summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-06-12capabilities: add (back) dummy support for KEEPCAPSAndrew G. Morgan1-1/+23
The dummy module is used by folk that run security conscious code(!?). A feature of such code (for example, dhclient) is that it tries to operate with minimum privilege (dropping unneeded capabilities). While the dummy module doesn't restrict code execution based on capability state, the user code expects the kernel to appear to support it. This patch adds back faked support for the PR_SET_KEEPCAPS etc., calls - making the kernel behave as before 2.6.26. For details see: http://bugzilla.kernel.org/show_bug.cgi?id=10748 Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12proc_fs.h: move struct mm_struct forward-declarationBen Nizette1-2/+2
Move the forward-declaration of struct mm_struct a little way up proc_fs.h. This fixes a bunch of "'struct mm_struct' declared inside parameter list" warnings with CONFIG_PROC_FS=n Signed-off-by: Ben Nizette <bn@niasdigital.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12cpusets: provide another web page URL in MAINTAINERS filePaul Jackson1-0/+1
Add URL for another CPUSETS web page to the MAINTAINERS file. This URL provides links to major LGPL user level C libraries supporting cpuset usage and user level cpu and node masks. Signed-off-by: Paul Jackson <pj@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12hgafb: resource management fixKrzysztof Helt1-11/+15
Release ports which are requested during detection which are not freed if there is no hga card. Otherwise there is a crash during cat /proc/ioports command. Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12m68k: Add ext2_find_{first,next}_bit() for ext4Aneesh Kumar K.V1-2/+43
Add ext2_find_{first,next}_bit(), which are needed for ext4. They're derived out of the ext2_find_next_zero_bit found in the same file. Compile tested with crosstools [Reworked to preserve all symmetry with ext2_find_{first,next}_zero_bit()] This fixes http://bugzilla.kernel.org/show_bug.cgi?id=10393 [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12fat: relax the permission check of fat_setattr()OGAWA Hirofumi1-17/+27
New chmod() allows only acceptable permission, and if not acceptable, it returns -EPERM. Old one allows even if it can't store permission to on disk inode. But it seems too strict for users. E.g. https://bugzilla.redhat.com/show_bug.cgi?id=449080: With new one, rsync couldn't create the temporary file. So, this patch allows like old one, but now it doesn't change the permission if it can't store, and it returns 0. Also, this patch fixes missing check. Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12mm: fix incorrect variable type in do_try_to_free_pages()kosaki.motohiro@jp.fujitsu.com1-1/+1
"Smarter retry of costly-order allocations" patch series change behaver of do_try_to_free_pages(). But unfortunately ret variable type was unchanged. Thus an overflow is possible. Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Acked-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12agp: add support for Radeon Mobility 9000 chipsetAmit Kucheria1-0/+4
Addresses https://bugs.edge.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/178634 Signed-off-by: Amit Kucheria <amit.kucheria@ubuntu.com> Signed-off-by: maximilian attems <max@stro.at> Acked-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12tcp: Revert 'process defer accept as established' changes.David S. Miller9-98/+33
This reverts two changesets, ec3c0982a2dd1e671bad8e9d26c28dcba0039d87 ("[TCP]: TCP_DEFER_ACCEPT updates - process as established") and the follow-on bug fix 9ae27e0adbf471c7a6b80102e38e1d5a346b3b38 ("tcp: Fix slab corruption with ipv6 and tcp6fuzz"). This change causes several problems, first reported by Ingo Molnar as a distcc-over-loopback regression where connections were getting stuck. Ilpo Järvinen first spotted the locking problems. The new function added by this code, tcp_defer_accept_check(), only has the child socket locked, yet it is modifying state of the parent listening socket. Fixing that is non-trivial at best, because we can't simply just grab the parent listening socket lock at this point, because it would create an ABBA deadlock. The normal ordering is parent listening socket --> child socket, but this code path would require the reverse lock ordering. Next is a problem noticed by Vitaliy Gusev, he noted: ---------------------------------------- >--- a/net/ipv4/tcp_timer.c >+++ b/net/ipv4/tcp_timer.c >@@ -481,6 +481,11 @@ static void tcp_keepalive_timer (unsigned long data) > goto death; > } > >+ if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) { >+ tcp_send_active_reset(sk, GFP_ATOMIC); >+ goto death; Here socket sk is not attached to listening socket's request queue. tcp_done() will not call inet_csk_destroy_sock() (and tcp_v4_destroy_sock() which should release this sk) as socket is not DEAD. Therefore socket sk will be lost for freeing. ---------------------------------------- Finally, Alexey Kuznetsov argues that there might not even be any real value or advantage to these new semantics even if we fix all of the bugs: ---------------------------------------- Hiding from accept() sockets with only out-of-order data only is the only thing which is impossible with old approach. Is this really so valuable? My opinion: no, this is nothing but a new loophole to consume memory without control. ---------------------------------------- So revert this thing for now. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-12ipv6: Fix duplicate initialization of rawv6_prot.destroyDavid S. Miller1-2/+2
In changeset 22dd485022f3d0b162ceb5e67d85de7c3806aa20 ("raw: Raw socket leak.") code was added so that we flush pending frames on raw sockets to avoid leaks. The ipv4 part was fine, but the ipv6 part was not done correctly. Unlike the ipv4 side, the ipv6 code already has a .destroy method for rawv6_prot. So now there were two assignments to this member, and what the compiler does is use the last one, effectively making the ipv6 parts of that changeset a NOP. Fix this by removing the: .destroy = inet6_destroy_sock, line, and adding an inet6_destroy_sock() call to the end of raw6_destroy(). Noticed by Al Viro. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2008-06-12bnx2x: Updating the MaintainerEilon Greenstein4-6/+9
I would like to thank Eliezer Tamir for writing and maintaining the driver for the past two years. I will take over maintaining the bnx2x driver from now on. Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: Eliezer Tamir <eliezert@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-12Linux 2.6.26-rc6v2.6.26-rc6Linus Torvalds1-2/+2
.. and a new name, courtesy of Alan.
2008-06-12PCI: fixup write combine comment in pci_mmap_resourceJesse Barnes1-1/+0
Now that we can actually do write combining properly, there's no need to have the FIXME. Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2008-06-12Merge branch 'pci-for-jesse' of ↵Jesse Barnes6-31/+79
git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip into for-linus
2008-06-12Merge branch 'x86-fixes-for-linus' of ↵Linus Torvalds8-20/+15
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: fix pointer type warning in arch/x86/mm/init_64.c:early_memtest x86, lockdep: fix "WARNING: at kernel/lockdep.c:2658 check_flags+0x4c/0x128()" x86: fix an incompatible pointer type warning on 64-bit compilations x86: fix lockdep warning during suspend-to-ram x86: fix unused variable 'loops' warning in arch/x86/boot/a20.c Revert "x86: fix ioapic bug again" x86: fix asm warning in head_32.S x86: fix endless page faults in mount_block_root for Linux 2.6 geode: fix modular build
2008-06-12Merge branch 'sched-fixes-for-linus' of ↵Linus Torvalds2-8/+27
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: sched: 64-bit: fix arithmetics overflow sched: fair group: fix overflow(was: fix divide by zero) sched: fix TASK_WAKEKILL vs SIGKILL race
2008-06-12[ARM] 5091/1: Add missing bitfield include to regs-lcd.hStefan Schmidt1-1/+4
Macros like Fld() or FShft used in regs-lcd.h are defined in bitfield.h, but the latter is not included. Also fix one whitespace issue while being there. Signed-off-by: Antonio Ospite <ao2@openezx.org> Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org> Acked-by: Eric Miao <eric.miao@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2008-06-12x86: fix pointer type warning in arch/x86/mm/init_64.c:early_memtestKevin Winchester1-2/+2
Changed the call to find_e820_area_size to pass u64 instead of unsigned long. Signed-off-by: Kevin Winchester <kjwinchester@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86, lockdep: fix "WARNING: at kernel/lockdep.c:2658 check_flags+0x4c/0x128()"Vegard Nossum1-0/+1
Alessandro Suardi reported: > Recently upgraded my FC6 desktop to Fedora 9; with the > latest nautilus RPM updates my VNC session went nuts > with nautilus pegging the CPU for everything that breathed. > > I now reverted to an earlier nautilus package, but during > the peak CPU period my kernel spat this: > > [314185.623294] ------------[ cut here ]------------ > [314185.623414] WARNING: at kernel/lockdep.c:2658 check_flags+0x4c/0x128() > [314185.623514] Modules linked in: iptable_filter ip_tables x_tables > sunrpc ipv6 fuse snd_via82xx snd_ac97_codec ac97_bus snd_mpu401_uart > snd_rawmidi via686a hwmon parport_pc sg parport uhci_hcd ehci_hcd > [314185.623924] Pid: 12314, comm: nautilus Not tainted 2.6.26-rc5-git2 #4 > [314185.624021] [<c0115b95>] warn_on_slowpath+0x41/0x7b > [314185.624021] [<c010de70>] ? do_page_fault+0x2c1/0x5fd > [314185.624021] [<c0128396>] ? up_read+0x16/0x28 > [314185.624021] [<c010de70>] ? do_page_fault+0x2c1/0x5fd > [314185.624021] [<c012fa33>] ? __lock_acquire+0xbb4/0xbc3 > [314185.624021] [<c012d0a0>] check_flags+0x4c/0x128 > [314185.624021] [<c012fa73>] lock_acquire+0x31/0x7d > [314185.624021] [<c0128cf6>] __atomic_notifier_call_chain+0x30/0x80 > [314185.624021] [<c0128cc6>] ? __atomic_notifier_call_chain+0x0/0x80 > [314185.624021] [<c0128d52>] atomic_notifier_call_chain+0xc/0xe > [314185.624021] [<c0128d81>] notify_die+0x2d/0x2f > [314185.624021] [<c01043b0>] do_int3+0x1f/0x4d > [314185.624021] [<c02f2d3b>] int3+0x27/0x2c > [314185.624021] ======================= > [314185.624021] ---[ end trace 1923f65a2d7bb246 ]--- > [314185.624021] possible reason: unannotated irqs-off. > [314185.624021] irq event stamp: 488879 > [314185.624021] hardirqs last enabled at (488879): [<c0102d67>] > restore_nocheck+0x12/0x15 > [314185.624021] hardirqs last disabled at (488878): [<c0102dca>] > work_resched+0x19/0x30 > [314185.624021] softirqs last enabled at (488876): [<c011a1ba>] > __do_softirq+0xa6/0xac > [314185.624021] softirqs last disabled at (488865): [<c010476e>] > do_softirq+0x57/0xa6 > > I didn't seem to find it with some googling, so here it is. > > I was incidentally ltracing that process to try and find out > what was gulping down that much CPU (sorry, no idea > whether ltrace and the WARNING happened at the same > time or which came first) and: Yeah, this is extremely likely to be the source of the warning. The warning should be harmless, however. > Box is my trusty noname K7-800, 512MB RAM; if there's > anything else useful I might be able to provide, just ask. It would be interesting to see where the int3 comes from. Too bad, lockdep doesn't provide the register dump. The stacktrace also doesn't go further than the int3(), I wonder if this int3 came from userspace? The ltrace readme says "software breakpoints, like gdb", so I guess this is the case. Yep, seems like it. This looks relevant: | commit fb1dac909d94ff807cd833d340c6827c3a957159 | Author: Peter Zijlstra <a.p.zijlstra@chello.nl> | Date: Wed Jan 16 09:51:59 2008 +0100 | | lockdep: more hardirq annotations for notify_die() I'm attaching a similarly-looking patch for this case (DO_VM86_ERROR), though I suspect it might be missing for the other cases (DO_ERROR/DO_ERROR_INFO) as well. Reported-by: Alessandro Suardi <alessandro.suardi@gmail.com> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: fix an incompatible pointer type warning on 64-bit compilationsDavid Howells1-2/+2
Fix an incompatible pointer type warning on x86_64 compilations. early_memtest() is passing a u64* to find_e820_area_size() which is expecting an unsigned long. Change t_start and t_size to unsigned long as those are also 64-bit types on x88_64. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: fix lockdep warning during suspend-to-ramPeter Zijlstra1-0/+1
Andrew Morton wrote: > I've been seeing the below for a long time during suspend-to-ram on the Vaio. > > > PM: Syncing filesystems ... done. > PM: Preparing system for mem sleep > Freezing user space processes ... <4>------------[ cut here ]------------ > WARNING: at kernel/lockdep.c:2658 check_flags+0x4c/0x127() > Modules linked in: i915 drm ipw2200 sonypi ipv6 autofs4 hidp l2cap bluetooth sunrpc nf_conntrack_netbios_ns ipt_REJECT nf_conntrack_ipv4 xt_state nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables acpi_cpufreq nvram ohci1394 ieee1394 ehci_hcd uhci_hcd sg joydev snd_hda_intel snd_seq_dummy sr_mod snd_seq_oss cdrom snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ieee80211 pcspkr ieee80211_crypt snd_pcm i2c_i801 snd_timer i2c_core ide_pci_generic piix snd soundcore snd_page_alloc button ext3 jbd ide_disk ide_core [last unloaded: ipw2200] > Pid: 3250, comm: zsh Not tainted 2.6.26-rc5 #1 > [<c011c5f5>] warn_on_slowpath+0x41/0x6d > [<c01080e6>] ? native_sched_clock+0x82/0x96 > [<c013789c>] ? mark_held_locks+0x41/0x5c > [<c0315688>] ? _spin_unlock_irqrestore+0x36/0x58 > [<c0137a29>] ? trace_hardirqs_on+0xe6/0x10d > [<c0138637>] ? __lock_acquire+0xae3/0xb2b > [<c0313413>] ? schedule+0x39b/0x3b4 > [<c0135596>] check_flags+0x4c/0x127 > [<c01386b9>] lock_acquire+0x3a/0x86 > [<c0315075>] _spin_lock+0x26/0x53 > [<c0140660>] ? refrigerator+0x13/0xc3 > [<c0140660>] refrigerator+0x13/0xc3 > [<c012684a>] get_signal_to_deliver+0x3c/0x31e > [<c0102fe7>] do_notify_resume+0x91/0x6ee > [<c01359fd>] ? lock_release_holdtime+0x50/0x56 > [<c0315688>] ? _spin_unlock_irqrestore+0x36/0x58 > [<c0235d24>] ? read_chan+0x0/0x58c > [<c0137a29>] ? trace_hardirqs_on+0xe6/0x10d > [<c0315694>] ? _spin_unlock_irqrestore+0x42/0x58 > [<c0230afa>] ? tty_ldisc_deref+0x5c/0x63 > [<c0233104>] ? tty_read+0x66/0x98 > [<c014b3f0>] ? audit_syscall_exit+0x2aa/0x2c5 > [<c0109430>] ? do_syscall_trace+0x6b/0x16f > [<c0103a9c>] work_notifysig+0x13/0x1b > ======================= > ---[ end trace 25b49fe59a25afa5 ]--- > possible reason: unannotated irqs-off. > irq event stamp: 58919 > hardirqs last enabled at (58919): [<c0103afd>] syscall_exit_work+0x11/0x26 Joy - I so love entry.S Best I can make of it: syscall_exit_work resume_userspace DISABLE_INTERRUPTS (no TRACE_IRQS_OFF) work_pending work_notifysig do_notify_resume() do_signal() get_signal_to_deliver() try_to_freeze() refrigerator() task_lock() -> check_flags() -> BANG The normal path is: syscall_exit_work resume_userspace DISABLE_INTERRUPTS restore_all TRACE_IRQS_IRET iret No idea why that would not warn.. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: fix unused variable 'loops' warning in arch/x86/boot/a20.cManish Katiyar1-2/+1
Following patch fixes the below warning message : arch/x86/boot/a20.c:118: warning: unused variable 'loops' Signed-off-by : Manish Katiyar <mkatiyar@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12Revert "x86: fix ioapic bug again"Ingo Molnar2-17/+4
This reverts commit 6e908947b4995bc0e551a8257c586d5c3e428201. Németh Márton reported: | there is a problem in 2.6.26-rc3 which was not there in case of | 2.6.25: the CPU wakes up ~90,000 times per sec instead of ~60 per sec. | | I also "git bisected" the problem, the result is: | | 6e908947b4995bc0e551a8257c586d5c3e428201 is first bad commit | commit 6e908947b4995bc0e551a8257c586d5c3e428201 | Author: Ingo Molnar <mingo@elte.hu> | Date: Fri Mar 21 14:32:36 2008 +0100 | | x86: fix ioapic bug again the original problem is fixed by Maciej W. Rozycki in the tip/x86/apic branch (confirmed by Márton), but those changes are too intrusive for v2.6.26 so we'll go for the less intrusive (repeated) revert now. Reported-and-bisected-by: Németh Márton <nm127@freemail.hu> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: fix asm warning in head_32.SJoe Korty1-1/+1
On Mon, May 19, 2008 at 04:10:02PM -0700, Linus Torvalds wrote: > It also causes these warnings on 32-bit PAE: > > AS arch/x86/kernel/head_32.o > arch/x86/kernel/head_32.S: Assembler messages: > arch/x86/kernel/head_32.S:225: Warning: left operand is a bignum; integer 0 assumed > arch/x86/kernel/head_32.S:609: Warning: left operand is a bignum; integer 0 assumed > > and I do not see why (the end result seems to be identical). Fix head_32.S gcc bignum warnings when CONFIG_PAE=y. arch/x86/kernel/head_32.S: Assembler messages: arch/x86/kernel/head_32.S:225: Warning: left operand is a bignum; integer 0 assumed arch/x86/kernel/head_32.S:609: Warning: left operand is a bignum; integer 0 assumed The assembler was stumbling over the 64-bit constant 0x100000000 in the KPMDS #define. Testing: a cmp(1) on head_32.o before and after shows the binary is unchanged. Signed-off-by: Joe Korty <joe.korty@ccur.com Cc: Hugh Dickins <hugh@veritas.com> Cc: Theodore Tso <tytso@mit.edu> Cc: Gabriel C <nix.or.die@googlemail.com> Cc: Keith Packard <keithp@keithp.com> Cc: "Pallipadi Venkatesh" <venkatesh.pallipadi@intel.com> Cc: Eric Anholt <eric@anholt.net> Cc: "Siddha Suresh B" <suresh.b.siddha@intel.com> Cc: bugme-daemon@bugzilla.kernel.org Cc: airlied@linux.ie Cc: "Barnes Jesse" <jesse.barnes@intel.com> Cc: Jeremy Fitzhardinge <jeremy@goop.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: fix endless page faults in mount_block_root for Linux 2.6Henry Nestler1-0/+5
Page faults in kernel address space between PAGE_OFFSET up to VMALLOC_START should not try to map as vmalloc. Fix rarely endless page faults inside mount_block_root for root filesystem at boot time. All 32bit kernels up to 2.6.25 can fail into this hole. I can not present this under native linux kernel. I see, that the 64bit has fixed the problem. I copied the same lines into 32bit part. Recorded debugs are from coLinux kernel 2.6.22.18 (virtualisation): http://www.henrynestler.com/colinux/testing/pfn-check-0.7.3/20080410-antinx/bug16-recursive-page-fault-endless.txt The physicaly memory was trimmed down to 192MB to better catch the bug. More memory gets the bug more rarely. Details, how every x86 32bit system can fail: Start from "mount_block_root", http://lxr.linux.no/linux/init/do_mounts.c#L297 There the variable "fs_names" got one memory page with 4096 bytes. Variable "p" walks through the existing file system types. The first string is no problem. But, with the second loop in mount_block_root the offset of "p" is not at beginning of page, the offset is for example +9, if "reiserfs" is the first in list. Than calls do_mount_root, and lands in sys_mount. Remember: Variable "type_page" contains now "fs_type+9" and not contains a full page. The sys_mount copies 4096 bytes with function "exact_copy_from_user()": http://lxr.linux.no/linux/fs/namespace.c#L1540 Mostly exist pages after the buffer "fs_names+4096+9" and the page fault handler was not called. No problem. In the case, if the page after "fs_names+4096" is not mapped, the page fault handler was called from http://lxr.linux.no/linux/fs/namespace.c#L1320 The do_page_fault gots an address 0xc03b4000. It's kernel address, address >= TASK_SIZE, but not from vmalloc! It's from "__getname()" alias "kmem_cache_alloc". The "error_code" is 0. "vmalloc_fault" will be call: http://lxr.linux.no/linux/arch/i386/mm/fault.c#L332 "vmalloc_fault" tryed to find the physical page for a non existing virtual memory area. The macro "pte_present" in vmalloc_fault() got a next page fault for 0xc0000ed0 at: http://lxr.linux.no/linux/arch/i386/mm/fault.c#L282 No PTE exist for such virtual address. The page fault handler was trying to sync the physical page for the PTE lockup. This called vmalloc_fault() again for address 0xc000000, and that also was not existing. The endless began... In normal case the cpu would still loop with disabled interrrupts. Under coLinux this was catched by a stack overflow inside printk debugs. Signed-off-by: Henry Nestler <henry.nestler@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-06-12geode: fix modular buildIngo Molnar1-0/+2
-tip testing found this build bug: MODPOST 331 modules ERROR: "geode_mfgpt_toggle_event" [drivers/watchdog/geodewdt.ko] undefined! ERROR: "geode_mfgpt_alloc_timer" [drivers/watchdog/geodewdt.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 with this config: http://redhat.com/~mingo/misc/config-Wed_Jun__4_18_01_59_CEST_2008.bad export those symbols. Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12block: disable IRQs until data is written to relay channelCarl Henrik Lunde1-6/+4
As we may run relay_reserve from interrupt context we must always disable IRQs. This is because a call to relay_reserve may expose previously written data to use space. Updated new message code and an old but related comment. Signed-off-by: Carl Henrik Lunde <chlunde@ping.uio.no> Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixesLinus Torvalds1-5/+20
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes: kbuild: ignore powerpc specific symbols in modpost
2008-06-12nommu: Correct kobjsize() page validity checks.Paul Mundt1-18/+3
This implements a few changes on top of the recent kobjsize() refactoring introduced by commit 6cfd53fc03670c7a544a56d441eb1a6cc800d72b. As Christoph points out: virt_to_head_page cannot return NULL. virt_to_page also does not return NULL. pfn_valid() needs to be used to figure out if a page is valid. Otherwise the page struct reference that was returned may have PageReserved() set to indicate that it is not a valid page. As discussed further in the thread, virt_addr_valid() is the preferable way to validate the object pointer in this case. In addition to fixing up the reserved page case, it also has the benefit of encapsulating the hack introduced by commit 4016a1390d07f15b267eecb20e76a48fd5c524ef on the impacted platforms, allowing us to get rid of the extra checking in kobjsize() for the platforms that don't perform this type of bizarre memory_end abuse (every nommu platform that isn't blackfin). If blackfin decides to get in line with every other platform and use PageReserved for the DMA pages in question, kobjsize() will also continue to work fine. It also turns out that compound_order() will give us back 0-order for non-head pages, so we can get rid of the PageCompound check and just use compound_order() directly. Clean that up while we're at it. Signed-off-by: Paul Mundt <lethal@linux-sh.org> Reviewed-by: Christoph Lameter <clameter@sgi.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12fsl-diu-db: compile fixJeff Mahoney1-2/+2
This patch fixes a compile failure in 2.6.26-rc5-git5. The variable is expected to be called ofdev. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12Merge branch 'core/iter-div' of ↵Linus Torvalds4-20/+40
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core/iter-div' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: always_inline timespec_add_ns add an inlined version of iter_div_u64_rem common implementation of iterative div/mod
2008-06-12kbuild: ignore powerpc specific symbols in modpostSam Ravnborg1-5/+20
Kumar Gala <galak@kernel.crashing.org> wrote: We have a case in powerpc in which we want to link some library routines with all module objects. The routines are intended for handling out-of-line function call register save/restore so having them as EXPORT_SYMBOL() is counter productive (we do also need to link the same "library" code into the kernel). Without this patch a powerpc build would error out and fail to build modules with the added register save/restore module. There were two obvious solutions: 1) To link the .o file before the modpost stage 2) To ignore the symbols in modpost Option 1) was ruled out because we do not have any separate linking stage for single file modules. This patch implements option 2 - and do so only for powerpc. The symbols we ignore are all undefined symbols named: _restgpr_*, _savegpr_*, _rest32gpr_*, _save32gpr_* Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Cc: Kumar Gala <galak@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org>
2008-06-12sched: 64-bit: fix arithmetics overflowLai Jiangshan1-2/+7
(overflow means weight >= 2^32 here, because inv_weigh = 2^32/weight) A weight of a cfs_rq is the sum of weights of which entities are queued on this cfs_rq, so it will overflow when there are too many entities. Although, overflow occurs very rarely, but it break fairness when it occurs. 64-bits systems have more memory than 32-bit systems and 64-bit systems can create more process usually, so overflow may occur more frequently. This patch guarantees fairness when overflow happens on 64-bit systems. Thanks to the optimization of compiler, it changes nothing on 32-bit. Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12sched: fair group: fix overflow(was: fix divide by zero)Lai Jiangshan1-2/+5
I found a bug which can be reproduced by this way:(linux-2.6.26-rc5, x86-64) (use 2^32, 2^33, ...., 2^63 as shares value) # mkdir /dev/cpuctl # mount -t cgroup -o cpu cpuctl /dev/cpuctl # cd /dev/cpuctl # mkdir sub # echo 0x8000000000000000 > sub/cpu.shares # echo $$ > sub/tasks oops here! divide by zero. This is because do_div() expects the 2th parameter to be 32 bits, but unsigned long is 64 bits in x86_64. Peter Zijstra pointed it out that the sane thing to do is limit the shares value to something smaller instead of using an even more expensive divide. Also, I found another bug about "the shares value is too large": pid1 and pid2 are set affinity to cpu#0 pid1 is attached to cg1 and pid2 is attached to cg2 if cg1/cpu.shares = 1024 cg2/cpu.shares = 2000000000 then pid2 got 100% usage of cpu, and pid1 0% if cg1/cpu.shares = 1024 cg2/cpu.shares = 20000000000 then pid2 got 0% usage of cpu, and pid1 100% And a weight of a cfs_rq is the sum of weights of which entities are queued on this cfs_rq, so the shares value should be limited to a smaller value. I think that (1UL << 18) is a good limited value: 1) it's not too large, we can create a lot of group before overflow 2) it's several times the weight value for nice=-19 (not too small) Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12net: Eliminate flush_scheduled_work() calls while RTNL is held.David S. Miller9-47/+21
If the RTNL is held when we invoke flush_scheduled_work() we could deadlock. One such case is linkwatch, it is a work struct which tries to grab the RTNL semaphore. The most common case are net driver ->stop() methods. The simplest conversion is to instead use cancel_{delayed_}work_sync() explicitly on the various work struct the driver uses. This is an OK transformation because these work structs are doing things like resetting the chip, restarting link negotiation, and so forth. And if we're bringing down the device, we're about to turn the chip off and reset it anways. So if we cancel a pending work event, that's fine here. Some drivers were working around this deadlock by using a msleep() polling loop of some sort, and those cases are converted to instead use cancel_{delayed_}work_sync() as well. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-12always_inline timespec_add_nsJeremy Fitzhardinge1-2/+5
timespec_add_ns is used from the x86-64 vdso, which cannot call out to other kernel code. Make sure that timespec_add_ns is always inlined (and only uses always_inlined functions) to make sure there are no unexpected calls. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12add an inlined version of iter_div_u64_remJeremy Fitzhardinge2-14/+20
iter_div_u64_rem is used in the x86-64 vdso, which cannot call other kernel code. For this case, provide the always_inlined version, __iter_div_u64_rem. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12common implementation of iterative div/modJeremy Fitzhardinge4-19/+30
We have a few instances of the open-coded iterative div/mod loop, used when we don't expcet the dividend to be much bigger than the divisor. Unfortunately modern gcc's have the tendency to strength "reduce" this into a full mod operation, which isn't necessarily any faster, and even if it were, doesn't exist if gcc implements it in libgcc. The workaround is to put a dummy asm statement in the loop to prevent gcc from performing the transformation. This patch creates a single implementation of this loop, and uses it to replace the open-coded versions I know about. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: john stultz <johnstul@us.ibm.com> Cc: Segher Boessenkool <segher@kernel.crashing.org> Cc: Christian Kujau <lists@nerdbynature.de> Cc: Robert Hancock <hancockr@shaw.ca> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-06-12x86: PAT export resource_wc in pci sysfsvenkatesh.pallipadi@intel.com3-22/+64
For the ranges with IORESOURCE_PREFETCH, export a new resource_wc interface in pci /sysfs along with resource (which is uncached). Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-06-11Merge branch 'davem-fixes' of ↵David S. Miller3-4/+4
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
2008-06-11drivers/net/r6040.c: correct bad use of round_jiffies()Christophe Jaillet1-1/+1
Compared to other places in the kernel, I think that this driver misuses the function round_jiffies. Signed-off-by: Christophe Jaillet <christophe.jaillet@wanadoo.fr> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11fec_mpc52xx: MPC52xx_MESSAGES_DEFAULT: 2nd NETIF_MSG_IFDOWN => IFUPRoel Kluin1-1/+1
Duplicate NETIF_MSG_IFDOWN, 2nd should be NETIF_MSG_IFUP Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Acked-by: Sylvain Munaut <tnt@246tNt.com> Cc: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11ipg: fix receivemode IPG_RM_RECEIVEMULTICAST{,HASH} in ↵Roel Kluin1-2/+2
ipg_nic_set_multicast_list() The branches are dead code. even when dev->flag IFF_MULTICAST (defined 0x1000) is set, dev->flags & IFF_MULTICAST & [boolean] always evaluates to 0. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Francois Romieu <romieu@fr.zoreil.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11Merge branch 'net-2.6-misc-20080611a' of ↵David S. Miller3-6/+19
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-fix
2008-06-11Merge branch 'master' of git://eden-feed.erg.abdn.ac.uk/net-2.6David S. Miller9-59/+41
2008-06-11netfilter: nf_conntrack: fix ctnetlink related crash in nf_nat_setup_info()Patrick McHardy1-2/+1
When creation of a new conntrack entry in ctnetlink fails after having set up the NAT mappings, the conntrack has an extension area allocated that is not getting properly destroyed when freeing the conntrack again. This means the NAT extension is still in the bysource hash, causing a crash when walking over the hash chain the next time: BUG: unable to handle kernel paging request at 00120fbd IP: [<c03d394b>] nf_nat_setup_info+0x221/0x58a *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Pid: 2795, comm: conntrackd Not tainted (2.6.26-rc5 #1) EIP: 0060:[<c03d394b>] EFLAGS: 00010206 CPU: 1 EIP is at nf_nat_setup_info+0x221/0x58a EAX: 00120fbd EBX: 00120fbd ECX: 00000001 EDX: 00000000 ESI: 0000019e EDI: e853bbb4 EBP: e853bbc8 ESP: e853bb78 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process conntrackd (pid: 2795, ti=e853a000 task=f7de10f0 task.ti=e853a000) Stack: 00000000 e853bc2c e85672ec 00000008 c0561084 63c1db4a 00000000 00000000 00000000 0002e109 61d2b1c3 00000000 00000000 00000000 01114e22 61d2b1c3 00000000 00000000 f7444674 e853bc04 00000008 c038e728 0000000a f7444674 Call Trace: [<c038e728>] nla_parse+0x5c/0xb0 [<c0397c1b>] ctnetlink_change_status+0x190/0x1c6 [<c0397eec>] ctnetlink_new_conntrack+0x189/0x61f [<c0119aee>] update_curr+0x3d/0x52 [<c03902d1>] nfnetlink_rcv_msg+0xc1/0xd8 [<c0390228>] nfnetlink_rcv_msg+0x18/0xd8 [<c0390210>] nfnetlink_rcv_msg+0x0/0xd8 [<c038d2ce>] netlink_rcv_skb+0x2d/0x71 [<c0390205>] nfnetlink_rcv+0x19/0x24 [<c038d0f5>] netlink_unicast+0x1b3/0x216 ... Move invocation of the extension destructors to nf_conntrack_free() to fix this problem. Fixes http://bugzilla.kernel.org/show_bug.cgi?id=10875 Reported-and-Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-11netfilter: Make nflog quiet when no one listen in userspace.Eric Leblond1-4/+0
The message "nf_log_packet: can't log since no backend logging module loaded in! Please either load one, or disable logging explicitly" was displayed for each logged packet when no userspace application is listening to nflog events. The message seems to warn for a problem with a kernel module missing but as said before this is not the case. I thus propose to suppress the message (I don't see any reason to flood the log because a user application has crashed.) Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds4-13/+65
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: USB: don't use reset-resume if drivers don't support it USB: isp1760: Assign resource fields before adding hcd isight_firmware: Avoid crash on loading invalid firmware USB: fix build bug in USB_ISIGHTFW
2008-06-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6Linus Torvalds2-1/+2
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6: kobject: Documentation Spelling Patch dev_set_name: fix missing kernel-doc
2008-06-12ipv6: Fail with appropriate error code when setting not-applicable sockopt.YOSHIFUJI Hideaki1-4/+4
IPV6_MULTICAST_HOPS, for example, is not valid for stream sockets. Since they are virtually unavailable for stream sockets, we should return ENOPROTOOPT instead of EINVAL. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>