643xx_eth: Fix race condition in mv643xx_eth_free_tx_descs

mv643xx_eth: Fix race condition in mv643xx_eth_free_tx_descs

This bug was found and isolated by Thibaut VARENE <T-Bone@parisc-linux.org>
and Jarek Poplawski <jarkao2@o2.pl>.  This patch is a modification of their
fixes.  We acquire and release the lock for each descriptor that is freed
to minimize the time the lock is held.

Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agos2io bogus memset
Al Viro [Tue, 23 Jan 2007 12:25:08 +0000 (12:25 +0000)]
s2io bogus memset

memset() after kmalloc() on size * 8 would better be on size * 8, not
just size; fixed by switching to kcalloc() - it's more idiomatic anyway.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
17 years agoMerge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Tue, 23 Jan 2007 19:19:32 +0000 (11:19 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] Vr41xx: Fix after GENERIC_HARDIRQS_NO__DO_IRQ change
  [MIPS] SMTC: Instant IPI replay.

17 years ago[PATCH] correct sys_shmget allocation check
Guy Streeter [Tue, 23 Jan 2007 18:20:04 +0000 (12:20 -0600)]
[PATCH] correct sys_shmget allocation check

As written, sys_shmget will return ENOSPC when one page is still
available for allocation. This patch corrects the test.

Signed-off-by: Guy Streeter <guy.streeter+lkml@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
--

17 years agoMerge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband
Linus Torvalds [Tue, 23 Jan 2007 19:13:06 +0000 (11:13 -0800)]
Merge branch 'for-linus' of /linux/kernel/git/roland/infiniband

* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
  IB/ehca: Fix mismatched spin_unlock in irq handler
  IB/ehca: Fix improper use of yield() with spinlock held
  IB/srp: Check match_strdup() return

17 years ago[PATCH] fix prototype of csum_ipv6_magic() (ia64)
Al Viro [Tue, 23 Jan 2007 12:27:04 +0000 (12:27 +0000)]
[PATCH] fix prototype of csum_ipv6_magic() (ia64)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] s2io bogus memset
Al Viro [Tue, 23 Jan 2007 12:25:08 +0000 (12:25 +0000)]
[PATCH] s2io bogus memset

memset() after kmalloc() on size * 8 would better be on size * 8, not
just size; fixed by switching to kcalloc() - it's more idiomatic anyway.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] horizon.c: missing __devinit
Al Viro [Tue, 23 Jan 2007 12:25:08 +0000 (12:25 +0000)]
[PATCH] horizon.c: missing __devinit

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] funsoft: ktermios fix
Al Viro [Tue, 23 Jan 2007 12:25:08 +0000 (12:25 +0000)]
[PATCH] funsoft: ktermios fix

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] notifiers: fix blocking_notifier_call_chain() scalability
Ingo Molnar [Tue, 23 Jan 2007 09:45:50 +0000 (10:45 +0100)]
[PATCH] notifiers: fix blocking_notifier_call_chain() scalability

while lock-profiling the -rt kernel i noticed weird contention during
mmap-intense workloads, and the tracer showed the following gem, in one
of our MM hotpaths:

 threaded-2771  1....   65us : sys_munmap (sysenter_do_call)
 threaded-2771  1....   66us : profile_munmap (sys_munmap)
 threaded-2771  1....   66us : blocking_notifier_call_chain (profile_munmap)
 threaded-2771  1....   66us : rt_down_read (blocking_notifier_call_chain)

ouch! a global rw-semaphore taken in one of the most performance-
sensitive codepaths of the kernel.  And i dont even have oprofile
enabled! All distro kernels have CONFIG_PROFILING enabled, so this
scalability problem affects the majority of Linux users.

The fix is to enhance blocking_notifier_call_chain() to only take the
lock if there appears to be work on the call-chain.

With this patch applied i get nicely saturated system, and much higher
munmap performance, on SMP systems.

And as a bonus this also fixes a similar scalability bottleneck in the
thread-exit codepath: profile_task_exit() ...

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoMerge branch 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa
Linus Torvalds [Tue, 23 Jan 2007 19:06:05 +0000 (11:06 -0800)]
Merge branch 'linus' of /linux/kernel/git/perex/alsa

* 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa:
  [ALSA] Repair snd-usb-usx2y over OHCI

17 years agoMerge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
Linus Torvalds [Tue, 23 Jan 2007 19:02:41 +0000 (11:02 -0800)]
Merge branch 'upstream-linus' of /linux/kernel/git/jgarzik/netdev-2.6

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  NetXen: Use pci_register_driver() instead of pci_module_init() in init_module
  NetXen: Firmware check modifications
  ehea: Fixed possible nullpointer access
  ehea: Added logging off associated errors
  ehea: Improved logging of permission issues
  ehea: New method to determine number of available ports
  ehea: Modified initial autoneg state determination
  ehea: Fixing firmware queue config issue
  ehea: Fixed wrong dereferencation
  PHY: Export phy ethtool helpers
  modify 3c589_cs to be SMP safe

17 years agoMerge branch 'ftape' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/misc-2.6
Linus Torvalds [Tue, 23 Jan 2007 19:02:11 +0000 (11:02 -0800)]
Merge branch 'ftape' of /linux/kernel/git/jgarzik/misc-2.6

* 'ftape' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
  more ftape removal

17 years agoMerge branch 'kill-jffs-prep' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
Linus Torvalds [Tue, 23 Jan 2007 19:01:46 +0000 (11:01 -0800)]
Merge branch 'kill-jffs-prep' of /linux/kernel/git/jgarzik/misc-2.6

* 'kill-jffs-prep' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
  Note that JFFS (v1) is to be deleted, in feature-removal-schedule.txt

17 years ago[PATCH] elevator: move clearing of unplug flag earlier
Linas Vepstas [Tue, 23 Jan 2007 18:40:54 +0000 (19:40 +0100)]
[PATCH] elevator: move clearing of unplug flag earlier

A flag was recently added to the elevator code to avoid
performing an unplug when reuests are being re-queued.
The goal of this flag was to avoid a deep recursion that
can occur when re-queueing requests after a SCSI device/host
reset.  See http://lkml.org/lkml/2006/5/17/254

However, that fix added the flag near the bottom of a case
statement, where an earlier break (in an if statement) could
transport one out of the case, without setting the flag.
This patch sets the flag earlier in the case statement.

I re-discovered the deep recursion recently during testing;
I was told that it was a known problem, and the fix to it was
in the kernel I was testing. Indeed it was ... but it didn't
fix the bug. With the patch below, I no longer see the bug.

Signed-off by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Jens Axboe <axboe@suse.de>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[MIPS] Vr41xx: Fix after GENERIC_HARDIRQS_NO__DO_IRQ change
Yoichi Yuasa [Mon, 22 Jan 2007 14:01:06 +0000 (23:01 +0900)]
[MIPS] Vr41xx: Fix after GENERIC_HARDIRQS_NO__DO_IRQ change

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[MIPS] SMTC: Instant IPI replay.
Ralf Baechle [Sat, 20 Jan 2007 00:18:01 +0000 (00:18 +0000)]
[MIPS] SMTC: Instant IPI replay.

SMTC pseudo-interrupts between TCs are deferred and queued if the target
TC is interrupt-inhibited (IXMT). In the first SMTC prototypes, these
queued IPIs were serviced on return to user mode, or on entry into the
kernel idle loop. The INSTANT_REPLAY option dispatches them as part of
local_irq_restore() processing, which adds runtime overhead (hence the
option to turn it off), but ensures that IPIs are handled promptly even
under heavy I/O interrupt load.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
17 years ago[PATCH] acpi: remove "video device notify" message
Jeff Chua [Tue, 23 Jan 2007 04:40:50 +0000 (20:40 -0800)]
[PATCH] acpi: remove "video device notify" message

Seems to be some left-over debug code.

Cc: Len Brown <lenb@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Kdump documentation update: ia64 portion
Horms [Tue, 23 Jan 2007 04:40:49 +0000 (20:40 -0800)]
[PATCH] Kdump documentation update: ia64 portion

this patch fills in the portions for ia64 kexec.

Signed-off-by: Simon Horman <horms@verge.net.au>
Cc: "Zou, Nanhai" <nanhai.zou@intel.com>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] Kdump documentation update: kexec-tools update
Horms [Tue, 23 Jan 2007 04:40:48 +0000 (20:40 -0800)]
[PATCH] Kdump documentation update: kexec-tools update

Mohan Kumar suggested making kexec-tools-testing.tar.gz a link to the
latest version.  I have done this and this patch updates the documentation
accordingly.

Signed-off-by: Simon Horman <horms@verge.net.au>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] resierfs: avoid tail packing if an inode was ever mmapped
Vladimir Saveliev [Tue, 23 Jan 2007 04:40:46 +0000 (20:40 -0800)]
[PATCH] resierfs: avoid tail packing if an inode was ever mmapped

This patch fixes a confusion reiserfs has for a long time.

On release file operation reiserfs used to try to pack file data stored in
last incomplete page of some files into metadata blocks.  After packing the
page got cleared with clear_page_dirty.  It did not take into account that
the page may be mmaped into other process's address space.  Recent
replacement for clear_page_dirty cancel_dirty_page found the confusion with
sanity check that page has to be not mapped.

The patch fixes the confusion by making reiserfs avoid tail packing if an
inode was ever mmapped.  reiserfs_mmap and reiserfs_file_release are
serialized with mutex in reiserfs specific inode.  reiserfs_mmap locks the
mutex and sets a bit in reiserfs specific inode flags.
reiserfs_file_release checks the bit having the mutex locked.  If bit is
set - tail packing is avoided.  This eliminates a possibility that mmapped
page gets cancel_page_dirty-ed.

Signed-off-by: Vladimir Saveliev <vs@namesys.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Cc: Chris Mason <mason@suse.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] mbind: restrict nodes to the currently allowed cpuset
Christoph Lameter [Tue, 23 Jan 2007 04:40:45 +0000 (20:40 -0800)]
[PATCH] mbind: restrict nodes to the currently allowed cpuset

Currently one can specify an arbitrary node mask to mbind that includes
nodes not allowed.  If that is done with an interleave policy then we will
go around all the nodes.  Those outside of the currently allowed cpuset
will be redirected to the border nodes.  Interleave will then create
imbalances at the borders of the cpuset.

This patch restricts the nodes to the currently allowed cpuset.

The RFC for this patch was discussed at
http://marc.theaimsgroup.com/?t=116793842100004&r=1&w=2

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Paul Jackson <pj@sgi.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] tlclk: bug fix + misc fixes
Mark Gross [Tue, 23 Jan 2007 04:40:44 +0000 (20:40 -0800)]
[PATCH] tlclk: bug fix + misc fixes

The following patch fixes a few problems with the tlclk driver.
* bug in the select_amcb1_transmit_clock
* racy read sys call
* racy open sys call
* use of add_timer where mod_timer would be better
* change to the timer data parameter use

Signed-off-by: Mark Gross <mark.gross@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] fix blk_direct_IO bio preparation
Chen, Kenneth W [Tue, 23 Jan 2007 04:40:43 +0000 (20:40 -0800)]
[PATCH] fix blk_direct_IO bio preparation

For large size DIO that needs multiple bio, one full page worth of data was
lost at the boundary of bio's maximum sector or segment limits.  After a
bio is full and got submitted.  The outer while (nbytes) { ...  } loop will
allocate a new bio and just march on to index into next page.  It just
forgets about the page that bio_add_page() rejected when previous bio is
full.  Fix it by put the rejected page back to pvec so we pick it up again
for the next bio.

Signed-off-by: Ken Chen <kenneth.w.chen@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] rtc-sh: act on rtc_wkalrm.enabled when setting an alarm
Jamie Lenehan [Tue, 23 Jan 2007 04:40:41 +0000 (20:40 -0800)]
[PATCH] rtc-sh: act on rtc_wkalrm.enabled when setting an alarm

This fixes the SH rtc driver correctly act on the "enabled" flag when
setting an alarm.

Signed-off-by: Jamie Lenehan <lenehan@twibble.org>
Cc: David Brownell <david-b@pacbell.net>
Cc: Alessandro Zummo <alessandro.zummo@towertech.it>
Cc: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: fix bogus pagefault on writable pages
Avi Kivity [Tue, 23 Jan 2007 04:40:40 +0000 (20:40 -0800)]
[PATCH] KVM: fix bogus pagefault on writable pages

If a page is marked as dirty in the guest pte, set_pte_common() can set the
writable bit on newly-instantiated shadow pte.  This optimization avoids
a write fault after the initial read fault.

However, if a write fault instantiates the pte, fix_write_pf() incorrectly
reports the fault as a guest page fault, and the guest oopses on what appears
to be a correctly-mapped page.

Fix is to detect the condition and only report a guest page fault on a user
access to a kernel page.

With the fix, a kvm guest can survive a whole night of running the kernel
hacker's screensaver (make -j9 in a loop).

Signed-off-by: Avi Kivity <avi@qumranet.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: x86 emulator: fix bit string instructions
Avi Kivity [Tue, 23 Jan 2007 04:40:40 +0000 (20:40 -0800)]
[PATCH] KVM: x86 emulator: fix bit string instructions

The various bit string instructions (bts, btc, etc.) fail to adjust the
address correctly if the bit address is beyond BITS_PER_LONG.

This bug creeped in as the emulator originally relied on cr2 to contain the
memory address; however we now decode it from the mod r/m bits, and must
adjust the offset to account for large bit indices.

The patch is rather large because it switches src and dst decoding around, so
that the bit index is available when decoding the memory address.

This fixes workloads like the FC5 installer.

Signed-off-by: Avi Kivity <avi@qumranet.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago[PATCH] KVM: fix race between mmio reads and injected interrupts
Avi Kivity [Tue, 23 Jan 2007 04:40:39 +0000 (20:40 -0800)]
[PATCH] KVM: fix race between mmio reads and injected interrupts

The kvm mmio read path looks like:

 1. guest read faults
 2. kvm emulates read, calls emulator_read_emulated()
 3. fails as a read requires userspace help
 4. exit to userspace
 5. userspace emulates read, kvm sets vcpu->mmio_read_completed
 6. re-enter guest, fault again
 7. kvm emulates read, calls emulator_read_emulated()
 8. succeeds as vcpu->mmio_read_emulated is set
 9. instruction completes and guest is resumed

A problem surfaces if the userspace exit (step 5) also requests an interrupt
injection.  In that case, the guest does not re-execute the original
instruction, but the interrupt handler.  The next time an mmio read is
exectued (likely for a different address), step 3 will find
vcpu->mmio_read_completed set and return the value read for the original
instruction.

The problem manifested itself in a few annoying ways:
- little squares appear randomly on console when switching virtual terminals
- ne2000 fails under nfs read load
- rtl8139 complains about "pci errors" even though the device model is
  incapable of issuing them.

Fix by skipping interrupt injection if an mmio read is pending.

A better fix is to avoid re-entry into the guest, and re-emulating immediately
instead.  However that's a bit more complex.

Signed-off-by: Avi Kivity <avi@qumranet.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>