Commit graph

21126 commits

Author SHA1 Message Date
David S. Miller
c3d7a3a4eb [PATCH] e1000 endianness bugs
return -E_NO_BIG_ENDIAN_TESTING;

[E1000]: Fix 4 missed endianness conversions on RX descriptor fields.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-03-16 19:17:38 -05:00
Jeff Garzik
b27a1ed571 Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2006-03-16 19:16:59 -05:00
Jeff Garzik
ca68bb1e41 Merge branch 'e100-fixes' of git://198.78.49.142/~jbrandeb/linux-2.6 2006-03-16 19:15:26 -05:00
Linus Torvalds
485ff09990 Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge:
  powerpc: update defconfigs
  [PATCH] powerpc: properly configure DDR/P5IOC children devs
  [PATCH] powerpc: remove duplicate EXPORT_SYMBOLS
  [PATCH] powerpc: RTC memory corruption
  [PATCH] powerpc: enable NAP only on cpus who support it to avoid memory corruption
  [PATCH] powerpc: Clarify wording for CRASH_DUMP Kconfig option
  [PATCH] powerpc/64: enable CONFIG_BLK_DEV_SL82C105
  [PATCH] powerpc: correct cacheflush loop in zImage
  powerpc: Fix problem with time going backwards
  powerpc: Disallow lparcfg being a module
2006-03-16 09:13:34 -08:00
Paul Mackerras
1ae5db3742 powerpc: update defconfigs
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:08 +11:00
John Rose
92eb4602eb [PATCH] powerpc: properly configure DDR/P5IOC children devs
The dynamic add path for PCI Host Bridges can fail to configure children
adapters under P5IOC controllers.  It fails to properly fixup bus/device
resources, and it fails to properly enable EEH.  Both of these steps
need to occur before any children devices are enabled in
pci_bus_add_devices().

Signed-off-by: John Rose <johnrose@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:07 +11:00
Olaf Hering
920573bd03 [PATCH] powerpc: remove duplicate EXPORT_SYMBOLS
remove warnings when building a 64bit kernel.
smp_call_function triggers also with 32bit kernel.

WARNING: vmlinux: duplicate symbol 'smp_call_function' previous definition was in vmlinux
arch/powerpc/kernel/ppc_ksyms.c:164:EXPORT_SYMBOL(smp_call_function);
arch/powerpc/kernel/smp.c:300:EXPORT_SYMBOL(smp_call_function);

WARNING: vmlinux: duplicate symbol 'ioremap' previous definition was in vmlinux
arch/powerpc/kernel/ppc_ksyms.c:113:EXPORT_SYMBOL(ioremap);
arch/powerpc/mm/pgtable_64.c:321:EXPORT_SYMBOL(ioremap);

WARNING: vmlinux: duplicate symbol '__ioremap' previous definition was in vmlinux
arch/powerpc/kernel/ppc_ksyms.c:117:EXPORT_SYMBOL(__ioremap);
arch/powerpc/mm/pgtable_64.c:322:EXPORT_SYMBOL(__ioremap);

WARNING: vmlinux: duplicate symbol 'iounmap' previous definition was in vmlinux
arch/powerpc/kernel/ppc_ksyms.c:118:EXPORT_SYMBOL(iounmap);
arch/powerpc/mm/pgtable_64.c:323:EXPORT_SYMBOL(iounmap);

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:05 +11:00
Michael Neuling
0e8ed47912 [PATCH] powerpc: RTC memory corruption
We should be memset'ing the data we are pointing to, not the pointer
itself.  This is in an error path so we probably don't hit it much.

Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:03 +11:00
Benjamin Herrenschmidt
c6cb3b5f36 [PATCH] powerpc: enable NAP only on cpus who support it to avoid memory corruption
This patch fixes incorrect setting of powersave_nap to 1 on all
PowerMacs, potentially causing memory corruption on some models. This
bug was introuced by me during the 32/64 bits merge.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:02 +11:00
Michael Ellerman
cd9c99d7e5 [PATCH] powerpc: Clarify wording for CRASH_DUMP Kconfig option
The wording of the CRASH_DUMP Kconfig option is not very clear. It gives you a
kernel that can be used _as_ the kdump kernel, not a kernel that can boot into
a kdump kernel.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:55:00 +11:00
Olaf Hering
e2c552cc89 [PATCH] powerpc/64: enable CONFIG_BLK_DEV_SL82C105
Enable the onboard IDE driver for p610, p615 and p630.
They have the CD connected to this card. All other RS/6000 systems with this
controller have no connectors and dont need this option.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:54:59 +11:00
Olaf Hering
eacb1962d4 [PATCH] powerpc: correct cacheflush loop in zImage
Correct the loop for cacheflush. No idea where I copied the code from,
but the original does not work correct. Maybe the flush is not needed.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:54:57 +11:00
Paul Mackerras
0a45d4491d powerpc: Fix problem with time going backwards
The recent changes to keep gettimeofday in sync with xtime had the side
effect that it was occasionally possible for the time reported by
gettimeofday to go back by a microsecond.  There were two reasons:
(1) when we recalculated the offsets used by gettimeofday every 2^31
timebase ticks, we lost an accumulated fractional microsecond, and
(2) because the update is done some time after the notional start of
jiffy, if ntp is slowing the clock, it is possible to see time go backwards
when the timebase factor gets reduced.

This fixes it by (a) slowing the gettimeofday clock by about 1us in
2^31 timebase ticks (a factor of less than 1 in 3.7 million), and (b)
adjusting the timebase offsets in the rare case that the gettimeofday
result could possibly go backwards (i.e. when ntp is slowing the clock
and the timer interrupt is late).  In this case the adjustment will
reduce to zero eventually because of (a).

Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16 16:54:55 +11:00
Linus Torvalds
5466eb5d0a Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3362/1: [cleanup] - duplicate decleration of mem_fclk_21285
  [ARM] 3365/1: [cleanup] header for compat.c exported functions
  [ARM] 3364/1: [cleanup] warning fix - definitions for enable_hlt and disable_hlt
  [ARM] 3363/1: [cleanup] process.c - fix warnings
  [ARM] 3358/1: [S3C2410] add missing SPI DMA resources
  [ARM] 3357/1: enable frontlight on collie
  [ARM] Fix "thead" typo
2006-03-15 18:17:11 -08:00
Al Viro
2d7f2ea9c9 [PATCH] Fix ext2 readdir f_pos re-validation logic
This fixes not one, but _two_, silly (but admittedly hard to hit) bugs
in the ext2 filesystem "readdir()" function.  It also cleans up the code
to avoid the unnecessary goto mess.

The bugs were related to re-valiating the f_pos value after somebody had
either done an "lseek()" on the directory to an invalid offset, or when
the offset had become invalid due to a file being unlinked in the
directory.  The code would not only set the f_version too eagerly, it
would also not update f_pos appropriately for when the offset fixup took
place.

When that happened, we'd occasionally subsequently fail the readdir()
even when we shouldn't (no real harm done, but an ugly printk, and
obviously you would end up not necessarily seeing all entries).

Thanks to Masoud Sharbiani <masouds@google.com> who noticed the problem
and had a test-case for it, and also fixed up a thinko in the first
version of this patch.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Masoud Sharbiani <masouds@google.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-15 16:31:51 -08:00
Ben Dooks
4333298965 [ARM] 3362/1: [cleanup] - duplicate decleration of mem_fclk_21285
Patch from Ben Dooks

arch/arm/kernel/setup.c declares mem_fclk_21285 when
this is already declared in include/asm-arm/system.h

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 23:18:08 +00:00
Ben Dooks
0fc1c83212 [ARM] 3365/1: [cleanup] header for compat.c exported functions
Patch from Ben Dooks

arch/arm/kernel/compat.c exports two functions,
convert_to_tag_list and squash_mem_tags which
are not defined in any header files, and not
used outside arch/arm/kernel.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 23:17:30 +00:00
Ben Dooks
dabaeff06c [ARM] 3364/1: [cleanup] warning fix - definitions for enable_hlt and disable_hlt
Patch from Ben Dooks

The enable_hlt and disable_hlt should be declared in
include/asm/setup.h. This fixes sparse errors from
arch/arm/kernel/process.c

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 23:17:26 +00:00
Ben Dooks
84dff1a730 [ARM] 3363/1: [cleanup] process.c - fix warnings
Patch from Ben Dooks

Fix the following warnings from sparse:

arch/arm/kernel/process.c:86:6: warning: symbol 'default_idle' was not declared. Should it be static?
arch/arm/kernel/process.c:378:5: warning: symbol 'dump_fpu' was not declared.   Should it be static?

Include <linux/elfcore.h> for dump_fpu() decleration, and
make default_idle() static as it is not used outside the file.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 23:17:23 +00:00
Hong Liu
72df16f109 [PATCH] ieee80211: Fix QoS is not active problem
Fix QoS is not active even the network and the card is QOS enabled.
The problem is we pass the wrong ieee80211_network address to
ipw_handle_beacon/ipw_handle_probe_response, thus the
ieee80211_network->qos_data.active will not be set, causing the driver
not sending QoS frames at all.

Signed-off-by: Hong Liu <hong.liu@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15 16:16:07 -05:00
Zhu Yi
0df7861240 [PATCH] ieee80211: Fix CCMP decryption problem when QoS is enabled
Use the correct STYPE for Qos data.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15 16:11:55 -05:00
Jesse Brandeburg
aa49cdd93b e100: fix eeh on pseries during ethtool -t
Olaf Hering reported a problem on pseries with e100 where ethtool -t would
cause a bus error, and the e100 driver would stop working.  Due to the new
load ucode command the cb list must be allocated before calling
e100_init_hw, so remove the call and just let e100_up take care of it.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
2006-03-15 10:55:24 -08:00
Adrian Bunk
f13b83580a [PATCH] fs/namespace.c:dup_namespace(): fix a use after free
The Coverity checker spotted the following bug in dup_namespace():

<--  snip  -->

        if (!new_ns->root) {
                up_write(&namespace_sem);
                kfree(new_ns);
                goto out;
        }
...
out:
        return new_ns;

<--  snip  -->

Callers expect a non-NULL result to not be freed.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-15 09:37:34 -08:00
Albrecht Dre
66be0c3028 [ARM] 3358/1: [S3C2410] add missing SPI DMA resources
Patch from Albrecht Dre

Add DMA resources to s3c2410 spi platform devices - dma_(alloc|free)_coherent should now work as expected.

Signed-off-by: Albrecht Dre <albrecht.dress@lios-tech.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 16:03:05 +00:00
Pavel Machek
4ebf2d0026 [ARM] 3357/1: enable frontlight on collie
Patch from Pavel Machek

Enable frontlight during collie bootup, so that display is actually
readable in anything other than bright sunlight.

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 16:03:03 +00:00
Russell King
17320a9644 [ARM] Fix "thead" typo
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15 14:57:13 +00:00
Christoph Lameter
74c0024105 [PATCH] Consistent capabilites associated with MPOL_MOVE_ALL
It seems that setting scheduling policy and priorities is also the kind of
thing that might be performed in apps that also use the NUMA API, so it
would seem consistent to use CAP_SYS_NICE for NUMA also.

So use CAP_SYS_NICE for controlling migration permissions.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Christoph Lameter
b4fb376628 [PATCH] Page migration documentation update
Update the documentation for page migration.

- Fix up bits and pieces in cpusets.txt

- Rework text in vm/page-migration to be clearer and reflect the final
  version of page migration in 2.6.16. Mention Andi Kleen's numactl
  package that contains user space tools for page migration via
  libnuma. Add reference to numa_maps and to the manpage in numactl.

- Add todo list for outstanding issues

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Acked-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Christoph Lameter
4983da07f1 [PATCH] page migration: fail if page is in a vma flagged VM_LOCKED
page migration currently simply retries a couple of times if try_to_unmap()
fails without inspecting the return code.

However, SWAP_FAIL indicates that the page is in a vma that has the
VM_LOCKED flag set (if ignore_refs ==1).  We can check for that return code
and avoid retrying the migration.

migrate_page_remove_references() now needs to return a reason why the
failure occured.  So switch migrate_page_remove_references to use -Exx
style error messages.

Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Greg Smith
e843e280cb [PATCH] "s390: multiple subchannel sets support" fix
It seems this patch got dropped (it was in addition to the `s390:
improve response code handling in chsc_enable_facility()' patch).

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 21:43:02 -08:00
Linus Torvalds
0ee10a4423 Merge git://oss.sgi.com:8090/oss/git/rc-fixes
* git://oss.sgi.com:8090/oss/git/rc-fixes:
  Fix a direct I/O locking issue revealed by the new mutex code.
2006-03-14 20:50:45 -08:00
Nathan Scott
3fb962bde4 Fix a direct I/O locking issue revealed by the new mutex code.
Affects only XFS (i.e. DIO_OWN_LOCKING case) - currently it is
not possible to get i_mutex locking correct when using DIO_OWN
direct I/O locking in a filesystem due to indeterminism in the
possible return code/lock/unlock combinations.  This can cause
a direct read to attempt a double i_mutex unlock inside XFS.

We're now ensuring __blockdev_direct_IO always exits with the
inode i_mutex (still) held for a direct reader.

Tested with the three different locking modes (via direct block
device access, ext3 and XFS) - both reading and writing; cannot
find any regressions resulting from this change, and it clearly
fixes the mutex_unlock warning originally reported here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=114189068126253&w=2

Signed-off-by: Nathan Scott <nathans@sgi.com>
Acked-by: Christoph Hellwig <hch@lst.de>
2006-03-15 15:14:45 +11:00
Dave Kleikamp
a488edc914 [PATCH] JFS: Take logsync lock before testing mp->lsn
This fixes a race where lsn could be cleared before taking the lock

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 14:00:48 -08:00
Linus Torvalds
0f511ea706 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] zfcp: fix device registration issues
  [SCSI] scsi_transport_fc: fix FC_HOST_NUM_ATTRS
  [SCSI] scsi: aha152x pcmcia driver needs spi transport
  [SCSI] zfcp: correctly set this_id for hosts
  [SCSI] Add Brownie to blacklist
2006-03-14 11:03:50 -08:00
Maneesh Soni
6796313263 [PATCH] Plug kdump shutdown race window
lapic_shutdown() re-enables interrupts which is un-desirable for panic
case, so use local_irq_save() and local_irq_restore() to keep the irqs
disabled for kexec on panic case, and close a possible race window while
kdump shutdown as shown in this stack trace

   -- BUG: spinlock lockup on CPU#1, bash/4396, c52781a0
   [<c01c1870>] _raw_spin_lock+0xb7/0xd2
   [<c029e148>] _spin_lock+0x6/0x8
   [<c011b33f>] scheduler_tick+0xe7/0x328
   [<c0128a7c>] update_process_times+0x51/0x5d
   [<c0114592>] smp_apic_timer_interrupt+0x4f/0x58
   [<c01141ff>] lapic_shutdown+0x76/0x7e
   [<c0104d7c>] apic_timer_interrupt+0x1c/0x30
   [<c01141ff>] lapic_shutdown+0x76/0x7e
   [<c0116659>] machine_crash_shutdown+0x83/0xaa
   [<c013cc36>] crash_kexec+0xc1/0xe3
   [<c029e148>] _spin_lock+0x6/0x8
   [<c013cc22>] crash_kexec+0xad/0xe3
   [<c0215280>] __handle_sysrq+0x84/0xfd
   [<c018d937>] write_sysrq_trigger+0x2c/0x35
   [<c015e47b>] vfs_write+0xa2/0x13b
   [<c015ea73>] sys_write+0x3b/0x64
   [<c0103c69>] syscall_call+0x7/0xb

Signed-off-by: Maneesh Soni <maneesh@in.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 08:26:44 -08:00
Linus Torvalds
cbf0ec6ee0 Revert "[PATCH] x86-64: Fix up handling of non canonical user RIPs"
This reverts commit c33d4568ac.

Andrew Clayton and Hugh Dickins report that it's broken for them and
causes strange page table and slab corruption, and spontaneous reboots.

Let's get it right next time.

Cc: Andrew Clayton <andrew@rootshell.co.uk>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 08:01:47 -08:00
Dave Peterson
ceb2ca9cb0 [PATCH] EDAC: disable sysfs interface
- Disable the EDAC sysfs code.  The sysfs interface that EDAC presents to
  user space needs more thought, and is likely to change substantially.
  Therefore disable it for now so users don't start depending on it in its
  current form.

- Disable the default behavior of calling panic() when an uncorrectible
  error is detected (since for now, there is no sysfs interface that allows
  the user to configure this behavior).

Signed-off-by: David S. Peterson <dsp@llnl.gov>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
30f4e20a0d [PATCH] NLM: Ensure we do not Oops in the case of an unlock
In theory, NLM specs assure us that the server will only reply LCK_GRANTED or
LCK_DENIED_GRACE_PERIOD to our NLM_UNLOCK request.

In practice, we should not assume this to be the case, and the code will
currently Oops if we do.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
e6d83d5569 [PATCH] SUNRPC: Fix potential deadlock in RPC code
In rpc_wake_up() and rpc_wake_up_status(), it is possible for the call to
__rpc_wake_up_task() to fail if another thread happens to be calling
rpc_wake_up_task() on the same rpc_task.

Problem noticed by Bruno Faccini.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Trond Myklebust
c12e87f465 [PATCH] NFSv4: fix mount segfault on errors returned that are < -1000
It turns out that nfs4_proc_get_root() may return raw NFSv4 errors instead of
mapping them to kernel errors.  Problem spotted by Neil Horman
<nhorman@tuxdriver.com>

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:18 -08:00
Adrian Bunk
712917d1c0 [PATCH] SUNRPC: fix a NULL pointer dereference in net/sunrpc/clnt.c
The Coverity checker spotted this possible NULL pointer dereference in
rpc_new_client().

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Trond Myklebust
143f412eb4 [PATCH] NFS: Fix a potential panic in O_DIRECT
Based on an original patch by Mike O'Connor and Greg Banks of SGI.

Mike states:

A normal user can panic an NFS client and cause a local DoS with
'judicious'(?) use of O_DIRECT.  Any O_DIRECT write to an NFS file where the
user buffer starts with a valid mapped page and contains an unmapped page,
will crash in this way.  I haven't followed the code, but O_DIRECT reads with
similar user buffers will probably also crash albeit in different ways.

Details: when nfs_get_user_pages() calls get_user_pages(), it detects and
correctly handles get_user_pages() returning an error, which happens if the
first page covered by the user buffer's address range is unmapped.  However,
if the first page is mapped but some subsequent page isn't, get_user_pages()
will return a positive number which is less than the number of pages requested
(this behaviour is sort of analagous to a short write() call and appears to be
intentional).  nfs_get_user_pages() doesn't detect this and hands off the
array of pages (whose last few elements are random rubbish from the newly
allocated array memory) to it's caller, whence they go to
nfs_direct_write_seg(), which then totally ignores the nr_pages it's given,
and calculates its own idea of how many pages are in the array from the user
buffer length.  Needless to say, when it comes to transmit those uninitialised
page* pointers, we see a crash in the network stack.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
GOTO Masanori
f9a3879abf [PATCH] Fix sigaltstack corruption among cloned threads
This patch fixes alternate signal stack corruption among cloned threads
with CLONE_SIGHAND (and CLONE_VM) for linux-2.6.16-rc6.

The value of alternate signal stack is currently inherited after a call of
clone(...  CLONE_SIGHAND | CLONE_VM).  But if sigaltstack is set by a
parent thread, and then if multiple cloned child threads (+ parent threads)
call signal handler at the same time, some threads may be conflicted -
because they share to use the same alternative signal stack region.
Finally they get sigsegv.  It's an undesirable race condition.  Note that
child threads created from NPTL pthread_create() also hit this conflict
when the parent thread uses sigaltstack, without my patch.

To fix this problem, this patch clears the child threads' sigaltstack
information like exec().  This behavior follows the SUSv3 specification.
In SUSv3, pthread_create() says "The alternate stack shall not be inherited
(when new threads are initialized)".  It means that sigaltstack should be
cleared when sigaltstack memory space is shared by cloned threads with
CLONE_SIGHAND.

Note that I chose "if (clone_flags & CLONE_SIGHAND)" line because:
  - If clone_flags line is not existed, fork() does not inherit sigaltstack.
  - CLONE_VM is another choice, but vfork() does not inherit sigaltstack.
  - CLONE_SIGHAND implies CLONE_VM, and it looks suitable.
  - CLONE_THREAD is another candidate, and includes CLONE_SIGHAND + CLONE_VM,
    but this flag has a bit different semantics.
I decided to use CLONE_SIGHAND.

[ Changed to test for CLONE_VM && !CLONE_VFORK after discussion --Linus ]

Signed-off-by: GOTO Masanori <gotom@sanori.org>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Linus Torvalds <torvalds@osdl.org>
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Benjamin Herrenschmidt
63e1fd41c7 [PATCH] macintosh: correct AC Power info in /proc/pmu/info
Report AC Power present in /proc/pmu/info if there is no battery.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Michael Hunold
6acaba8e22 [PATCH] Restore tuning capabilities in V4L2 MXB driver
The behaviour of the all-in-one Video4Linux tuner driver apparently
changed.  It now wants to know the tv standard, otherwise it refuses to
tune.

Restore tuning functionality in my driver for the "Multimedia eXtension
Board".  The all-in-one tuner driver apparently changed its behaviour.

Signed-off-by: Michael Hunold <hunold@linuxtv.org>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
David Brownell
3cb4f09fc2 [PATCH] mtd_dataflash, fix block vs page erase
Fix a bug in the block-erase optimization for Dataflash; it was using block
erase even for smaller segments that need page erase.

That wouldn't matter for JFFS2, which never erases less than one block
(sometimes several blocks), but for other callers it might.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: David Woodhouse <dwmw2@infradead.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14 07:57:17 -08:00
Paul Mackerras
82dfdcae0d powerpc: Disallow lparcfg being a module
The lparcfg code needs several things which are pretty arcane internal
details and which we don't want to export, which means that lparcfg
doesn't work when built as a module.  This makes it a bool instead of
a tristate in the Kconfig so that users can't try to build it as a
module.

Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-14 11:35:37 +11:00
Herbert Xu
3759fa9c55 [TCP]: Fix zero port problem in IPv6
When we link a socket into the hash table, we need to make sure that we
set the num/port fields so that it shows us with a non-zero port value
in proc/netlink and on the wire.  This code and comment is copied over
from the IPv4 stack as is.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-03-13 14:26:12 -08:00
Andi Kleen
c33d4568ac [PATCH] x86-64: Fix up handling of non canonical user RIPs
EM64T CPUs have somewhat weird error reporting for non canonical RIPs in
SYSRET.

We can't handle any exceptions there because the exception handler would
end up running on the user stack which is unsafe.

To avoid problems any code that might end up with a user touched pt_regs
should return using int_ret_from_syscall.  int_ret_from_syscall ends up
using IRET, which allows safe exceptions.

Cc: Ernie Petrides <petrides@redhat.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-12 22:56:29 -08:00
Patrick McHardy
31fe4d3317 [NETFILTER]: arp_tables: fix NULL pointer dereference
The check is wrong and lets NULL-ptrs slip through since !IS_ERR(NULL)
is true.

Coverity #190

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-03-12 20:40:43 -08:00