When calling a semctl(IPC_STAT) without IPC_64 the check if the memory is
unevaluated. This patch fixes this.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A bug in headers_install for ARCH=x86_64 yields an asm/ directory full of
files all of which are using the same #ifdef guard, "__ASM_STUB_" with no
postfix. So the second and later asm files #included in the same C file
(often through standard headers like ioctl.h) yields no symbols.
Strangeness with the Ubuntu 'tell me if I support something that's not
explcitly mentioned in POSIX, and I'll strip it out' shell, I believe.
We don't need the 'export' but we do need a semicolon at the end of the
FNAME line:
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Rob Landley <rob@landley.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Processors synchronization in set_mtrr requires the .gate field to be set
after .count field is properly initialized. Without an explicit barrier,
the compiler was reordering those memory stores. That was sometimes
causing a processor (in ipi_handler) to see the .gate change and decrement
.count before the latter is set by set_mtrr() (which then hangs in a
infinite loop with irqs disabled).
Signed-off-by: Loic Prylli <loic@myri.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The commit 635cf99a80 introduced a
regression. Executing a ptrace single step after certain int80
accesses will infinitely loop and never advance the PC.
The TIF_SINGLESTEP check should be done on the return from the syscall
and not before it.
I loops on each single step on the pop right after the int80 which writes out
to the console. At that point you can issue as many single steps as you want
and it will not advance any further.
The test case is below:
/* Test whether singlestep through an int80 syscall works.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
#include <sys/mman.h>
#include <asm/user.h>
#include <string.h>
static int child, status;
static struct user_regs_struct regs;
static void do_child()
{
char str[80] = "child: int80 test\n";
ptrace(PTRACE_TRACEME, 0, 0, 0);
kill(getpid(), SIGUSR1);
write(fileno(stdout),str,strlen(str));
asm ("int $0x80" : : "a" (20)); /* getpid */
}
static void do_parent()
{
unsigned long eip, expected = 0;
again:
waitpid(child, &status, 0);
if (WIFEXITED(status) || WIFSIGNALED(status))
return;
if (WIFSTOPPED(status)) {
ptrace(PTRACE_GETREGS, child, 0, ®s);
eip = regs.eip;
if (expected)
fprintf(stderr, "child stop @ %08lx, expected %08lx %s\n",
eip, expected,
eip == expected ? "" : " <== ERROR");
if (*(unsigned short *)eip == 0x80cd) {
fprintf(stderr, "int 0x80 at %08x\n", (unsigned int)eip);
expected = eip + 2;
} else
expected = 0;
ptrace(PTRACE_SINGLESTEP, child, NULL, NULL);
}
goto again;
}
int main(int argc, char * const argv[])
{
child = fork();
if (child)
do_parent();
else
do_child();
return 0;
}
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: <stable@kernel.org>
Cc: Chuck Ebbert <76306.1226@compuserve.com>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
elf_core_dump() supports dumping arch specific ELF notes, via the #define
ELF_CORE_WRITE_EXTRA_NOTES. Currently the only user of this is the powerpc
spu coredump code.
There is a bug in the handling of foffset WRT the arch notes, which causes
us to erroneously increment foffset by the size of the arch notes, leaving
a block of zeroes in the file, and causing all subsequent data in the file
to be at <supposed position> + <arch note size>. eg:
LOAD 0x050000 0x00100000 0x00000000 0x20000 0x20000 R E 0x10000
Tells us we should have a chunk of data at 0x50000. The truth is the data
is at 0x90dbc = 0x50000 + 0x40dbc (the size of the arch notes).
This bug prevents gdb from reading the core file correctly.
The simplest fix is to simply remember the size of the arch notes, and add
it to foffset after we've written the arch notes. The only drawback is
that if the arch code doesn't write as many bytes as it said it would, we
end up with a broken core dump again. For now I think that's a reasonable
requirement.
Tested on a Cell blade, gdb no longer complains about the core file being
bogus.
While I'm here I should point out that the spu coredump code does not work
if we're dumping to a pipe - we'll have to wait for 23 to fix that.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The idle loop goes to sleep using the WAIT instruction if !need_resched().
This has is suffering from from a race condition that if if just after
need_resched has returned 0 an interrupt might set TIF_NEED_RESCHED but
we've just completed the test so go to sleep anyway. This would be
trivial to fix by just disabling interrupts during that sequence as in:
local_irq_disable();
if (!need_resched())
__asm__("wait");
local_irq_enable();
but the processor architecture leaves it undefined if a processor calling
WAIT with interrupts disabled will ever restart its pipeline and indeed
some processors have made use of the freedom provided by the architecture
definition. This has been resolved and the Config7.WII bit indicates that
the use of WAIT is safe on 24K, 24KE and 34K cores. It also is safe on
74K starting revision 2.1.0 so enable the use of WAIT with interrupts
disabled for 74K based on a c0_prid of at least that.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Older processors used to encode processor version and revision in two
4-bit bitfields, the 4K seems to simply count up and even newer MTI cores
have switched to use the 8-bits as 3:3:2 bitfield with the last field as
the patch number.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The RM7000 processors and the E9000 cores have a bug (though PMC-Sierra
opposes it being called that) where invalid instructions in the same
I-cache line worth of instructions being fetched may case spurious
exceptions.
The workaround for this was only enabled for E9000 cores; enable it also
for all RM7000-based platforms.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Reported by Eugene Surovegin <ebs@ebshome.net>.
If only modules were users of these functions they did not get linked into
the kernel proper, so later module loads would fail as well.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
C0_status doesn't need to be initialized at this point anyway; the register
will be initialized later.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
>From my recent patch:
> > #1
> > Until kernel ver. 2.6.21 (including) cancel_rearming_delayed_work()
> > required a work function should always (unconditionally) rearm with
> > delay > 0 - otherwise it would endlessly loop. This patch replaces
> > this function with cancel_delayed_work(). Later kernel versions don't
> > require this, so here it's only for uniformity.
But Oleg Nesterov <oleg@tv-sign.ru> found:
> But 2.6.22 doesn't need this change, why it was merged?
>
> In fact, I suspect this change adds a race,
...
His description was right (thanks), so this patch reverts #1.
Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Every file should include the headers containing the prototypes for
its global functions.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Choices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
skb_clone_fraglist is static so it shouldn't be exported.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
SCTP currently permits users to bind to link-local addresses,
but doesn't verify that the scope id specified at bind matches
the interface that the address is configured on. It was report
that this can hang a system.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In-kernel sockets created with sock_create_kern don't usually
have a file and file descriptor allocated to them. As a result,
when SCTP tries to check the non-blocking flag, we Oops when
dereferencing a NULL file pointer.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Correctly dereference bytes_copied in sctp_copy_laddrs().
I totally must have spaced when doing this.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] always allow dump_stack() to produce a backtrace
[ARM] Fix non-page aligned boot time mappings
[ARM] 4458/1: pxa: Fix CKEN usage and hence fix pxa suspend/resume
[ARM] 4454/1: Use word accesses in Versatile PCI config reads
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: document some of keycodes
Input: add a new EV_SW SW_RADIO event, for radio switches on laptops
Input: serio - take drv_mutex in serio_cleanup()
Input: atkbd - use printk_ratelimit for spurious ACK messages
Input: atkbd - throttle LED switching
Input: i8042 - add HP Pavilion ZT1000 to the MUX blacklist
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Update defconfigs
[POWERPC] Uninline and export virq_to_hw() for the pasemi_mac driver
[POWERPC] Fix PMI breakage in cbe_cbufreq driver
[POWERPC] Disable old EMAC driver in arch/powerpc
Commit b46b8f19c9 fixed a couple of bugs
by switching the redzone to 64 bits. Unfortunately, it neglected to
ensure that the _second_ redzone, after the slab object, is aligned
correctly. This caused illegal instruction faults on sparc32, which for
some reason not entirely clear to me are not trapped and fixed up.
Two things need to be done to fix this:
- increase the object size, rounding up to alignof(long long) so
that the second redzone can be aligned correctly.
- If SLAB_STORE_USER is set but alignof(long long)==8, allow a
full 64 bits of space for the user word at the end of the buffer,
even though we may not _use_ the whole 64 bits.
This patch should be a no-op on any 64-bit architecture or any 32-bit
architecture where alignof(long long) == 4. Of the others, it's tested
on ppc32 by myself and a very similar patch was tested on sparc32 by
Mark Fortescue, who reported the new problem.
Also, fix the conditions for FORCED_DEBUG, which hadn't been adjusted to
the new sizes. Again noticed by Mark.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Don't make this dependent on CONFIG_DEBUG_KERNEL - if we hit a WARN_ON
we need the stack trace to work out how we got to that point.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Yeah, we could have just disabled it, but there's work on a new one that
isn't as fundamentally broken, so there really doesn't seem to be any
point in keeping it around.
The recent timer cleanup broke the only valid use, and when I say
"valid", I obviously mean "totally broken". So it's not like it works,
or really even can work in the current format that uses the unsafe
"panic" LED blinking routines..
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
AT91SAM9260 stopped booting with the recent changes to MM
initialisation - it was asking for a non-aligned virtual address
which caused loops to be non-terminal. Fix this by rounding
virtual addresses down, but remember to include the offset in
the length, and round the length up to the following page.
This means that asking for a mapping of 4K starting at 2K into
a page maps two pages as one would expect.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] VSMP: Fix initialization ordering bug.
[MIPS] Add whitelists for checksyscalls.sh
[MIPS] die(): Properly declare as non-returning
[MIPS] Fix include wrapper symbol definitions in IP32 code.
This marks the declaration of die() correctly, removing "control reaches
end of non-void function" warnings from non-void functions that die() at
the end.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Some IP35 defines snuck into some IP32-specific code during the DMA re-write.
Signed-off-by: Joshua Kinard <kumba@gentoo.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
We should have stopped returning 1 from read_dnode() to indicate
failure. We can just mark the damn thing obsolete immediately. But I
missed a case where we don't.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
When Andi reverted the HPET resource reservation (in commit
0f8dc2f065), he didn't remove the now
unused variables, which just causes gcc to be noisy.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Badari Pulavarty reported a case of this BUG_ON is triggering during
testing. It's completely bogus and should be removed.
It's trying to notice if we left references to the dio hanging around in
the sync case. They should have been dropped as IO completed while this
path was in dio_await_completion(). This condition will also be
checked, via some twisty logic, by the BUG_ON(ret != -EIOCBQUEUED) a few
lines lower. So to start this BUG_ON() is redundant.
More fatally, it's dereferencing dio-> after having dropped its
reference. It's only safe to dereference the dio after releasing the
lock if the final reference was just dropped. Another CPU might free
the dio in bio completion and reuse the memory after this path drops the
dio lock but before the BUG_ON() is evaluated.
This patch passed aio+dio regression unit tests and aio-stress on ext3.
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
With this change it works again when the nmi watchdog is disabled.
Signed-off-by: Andi Kleen <ak@suse.de>
Cc: Björn Steinbrink <B.Steinbrink@gmx.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matthias Lenk reports that the PCI subsystem would move the HPET on
SB400/SB600-based systems, where the HPET is in BAR1 of the SMbus
controller.
The reason? The ACPI layer registered the PCI MMIO range as being busy
too early, before PCI enumeration had happened, causing the PCI layer to
decide that it should relocate the resources somewhere else.
Firmware resources should be marked busy _after_ the PCI enumeration and
probing has happened, not before.
Remove the too-early reservation, we'll fix it up to do it properly
later. In the meantime, this solves the regression.
Tested-by: Matthias Lenk <matthias.lenk@amd.com>
Cc: Aaron Durbin <adurbin@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of ssh://master.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb:
V4L/DVB (5822): Fix the return value in ttpci_budget_init()
V4L/DVB (5818): CinergyT2: fix flush_workqueue() vs work->func() deadlock
V4L/DVB (5816): Cx88-blackbird: fix vidioc_g_tuner never ending list of tuners
V4L/DVB (5808): Bttv: fix v4l1 breaking the driver
If we move the local_irq_enable() to the end of the function then
add_partial() in early_kmem_cache_node_alloc() will be called
with interrupts disabled like during regular operations.
This makes lockdep happy.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Tested-by: Andre Noll <maan@systemlinux.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The clock_was_set() call in seconds_overflow() which happens only when
leap seconds are inserted / deleted is wrong in two aspects:
1. it results in a call to on_each_cpu() with interrupts disabled
2. it is potential deadlock source vs. call_lock in smp_call_function()
The only possible side effect of the removal might be, that an absolute
CLOCK_REALTIME timer fires 1 second too late, in the rare case of leap
second deletion and an absolute CLOCK_REALTIME timer which expires in
the affected time frame. It will never fire too early.
This was probably observed by the reporter of a June 30th -> July 1st
hang: http://lkml.org/lkml/2007/7/3/103
A similar problem was observed by Dave Jones, who provided a screen shot
with a lockdep back trace, which allowed to analyse the problem.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/ide/setup-pci.c: In function 'ide_scan_pcibus':
drivers/ide/setup-pci.c:879: warning: ignoring return value of '__pci_register_driver', declared with attribute warn_unused_result
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Recently the PLL input clock of Promise 2027x is sometimes detected
higher than expected (e.g. 20.027 MHz compared to 16.714 MHz).
It seems sometimes the mdelay() function is not as precise as it
used to be. Per Alan's advice, HT or power management might affect
the precision of mdelay().
This patch calls gettimeofday() to measure the time elapsed and
calculate the PLL input clock accordingly.
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Bahadir Balban <bahadir.balban@gmail.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
SWDMA modes are unsupported by it821x. Attempts to tune SWDMA modes always
fail (due to sanity check in ->speedproc) and result in PIO being tuned.
* Fix incorrect SWDMA mask so core code won't try these modes and will just
tune PIO if no other DMA modes are available.
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
* Driver can't skip programming transfer mode on the device in amd_set_drive()
(similar fix has been applied to via82cxxx driver ages ago).
* While at it remove redundant warning (ide_config_drive_speed() already
produces more valuable one).
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
The HPT36x chips finally turned out to have the channel enable bits -- however,
badly implemented. Make use of them despite it's probably only going to burden
the driver's code -- assuming both channels are always enabled by the HighPoint
BIOS anyway...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: Linas Vepstas <linas@austin.ibm.com>
Cc: michal.kepien@poczta.onet.pl
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add the MAXTOR STM3320620A drive into the UltraDMA/66 mode blacklist
for the HPT36x chips.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Found by a static analyser. It is in theory possible we dereference
dev->id when it has become invalid. Re-order to avoid this.
Not needed for new-ide as we no longer support the crazy exabyte nest stuff
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Look at wait_drive_not_busy in drivers/ide/ide-taskfile.c:
static u8 wait_drive_not_busy(ide_drive_t *drive)
{
ide_hwif_t *hwif = HWIF(drive);
int retries = 100;
u8 stat;
/*
* Last sector was transfered, wait until drive is ready.
* This can take up to 10 usec, but we will wait max 1 ms
* (drive_cmd_intr() waits that long).
*/
while (((stat = hwif->INB(IDE_STATUS_REG)) & BUSY_STAT) && retries--)
udelay(10);
if (!retries)
printk(KERN_ERR "%s: drive still BUSY!\n", drive->name);
return stat;
}
`printk' is never called because `retries' never holds zero at the
outside of `while' loop: when `retries' holds zero at the while's loop
condition, `retries' will hold -1 at the if condition.
Signed-off-by: Masatake YAMATO <jet@gyve.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Cc: joe@perches.com
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
if the call to budget_register() fails in ttpci_budget_int(),
ttpci_budget_init() returns success. The attached patch will
fix this problem.
Signed-off-by: Hartmut Birr <e9hack@googlemail.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>