Commit graph

26341 commits

Author SHA1 Message Date
Zachary Amsden
6e5882cfa2 [PATCH] x86/PAE: Fix pte_clear for the >4GB RAM case
Proposed fix for ptep_get_and_clear_full PAE bug.  Pte_clear had the same bug,
so use the same fix for both.  Turns out pmd_clear had it as well, but pgds
are not affected.

The problem is rather intricate.  Page table entries in PAE mode are 64-bits
wide, but the only atomic 8-byte write operation available in 32-bit mode is
cmpxchg8b, which is expensive (at least on P4), and thus avoided.  But it can
happen that the processor may prefetch entries into the TLB in the middle of an
operation which clears a page table entry.  So one must always clear the P-bit
in the low word of the page table entry first when clearing it.

Since the sequence *ptep = __pte(0) leaves the order of the write dependent on
the compiler, it must be coded explicitly as a clear of the low word followed
by a clear of the high word.  Further, there must be a write memory barrier
here to enforce proper ordering by the compiler (and, in the future, by the
processor as well).

On > 4GB memory machines, the implementation of pte_clear for PAE was clearly
deficient, as it could leave virtual mappings of physical memory above 4GB
aliased to memory below 4GB in the TLB.  The implementation of
ptep_get_and_clear_full has a similar bug, although not nearly as likely to
occur, since the mappings being cleared are in the process of being destroyed,
and should never be dereferenced again.

But, as luck would have it, it is possible to trigger bugs even without ever
dereferencing these bogus TLB mappings, even if the clear is followed fairly
soon after with a TLB flush or invalidation.  The problem is that memory above
4GB may now be aliased into the first 4GB of memory, and in fact, may hit a
region of memory with non-memory semantics.  These regions include AGP and PCI
space.  As such, these memory regions are not cached by the processor.  This
introduces the bug.

The processor can speculate memory operations, including memory writes, as long
as they are committed with the proper ordering.  Speculating a memory write to
a linear address that has a bogus TLB mapping is possible.  Normally, the
speculation is harmless.  But for cached memory, it does leave the falsely
speculated cacheline unmodified, but in a dirty state.  This cache line will be
eventually written back.  If this cacheline happens to intersect a region of
memory that is not protected by the cache coherency protocol, it can corrupt
data in I/O memory, which is generally a very bad thing to do, and can cause
total system failure or just plain undefined behavior.

These bugs are extremely unlikely, but the severity is of such magnitude, and
the fix so simple that I think fixing them immediately is justified.  Also,
they are nearly impossible to debug.

Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-27 12:00:59 -07:00
Ian Abbott
7e0258fd28 [PATCH] USB: ftdi_sio: add support for ASK RDR 400 series card reader
This patch adds support for an ASK RDR 400 series contactless card
reader <http://www.ask.fr/uk/products_and_services/terminals.html> to
the ftdi_sio driver's device ID table.  The product ID was supplied by
Adriano Couto on the ftdi-usb-sio-devel list.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:59 -07:00
Luiz Fernando N. Capitulino
69737dfaac [PATCH] USB: ftdi_sio: Adds support for iPlus device.
Adds support in ftdi_sio usbserial driver for USB modems sold by
Plus GSM Company in Poland.

Signed-off-by: Luiz Fernando Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:59 -07:00
Nathan Bronson
cdd3b1565a [PATCH] USB: ftdi_sio vendor code for RR-CirKits LocoBuffer USB
This patch adds recognition of the RR-CirKits LocoBuffer USB
to the existing FTDI driver.  http://www.rr-cirkits.com

Signed-off-by: Nathan Bronson <ngb@sns-usa.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:59 -07:00
Jean Delvare
c67808eee6 [PATCH] USB: Use new PCI_CLASS_SERIAL_USB_* defines
We could use the recently added PCI_CLASS_SERIAL_USB_UHCI,
PCI_CLASS_SERIAL_USB_OHCI and PCI_CLASS_SERIAL_USB_EHCI defines in
more places, for slightly shorter and clearer code.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:59 -07:00
Alan Stern
9fb81ce636 [PATCH] USB: net2280: set driver data before it is used
This patch (as671) fixes a bug in the error pathway for the net2280
probe routine.  A failure during probe will cause the driver to call
pci_get_drvdata before the corresponding pci_set_drvdata has been set.
The patch also does a kzalloc conversion.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:58 -07:00
Alan Stern
658ad5e001 [PATCH] USB: net2280: check for shared IRQs
This patch (as670) adds a check for whether a shared IRQ was actually
generated by the net2280 device.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:58 -07:00
Alan Stern
317e83b842 [PATCH] USB: net2280: send 0-length packets for ep0
This patch (as669) fixes a bug in the net2280 driver.  Now it will
properly send zero-length packets on ep0 until the control status stage
occurs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:58 -07:00
Alan Stern
a29fccd799 [PATCH] USB: net2280: Handle STALLs for 0-length control-IN requests
This patch (as668) fixes a typo in net2280.  The handler for 0-length
control-IN requests should check that the endpoint _isn't_ halted before
sending a 0-length packet.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:58 -07:00
Olivier Blondeau
f430c405ca [PATCH] USB: storage: atmel unusual dev update
Originally submitted by Olivier Blondeau <zeitoun@gmail.com>, with re-diffing
by me. Adds a new atmel unusual_dev entry.

Signed-off-by: Phil Dibowitz <phil@ipom.com>
2006-04-27 10:28:58 -07:00
Phil Dibowitz
2120638354 [PATCH] USB: Storage: unusual devs update
This patch removes the Protocol portion of the Iomega Click! device as it's not
needed. Not-needed message reported by Kenneth Crudup <kenny@panix.com>

Signed-off-by: Phil Dibowitz <phil@ipom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:57 -07:00
Wang Jun
5838171984 [PATCH] USB: add new iTegno usb CDMA 1x card support for pl2303
Add new iTegno usb CDMA 1x card (usbid '0eba:2080') support to pl2303 driver

Signed-off-by: Wang Jun <wangjun1974@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:57 -07:00
Jesper Juhl
67ca0284f6 [PATCH] USB: Resource leak fix for whiteheat driver
We may return from drivers/usb/serial/whiteheat.c::whiteheat_attach()
without freeing `result' if we leave via the no_firmware: label.

Spotted by the coverity checker as #670

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-27 10:28:57 -07:00
David Woodhouse
acc429a517 linux/blkpg.h needs <linux/compiler.h> for __user
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 16:46:56 +01:00
David Woodhouse
cd469e0cc6 Exclude asm-generic/{page,memory_model}.h from user bits of i386/x86_64 page.h
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 15:48:08 +01:00
Ralf Baechle
ee1cca1b06 [MIPS] Fix branch emulation for floating-point exceptions.
In the branch emulation for floating-point exceptions, __compute_return_epc
must determine for bc1f et al which condition code bit to test. This is
based on bits <4:2> of the rt field. The switch statement to distinguish
bc1f et al needs to use only the two low bits of rt, but the old code tests
on the whole rt field.  This patch masks off the proper bits.
    
Signed-off-by: Win Treese <treese@acm.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Ralf Baechle
79e55bcf24 [MIPS] Cleanup inode->r_dev usage.
imajor()/iminor() should be used instead of accessing r_dev directly.

Based on patch from Eric Sesterhenn (snakebyte@gmx.de).
    
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Ralf Baechle
b775565952 [MIPS] Update MIPS defconfigs.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Ralf Baechle
f7062ddb23 [MIPS] Get rid of CONFIG_ADVANCED.
It's been a horrible source of confusion and let users to shoot themselves
into both feet with uzis to no end.
    
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Ralf Baechle
3763120a31 [MIPS] Kconfig: Clarify description of CROSSCOMPILE.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Chris Dearman
7a8341969f [MIPS] 24K LV: Add core card id.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:50 +01:00
Atsushi Nemoto
2a2c3e4519 [MIPS] Sparse: fix sparse for 64-bit kernels.
This commit breaks sparse for 64bit kernel.  The -m64 option is
required.  Also, some macro values (such as _MIPS_TUNE, etc.)  contain
double-quote characters so it would be better quoting arguments by
single-quote characters.
    
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Atsushi Nemoto
6f8782c4b2 [MIPS] Use __ffs() instead of ffs() in ip32_irq0().
With recent rewrite for generic bitops, ffs() is defined the same way
as the libc and compiler built-in routines (returns int instead of
unsigned long).  Use __ffs() for 64bit value.
    
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Atsushi Nemoto
bc81824720 [MIPS] Fix bitops for MIPS32/MIPS64 CPUs.
With recent rewrite for generic bitops, fls() for 32bit kernel with
MIPS64_CPU is broken.  Also, ffs(), fls() should be defined the same
way as the libc and compiler built-in routines (returns int instead of
unsigned long).
    
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Atsushi Nemoto
c0858d82fa [MIPS] Fix ip27 build.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Ralf Baechle
5dac83030a [MIPS] Oprofile: fix sparse warning.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Ralf Baechle
49e31ca838 [MIPS] Fix oprofile module unloading
When unloading oprofile module with timer-mode, oprofile_arch_exit
dereferences a NULL pointer.
    
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-27 15:13:49 +01:00
Jens Axboe
eb20796bf6 [PATCH] splice: make the read-side do batched page lookups
Use the new find_get_pages_contig() to potentially look up the entire
splice range in one single call. This speeds up generic_file_splice_read()
quite a bit.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-27 11:05:22 +02:00
Jens Axboe
ebf43500ef [PATCH] Add find_get_pages_contig(): contiguous variant of find_get_pages()
find_get_pages_contig() will break out if we hit a hole in the page cache.
From Andrew Morton, small modifications and documentation by me.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-27 08:59:48 +02:00
Jens Axboe
eb645a24de [PATCH] splice: switch to using page_cache_readahead()
Avoids doing useless work, when the file is fully cached.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-27 08:59:48 +02:00
David Woodhouse
ad15887986 Add standard include guard to asm-generic/signal and use compiler.h
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 06:57:23 +01:00
David Woodhouse
274f5946dc Don't include implementation details from asm-s390/ptrace.h and page.h
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 04:47:10 +01:00
Linus Torvalds
2be4d50295 Linux v2.6.17-rc3 2006-04-26 19:19:25 -07:00
David Woodhouse
b7b3c76a0a Sanitise linux/sched.h for userspace consumption
There was a whole load of crap exposed which should have been inside the
existing #ifdef __KERNEL__ part. Also hide struct sched_param for now,
since glibc has its own and doesn't like being given ours (yet).

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 00:12:56 +01:00
David Woodhouse
f001e47f83 Sanitise linux/audit.h for userspace consumption, split elf-em.h from elf.h
Don't include <linux/sched.h> outside __KERNEL__, and split the EM_xxx
definitions out of elf.h into elf-em.h so that audit.h can include just
that and not pollute the namespace any further than it needs to.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-04-27 00:11:01 +01:00
Linus Torvalds
a82642fa19 Merge master.kernel.org:/home/rmk/linux-2.6-mmc
* master.kernel.org:/home/rmk/linux-2.6-mmc:
  [MMC] pxamci: fix data timeout calculation
2006-04-26 15:45:27 -07:00
Linus Torvalds
58f8236bed Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] nommu: trivial fixups for head-nommu.S and the Makefile
  [ARM] vfp: fix leak of VFP_NAN_FLAG into FPSCR
  [ARM] 3484/1: Correct AEABI CFLAGS for correct enum handling
2006-04-26 15:45:02 -07:00
Russell King
f13d241bc3 Merge nommu tree 2006-04-26 21:18:45 +01:00
Chandra Seetharaman
83d722f7e1 [PATCH] Remove __devinit and __cpuinit from notifier_call definitions
Few of the notifier_chain_register() callers use __init in the definition
of notifier_call.  It is incorrect as the function definition should be
available after the initializations (they do not unregister them during
initializations).

This patch fixes all such usages to _not_ have the notifier_call __init
section.

Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 08:30:03 -07:00
Chandra Seetharaman
649bbaa484 [PATCH] Remove __devinitdata from notifier block definitions
Few of the notifier_chain_register() callers use __devinitdata in the
definition of notifier_block data structure.  It is incorrect as the
data structure should be available after the initializations (they do
not unregister them during initializations).

This was leading to an oops when notifier_chain_register() call is
invoked for those callback chains after initialization.

This patch fixes all such usages to _not_ have the notifier_block data
structure in the init data section.

Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 08:27:50 -07:00
James Morris
e7edf9cded [PATCH] LSM: add missing hook to do_compat_readv_writev()
This patch addresses a flaw in LSM, where there is no mediation of readv()
and writev() in for 32-bit compatible apps using a 64-bit kernel.

This bug was discovered and fixed initially in the native readv/writev
code [1], but was not fixed in the compat code.  Thanks to Al for spotting
this one.

  [1] http://lwn.net/Articles/154282/

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
Al Viro
a090d9132c [PATCH] protect ext3 ioctl modifying append_only, immutable, etc. with i_mutex
All modifications of ->i_flags in inodes that might be visible to
somebody else must be under ->i_mutex.  That patch fixes ext3 ioctl()
setting S_APPEND and friends.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
Al Viro
6ad0013b31 [PATCH] fix mips sys32_p{read,write}
Switched to use of sys_pread64()/sys_pwrite64() rather than keep duplicating
their guts; among the little things that had been missing there were such as
	ret = security_file_permission (file, MAY_READ);
Gotta love the LSM robustness, right?

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
Al Viro
de0bb97aff [PATCH] forgotten ->b_data in memcpy() call in ext3/resize.c (oopsable)
sbi->s_group_desc is an array of pointers to buffer_head.  memcpy() of
buffer size from address of buffer_head is a bad idea - it will generate
junk in any case, may oops if buffer_head is close to the end of slab
page and next page is not mapped and isn't what was intended there.
IOW, ->b_data is missing in that call.  Fortunately, result doesn't go
into the primary on-disk data structures, so only backup ones get crap
written to them; that had allowed this bug to remain unnoticed until
now.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
Al Viro
c82ffb07cd [PATCH] fix leak in activate_ep_files()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
Linus Torvalds
7b97ebfb93 Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block:
  [PATCH] splice: add ->splice_write support for /dev/null
  [PATCH] splice: rearrange moving to/from pipe helpers
  [PATCH] Add support for the sys_vmsplice syscall
  [PATCH] splice: fix offset problems
  [PATCH] splice: fix min() warning
2006-04-26 07:47:55 -07:00
Linus Torvalds
07db8696f5 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  [PATCH] forcedeth: fix initialization
  [PATCH] sky2: version 1.2
  [PATCH] sky2: reset function can be devinit
  [PATCH] sky2: use ALIGN() macro
  [PATCH] sky2: add fake idle irq timer
  [PATCH] sky2: reschedule if irq still pending
  [PATCH] bcm43xx: make PIO mode usable
  [PATCH] bcm43xx: add to MAINTAINERS
  [PATCH] softmac: fix SIOCSIWAP
  [PATCH] Fix crash on big-endian systems during scan
  e1000: Update truesize with the length of the packet for packet split
  [PATCH] Fix locking in gianfar
2006-04-26 07:46:19 -07:00
Linus Torvalds
bd5838b9cc Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [BRIDGE]: allow full size vlan packets
2006-04-26 07:45:57 -07:00
Jens Axboe
1ebd32fc54 [PATCH] splice: add ->splice_write support for /dev/null
Useful for testing.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26 14:40:08 +02:00
Jens Axboe
00522fb41a [PATCH] splice: rearrange moving to/from pipe helpers
We need these for people writing their own ->splice_read/write hooks.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26 14:39:29 +02:00