- 17 Dec, 2006 1 commit
-
-
Tejun Heo authored
ATAPI devices transfer fixed number of bytes for CDBs (12 or 16). Some ATAPI devices choke when shorter CDB is used and the left bytes contain garbage. Block SG_IO cleared left bytes but SCSI SG_IO didn't. This patch makes SCSI SG_IO clear it and simplify CDB clearing in block SG_IO. Signed-off-by:
Tejun Heo <htejun@gmail.com> Acked-by:
Jens Axboe <jens.axboe@oracle.com> Signed-off-by:
Adrian Bunk <bunk@stusta.de>
-
- 15 Dec, 2006 5 commits
-
-
Linus Torvalds authored
Not all graphic page remappers support physical addresses over the 4GB mark for remapping, so while some do (the AMD64 GART always did, and I just fixed the i965 to do so properly), we're safest off just forcing GFP_DMA32 allocations to make sure graphics pages get allocated in the low 32-bit address space by default. AGP sub-drivers that really care, and can do better, could just choose to implement their own allocator (or we could add another "64-bit safe" default allocator for their use), but quite frankly, you're not likely to care in practice. So for now, this trivial change means that we won't be allocating pages that we can't map correctly by mistake on x86-64. [ On traditional 32-bit x86, this could never happen, because GFP_KERNEL would never allocate any highmem memory anyway ] Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
-
Neil Brown authored
An md array can be asked to change the amount of each device that it is using, and in particular can be asked to use the maximum available space. This currently only works if the first device is not larger than the rest. As 'size' gets changed and so 'fit' becomes wrong. So check if a 'fit' is required early and don't corrupt it. Signed-off-by:
Doug Ledford <dledford@redhat.com> Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Zachary Amsden authored
It is possible to have tasklets get scheduled before softirqd has had a chance to spawn on all CPUs. This is totally harmless; after success during action CPU_UP_PREPARE, action CPU_ONLINE will be called, which immediately wakes softirqd on the appropriate CPU to process the already pending tasklets. So there is no danger of having a missed wakeup for any tasklets that were already pending. In particular, i386 is affected by this during startup, and is visible when using a very large initrd; during the time it takes for the initrd to be decompressed, a timer IRQ can come in and schedule RCU callbacks. It is also possible that resending of a hardware IRQ via a softirq triggers the same bug. Because of different timing conditions, this shows up in all emulators and virtual machines tested, including Xen, VMware, Virtual PC, and Qemu. It is also possible to trigger on native hardware with a large enough initrd, although I don't have a reliable case demonstrating that. Signed-off-by:
Zachary Amsden <zach@vmware.com> Signed-off-by:
-
Christophe Saout authored
Fix corruption issue with dm-crypt on top of software raid5. Cancelled readahead bio's that report no error, just have BIO_UPTODATE cleared were reported as successful reads to the higher layers (and leaving random content in the buffer cache). Already fixed in 2.6.19. Signed-off-by:
Christophe Saout <christophe@saout.de> Signed-off-by:
-
Christophe Saout authored
The sunrpc scheduler contains a race condition that can let an RPC task end up being neither running nor on any wait queue. The race takes place between rpc_make_runnable (called from rpc_wake_up_task) and __rpc_execute under the following condition: First __rpc_execute calls tk_action which puts the task on some wait queue. The task is dequeued by another process before __rpc_execute continues its execution. While executing rpc_make_runnable exactly after setting the task `running' bit and before clearing the `queued' bit __rpc_execute picks up execution, clears `running' and subsequently both functions fall through, both under the false assumption somebody else took the job. Swapping rpc_test_and_set_running with rpc_clear_queued in rpc_make_runnable fixes that hole. This introduces another possible race condition that can be handled by checking for `queued' after setting the `running' bit. Bug noticed on a 4-way x86_64 system under XEN with an NFSv4 server on the same physical machine, apparently one of the few ways to hit this race condition at all. Signed-off-by:
Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by:
-
- 14 Dec, 2006 24 commits
-
-
Dave Jones authored
snd_ctl_add() kfree's the kcontrol already if we fail there, so this driver is currently doing a double kfree. Coverity bug #959 Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
-
Dave Jones authored
snd_ctl_add() already does the free on error. Coverity bug #957 Signed-off-by:
-
Dave Jones authored
Don't read from free'd memory. Also make use of the return value, and don't register the device if something went wrong creating the port. Coverity #954, #955 Signed-off-by:
-
Dave Jones authored
snd_ctl_add() already kfree's on error. Coverity #956 Signed-off-by:
-
Adrian Bunk authored
This patch fixes off-by-one errors found by the Coverity checker. Signed-off-by: -
Adrian Bunk authored
This patch fixes two memory leaks spotted by the Coverity checker. Signed-off-by: -
Adrian Bunk authored
This patch fixes three off-by-one errors found by the Coverity checker. Signed-off-by: -
Peer Chen authored
Add support for PATA controllers of MCP67 to amd74xx.c. Signed-off-by:
Peer Chen <pchen@nvidia.com> Signed-off-by:
-
Peer Chen authored
Signed-off-by: -
Randy Dunlap authored
Add some nVidia chipset ID's support. Signed-off-by: -
Andrew Chew authored
Added MCP61 support to sata_nv and amd74xx. Signed-off-by:
Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Jeff Garzik authored
Based on a patch contributed by Andrew Chew @ NVIDIA. Signed-off-by:
-
Mark McLoughlin authored
When suspending a device-mapper device, dm_suspend() sleeps until all necessary I/O is completed. This state is triggered by a callback from persistent_commit(). But some I/O can still be issued *after* the callback (to prepare the next metadata area for use if the current one is full). This patch delays the callback until after that I/O is complete. Signed-off-by:
Mark McLoughlin <markmc@redhat.com> Signed-off-by:
Alasdair G Kergon <agk@redhat.com> Signed-off-by:
-
Daniel Kobras authored
On an nForce4-equipped machine with two SATA disk in raid1 setup using dmraid, we experienced frequent deadlock of the system under high i/o load. 'cat /dev/zero > ~/zero' was the most reliable way to reproduce them: Randomly after a few GB, 'cp' would be left in 'D' state along with kjournald and kmirrord. The functions cp and kjournald were blocked in did vary, but kmirrord's wchan always pointed to 'mempool_alloc()'. We've seen this pattern on 2.6.15 and 2.6.17 kernels. http://lkml.org/lkml/2005/4/20/142 indicates that this problem has been around even before. So much for the facts, here's my interpretation: mempool_alloc() first tries to atomically allocate the requested memory, or falls back to hand out preallocated chunks from the mempool. If both fail, it puts the calling process (kmirrord in this case) on a private waitqueue until somebody refills the pool. Where the only 'somebody' is kmirrord itself, so we have a deadlock. I worked around this problem by falling back to a (blocking) kmalloc when before kmirrord would have ended up on the waitqueue. This defeats part of the benefits of using the mempool, but at least keeps the system running. And it could be done with a two-line change. Note that mempool_alloc() clears the GFP_NOIO flag internally, and only uses it to decide whether to wait or return an error if immediate allocation fails, so the attached patch doesn't change behaviour in the non-deadlocking case. Path is against current git (2.6.18-rc4), but should apply to earlier versions as well. I've tested on 2.6.15, where this patch makes the difference between random lockup and a stable system. Signed-off-by:
Daniel Kobras <kobras@linux.de> Acked-by:
-
Neil Brown authored
The device-mapper core does not perform any remapping of bios before passing them to the targets. If a particular mapping begins part-way into a device, targets obtain the sector relative to the start of the mapping by subtracting ti->begin. The dm-raid1 target didn't do this everywhere: this patch fixes it, taking care to subtract ti->begin exactly once for each bio. Signed-off-by:
-
Jeff Mahoney authored
The reference counting on dm-mod is zero if no mapped devices are open. This is incorrect, and can lead to an oops if the module is unloaded while mapped devices exist. This patch claims a reference to the module whenever a device is created, and drops it again when the device is freed. Devices must be removed before dm-mod is unloaded. Signed-off-by:
Jeff Mahoney <jeffm@suse.com> Signed-off-by:
-
Alasdair G Kergon authored
Persistent snapshots currently store a private copy of the chunk size. Userspace also supplies the chunk size when loading a snapshot. Ensure consistency by only storing the chunk_size in one place instead of two. Currently the two sizes will differ if the chunk size supplied by userspace does not match the chunk size an existing snapshot actually uses. Amongst other problems, this causes an incorrect 'percentage full' to be reported. The patch ensures consistency by only storing the chunk_size in one place, removing it from struct pstore. Some initialisation is delayed until the correct chunk_size is known. If read_header() discovers that the wrong chun size was supplied, the 'area' buffer (which the header already got read into is reinitialised to the correct size. Signed-off-by:
-
Michal Miroslaw authored
Fix BUG I tripped on while testing failover and multipathing. BUG shows up on error path in multipath_ctr() when parse_priority_group() fails after returning at least once without error. The fix is to initialize m->ti early - just after alloc()ing it. BUG: unable to handle kernel NULL pointer dereference at virtual address 0000000 0 printing eip: c027c3d2 *pde = 00000000 Oops: 0000 [#3] Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy CPU: 0 EIP: 0060:[<c027c3d2>] Not tainted VLI EFLAGS: 00010202 (2.6.17.3 #1) EIP is at dm_put_device+0xf/0x3b eax: 00000001 ebx: ee4fcac0 ecx: 00000000 edx: ee4fcac0 esi: ee4fc4e0 edi: ee4fc4e0 ebp: 00000000 esp: c5db3e78 ds: 007b es: 007b ss: 0068 Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90) Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480 f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000 00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000 Call Trace: <c02816bd> free_pgpaths+0x31/0x45 <c02816f6> free_priority_group+0x25/0x2e <c0281801> free_multipath+0x35/0x67 <c0281ffe> multipath_ctr+0x123/0x12d <c027c6ee> dm_table_add_target+0x11e/0x18b <c027e5b4> populate_table+0x8a/0xaf <c027e62b> table_load+0x52/0xf9 <c027ec23> ctl_ioctl+0xca/0xfc <c027e5d9> table_load+0x0/0xf9 <c0152146> do_ioctl+0x3e/0x43 <c0152360> vfs_ioctl+0x16c/0x178 <c01523b4> sys_ioctl+0x48/0x60 <c01029b3> syscall_call+0x7/0xb Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02 EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78 Signed-off-by:Michal Miroslaw <mirq-linux@rere.qmqm.pl> Acked-by:
-
Jean Delvare authored
Fix uses of "&&" where "&" was obviously intended instead. Signed-off-by:
Jean Delvare <khali@linux-fr.org> Signed-off-by:
-
Joerg Ahrens authored
I am using a Xircom CEM33 pcmcia NIC which has occasional hardware problems. If the netdev watchdog detects a transmit timeout, do_reset is called which msleeps - this is illegal in atomic context. This patch schedules the timeout handling as a workqueue item. Signed-off-by: -
Alexey Kuznetsov authored
Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) = > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). = > Is the following case possible: a BH interrupts fib_release_info() while = > holding the write lock, and calls ip_check_fib_default() which calls = > read_lock(&fib_info_lock), and spin forever. Signed-off-by:
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by:
-
Hans Verkuil authored
The TUNER_LG_NTSC_TAPE is identical in all respects to the TUNER_PHILIPS_FM1236_MK3. So use the params struct for the Philips tuner. Also add this LG_NTSC_TAPE tuner to the switches where radio specific parameters are set so it behaves like a TUNER_PHILIPS_FM1236_MK3. This change fixes the radio support for this tuner (the wrong bandswitch byte was used). Thanks to Andy Walls <cwalls@radix.net> for finding this bug. Signed-off-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Signed-off-by:
-
Michael Krufky authored
In some cases when using VSB, the AGC status register has been known to falsely report "no signal" when in fact there is a carrier lock. The datasheet labels these status flags as QAM only, yet the lgdt330x module is using these flags for both QAM and VSB. This patch allows for the carrier recovery lock status register to be tested, even if the agc signal status register falsely reports no signal. Thanks to jcrews from #linuxtv in irc, for initially reporting this bug. Signed-off-by:
-
Herbert Xu authored
The SHA384 block size should be 128 bytes, not 96 bytes. This was spotted by Andrew Donofrio. This breaks HMAC which uses the block size during setup and the final calculation. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
- 13 Dec, 2006 1 commit
-
-
Adrian Bunk authored
-
- 09 Dec, 2006 4 commits
-
-
Adrian Bunk authored
-
Chuck Ebbert authored
Fix check for bad address; use macro instead of open-coding two checks. Taken from RHEL4 kernel update. From: Ernie Petrides <petrides@redhat.com> For background, the BAD_ADDR() macro should return TRUE if the address is TASK_SIZE, because that's the lowest address that is *not* valid for user-space mappings. The macro was correct in binfmt_aout.c but was wrong for the "equal to" case in binfmt_elf.c. There were two in-line validations of user-space addresses in binfmt_elf.c, which have been appropriately converted to use the corrected BAD_ADDR() macro in the patch you posted yesterday. Note that the size checks against TASK_SIZE are okay as coded. The additional changes that I propose are below. These are in the error paths for bad ELF entry addresses once load_elf_binary() has already committed to exec'ing the new image (following the tearing down of the task's original address space). The 1st hunk deals with the interp-side of the outer "if". There were two problems here. The printk() should be removed because this path can be triggered at will by a bogus interpreter image created and used by a malicious user. Further, the error code should not be ENOEXEC, because that causes the loop in search_binary_handler() to continue trying other exec handlers (twice, in fact). But it's too late for this to work correctly, because the user address space has already been torn down, and an exec() failure cannot be returned to the user code because the code no longer exists. The only recovery is to force a SIGSEGV, but it's best to terminate the search loop immediately. I somewhat arbitrarily chose EINVAL as a fallback error code, but any error returned by load_elf_interp() will override that (but this value will never be seen by user-space). The 2nd hunk deals with the non-interp-side of the outer "if". There were two problems here as well. The SIGSEGV needs to be forced, because a prior sigaction() syscall might have set the associated disposition to SIG_IGN. And the ENOEXEC should be changed to EINVAL as described above. Signed-off-by:
Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by:
-
David S. Miller authored
We grab a reference to the route's inetpeer entry but forget to release it in xfrm4_dst_destroy(). Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Patrick McHardy authored
Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
- 08 Dec, 2006 5 commits
-
-
Adrian Bunk authored
This patch reverts the quirk_via_irq changes in 2.6.16.17 that caused regressions for several people. Signed-off-by: -
Daniel Ritz authored
Signed-off-by:
Daniel Ritz <daniel.ritz@gmx.ch> Signed-off-by:
-
Daniel Ritz authored
- add the ICH6(R) LPC to the ICH6 ACPI quirks. currently only the ICH6-M is handled. [ PCI_DEVICE_ID_INTEL_ICH6_1 is the ICH6-M LPC, ICH6_0 is the ICH6(R) ] Signed-off-by:
-
Jean Delvare authored
Unhide the SMBus controller on the Asus PU-DLS board. This fixes bug #6763. Signed-off-by:
-
Bjorn Helgaas authored
Without this quirk, e100 can be pulling on a shared interrupt line when another device (eg. USB) loads, causing the interrupt to scream and get disabled. http://bugzilla.kernel.org/show_bug.cgi?id=5918Signed-off-by:
Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by:
-
