On the latest kernels if one was to load about 15 rules, set the failure
state to panic, and then run service auditd stop the kernel will panic.
This is because auditd stops, then the script deletes all of the rules.
These deletions are sent as audit messages out of the printk kernel
interface which is already known to be lossy.  These will overun the
default kernel rate limiting (10 really fast messages) and will call
audit_panic().  The same effect can happen if a slew of avc's come
through while auditd is stopped.

This can be fixed a number of ways but this patch fixes the problem by
just not panicing if auditd is not running.  We know printk is lossy and
if the user chooses to set the failure mode to panic and tries to use
printk we can't make any promises no matter how hard we try, so why try?
At least in this way we continue to get lost message accounting and will
eventually know that things went bad.

The other change is to add a new call to audit_log_lost() if auditd
disappears.  We already pulled the skb off the queue and couldn't send
it so that message is lost.  At least this way we will account for the
last message and panic if the machine is configured to panic.  This code
path should only be run if auditd dies for unforeseen reasons.  If
auditd closes correctly audit_pid will get set to 0 and we won't walk
this code path.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Fix the following compiler warning by using "%zu" as defined in C99.

  CC      kernel/auditsc.o
  kernel/auditsc.c: In function 'audit_log_single_execve_arg':
  kernel/auditsc.c:1074: warning: format '%ld' expects type 'long int', but
  argument 4 has type 'size_t'
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  [libata] wrap kmap_atomic(KM_IRQ0) with local_irq_save/restore()
  sata_svw: Add support for HT1100 SATA controller

Interrupts must be disabled if using kmap_atomic(KM_IRQ0), but that was
not the case in a few code paths coming directly from ATA driver
interrupt handlers (which use spin_lock rather than spin_lock_irqsave).
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 4843/1: Add GCR_CLKBPB for PXA3xx
  [ARM] 4842/1: pxa: remove redundant IRQ saving/restoring in clk_pxa3xx_cken_*
  [ARM] 4841/1: pxa: fix typo in LCD platform data definition code for zylonite
  [ARM] 4840/1: pxa: fix the typo in get_irqnr_and_base
  [ARM] 4839/1: fixes kernel Oops in /dev/mem device driver for memory map with PHYS_OFF
  [ARM] eliminate MODULE_PARM() usage
  [ARM] 4838/1: Fix kexec for SA1100 machines
  [ARM] 4837/1: make __get_unaligned_*() return unsigned types
  [ARM] 4836/1: Make ATAGS_PROC depend on KEXEC

The PXA3xx AC97 controller has an additional control bit GCR_CLKBPB
which must be used during cold reset.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: eric miao <eric.miao@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

This is unnecessary since it is already protected by
spin_lock_irq{save, restore} in clock.c.
Signed-off-by: eric miao <eric.miao@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

Signed-off-by: eric miao <eric.miao@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

This typo causes the incorrect calculation of the IRQ numbers
in the ICIP2 registers.
Signed-off-by: eric miao <eric.miao@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

"cat /dev/mem" may cause kernel Oops for boards with PHYS_OFFSET != 0
because character device is mapped to addresses starting from zero
and there is no protection against such situation.
Patch just add this.
Signed-off-by: Alexandre Rusev <arusev@ru.mvista.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

Convert debug-only (and removed) MODULE_PARM() to module_param().
Compiles cleanly (with DEBUG=1).
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

This patch sets KEXEC_CONTROL_MEMORY_LIMIT to (-1)UL. As the value is
compared with physical addresses TASK_SIZE makes no sense. Machines
where the RAM addresses start above TASK_SIZE kexecs eats all memory
and crashes the kernel without this patch.
Signed-off-by: Thomas Kunze <thommycheck@gmx.de>
Acked-by: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

Eric Sandeen tracked an XFS on ARM corruption bug down to a function
under fs/xfs/ involving some get_unaligned() calls on u64 pointers.
As it turns out, calling ARM's get_unaligned() on a u64 pointer
pointing to the following byte sequence:

	80 81 82 83 84 85 86 87

would return ffffffff83828180 (LE mode.)  This turns out to be
because of implicit u8 -> int promotion in ARM's implementation of
various helpers for get_unaligned(), causing them to accidentally
return signed instead of unsigned values, which in turn caused the
subsequent casts to unsigned long long in __get_unaligned_8_[bl]e()
to sign-extend the lower words.

Fix by casting the return values of __get_unaligned_[24]_[bl]e()
to unsigned int.

Cc: Eric Sandeen <sandeen@sandeen.net>
Cc: Rabeeh Khoury <rabeeh@marvell.com>
Cc: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

On Wed, Feb 20, 2008 at 11:50:33AM +0100, Guennadi Liakhovetski wrote:
> arch/arm/kernel/atags.c uses for some reason the
> KEXEC_BOOT_PARAMS_SIZE macro, which is only defined if CONFIG_KEXEC
> is set. So, either this macro should be defined always, or another
> macro should be used, or ATAGS_PROC should depend on KEXEC.

As the procfs export of ATAGS is not meant as a stable, general purpose
ABI it shouldn't be an independent, general configuration option.

This patch make ATAGS_PROC depend on KEXEC
Signed-off-by: Uli Luckas <u.luckas@road.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

This patch fixes a potentially invalid access to a per-CPU variable in
rcu_process_callbacks().

This per-CPU access needs to be done in such a way as to guarantee that
the code using it cannot move to some other CPU before all uses of the
value accessed have completed.  Even though this code is currently only
invoked from softirq context, which currrently cannot migrate to some
other CPU, life would be better if this code did not silently make such
an assumption.
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

This fixes a oops encountered when doing hibernate/resume in presence of
PREEMPT_RCU.

The problem was that the code failed to disable preemption when
accessing a per-CPU variable.  This is OK when called from code that
already has preemption disabled, but such is not the case from the
suspend/resume code path.
Reported-by: Dave Young <hidave.darkstar@gmail.com>
Tested-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
  softlockup: fix task state setting
  rcu: add support for dynamic ticks and preempt rcu

Fix 32-on-64 pvops kernel:

we don't want userspace using syscall/sysenter, even if the hypervisor
supports it, so mask it out from CPUID.
Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

The 2.6.25 ptrace_bts_config structure in asm-x86/ptrace-abi.h
is defined with u32 types:

   #include <asm/types.h>

   /* configuration/status structure used in PTRACE_BTS_CONFIG and
      PTRACE_BTS_STATUS commands.
   */
   struct ptrace_bts_config {
           /* requested or actual size of BTS buffer in bytes */
           u32 size;
           /* bitmask of below flags */
           u32 flags;
           /* buffer overflow signal */
           u32 signal;
           /* actual size of bts_struct in bytes */
           u32 bts_size;
   };
   #endif

But u32 is only accessible in asm-x86/types.h if __KERNEL__,
leading to compile errors when ptrace.h is included from
user-space. The double-underscore versions that are exported
to user-space in asm-x86/types.h should be used instead.
Signed-off-by: Dave Anderson <anderson@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

revert the BTS ptrace extension for now.

based on general objections from Roland McGrath:

    http://lkml.org/lkml/2008/2/21/323

we'll let the BTS functionality cook some more and re-enable
it in v2.6.26. We'll leave the dead code around to help the
development of this code.

(X86_BTS is not defined at the moment)
Signed-off-by: Ingo Molnar <mingo@elte.hu>

avoid over-eager large page splitup.

When the target area needs to be split or is split already (ioremap)
then the current code enforces the split of large mappings in the alias
regions even if we could avoid it.

Use a separate variable processed in the cpa_data structure to carry
the number of pages which have been processed instead of reusing the
numpages variable. This keeps numpages intact and gives the alias code
a chance to keep large mappings intact.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

delay the removal of this symbol export by one more kernel release,
giving external modules such as VirtualBox a chance to stop using it.
Signed-off-by: Ingo Molnar <mingo@elte.hu>

Jan Beulich noticed it during code review that if a driver's ioremap()
fails (say due to -ENOMEM) then we might leak the struct vm_area.

Free it properly.
Signed-off-by: Ingo Molnar <mingo@elte.hu>

Priit Laes discovered that the sed command processing nm output was
sensitive to locale settings.  This was addressed in commit
03994f01 by using [:alnum:] in place of
[a-zA-Z0-9].

But that solution too is locale-dependent and may not always match
the identifiers it needs to.  The better fix is just to run sed et al
with a fixed locale setting in all builds.
Signed-off-by: Roland McGrath <roland@redhat.com>
CC: Priit Laes <plaes@plaes.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

a recent fix:

  commit ce28b986
  Author: Thomas Gleixner <tglx@linutronix.de>
  Date:   Wed Feb 20 23:57:30 2008 +0100

    x86: fix vsyscall wreckage

removed the broken /kernel/vsyscall64 handler completely.
This triggers the following debug check:

  sysctl table check failed: /kernel/vsyscall64  No proc_handler

Restore the sane part of the proc handler.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

I recently stumbled upon a problem in the support for huge pages. If a
program using huge pages does not explicitly unmap them, they remain
mapped (and therefore, are lost) after the program exits.

I observed that the free huge page count in /proc/meminfo decreased when
running my program, and it did not increase after the program exited.
After running the program a few times, no more huge pages could be
allocated.

The reason for this seems to be that the x86 pmd_bad and pud_bad
consider pmd/pud entries having the PSE bit set invalid. I think there
is nothing wrong with this bit being set, it just indicates that the
lowest level of translation has been reached. This bit has to be (and
is) checked after the basic validity of the entry has been checked, like
in this fragment from follow_page() in mm/memory.c:

  if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd)))
          goto no_page_table;

  if (pmd_huge(*pmd)) {
          BUG_ON(flags & FOLL_GET);
          page = follow_huge_pmd(mm, address, pmd, flags & FOLL_WRITE);
          goto out;
  }

Note that this code currently doesn't work as intended if the pmd refers
to a huge page, the pmd_huge() check can not be reached if the page is
huge.

Extending pmd_bad() (and, for future 1GB page support, pud_bad()) to
allow for the PSE bit being set fixes this. For similar reasons,
allowing the NX bit being set is necessary, too. I have seen huge pages
having the NX bit set in their pmd entry, which would cause the same
problem.
Signed-Off-By: Hans Rosenfeld <hans.rosenfeld@amd.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

Fix a kernel bug (vmware boot problem) reported by Tomasz Grobelny,
which occurs with certain .config variants and gccs.

The x86 TLS cleanup in commit efd1ca52
made the sys_set_thread_area and sys_get_thread_area functions ripe for
tail call optimization.  If the compiler chooses to use it for them, it
can clobber the user trap frame because these are asmlinkage functions.
Reported-by: Tomasz Grobelny <tomasz@grobelny.oswiecenia.net>
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

kthread_stop() can be called when a 'watchdog' thread is executing after
kthread_should_stop() but before set_task_state(TASK_INTERRUPTIBLE).
Signed-off-by: Dmitry Adamushko <dmitry.adamushko@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

The PREEMPT-RCU can get stuck if a CPU goes idle and NO_HZ is set. The
idle CPU will not progress the RCU through its grace period and a
synchronize_rcu my get stuck. Without this patch I have a box that will
not boot when PREEMPT_RCU and NO_HZ are set. That same box boots fine
with this patch.

This patch comes from the -rt kernel where it has been tested for
several months.
Signed-off-by: Steven Rostedt <srostedt@redhat.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

* git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/alsa-fix-2.6:
  [ALSA] intel8x0 - Add quirk for Compaq Deskpro EN
  [ALSA] hda-codec - Adapt eeepc p701 mixer for virtual master control
  [ALSA] sound: ice1712: unused structs
  [ALSA] ASoC: Fix WM9712 mixer_event DAPM widget function type
  [ALSA] ASoC: Fix DAPM widget function types in pxa machine drivers
  [ALSA] hda-codec - Fix mixer names of realtek codecs to adapt mater controls
  [ALSA] intel8x0 - Add quirk for Acer Travelmate 2310
  [ALSA] hda_intel - Add model quirk for Albatron KI690-AM2 motherboard
  [ALSA] oxygen: add owner field
  [ALSA] hda-codec - Add Fujitsu Lifebook E8410 to quirk table
  [ALSA] hda-codec - Fix AD1988 capture elements
  [ALSA] sb8: fix SB 1.0 capture DMA programming
  [ALSA] usb-audio: add workaround for broken E-Mu frequency feedback
  [ALSA] ASoC: Fix TLV320AIC3X PLL divider table for 64 kHz rate
  [ALSA] hda-codec - Fix Master volume on HP dv8000

* 'avr32-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6:
  avr32: Fix OCD refcounting bug
  avr32: Call tick_nohz_{stop,restart}_sched_tick() in idle loop
  avr32: Use correct config symbol in atstk1004 board code
  avr32: Fix broken pte dump code in do_page_fault()
  AVR32: Define PAGE_SHARED

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6: (35 commits)
  Blackfin Serial Driver: Fix bug - Only insert UART rx char in timer task.
  Blackfin Serial Driver: Fix bug - update tx dma buffer tail before wake up processes.
  Blackfin Serial Driver: Fix bug - Increase buffer tail immediately before starting tx dma.
  [Blackfin] serial driver: Add flow control support to bf54x
  [Blackfin] serial driver: Fix bug Poll RTS/CTS status in DMA mode as well
  [Blackfin] serial driver: ADSP-BF52x arch/mach support
  [Blackfin] serial driver: use simpler comment headers and strip out information that is maintained in the scm's log
  [Blackfin] serial driver: rework break flood anomaly handling to be more robust/realistic about what we can actually work around
  [Blackfin] serial driver: fix bug - cache the bits of the LSR on systems where the LSR is read-to-clear
  [Blackfin] serial driver: fix bug - should not wait for the TFI bit, just clear it when tx stop.
  [Blackfin] serial driver: Fix bug serial driver in DMA mode spams history to console on shell restart
  [Blackfin] serial driver: Fix bug Free rx dma buffer in shutdown.
  [Blackfin] serial driver: Clean up UART DMA code.
  Blackfin Serial driver: Fix bug - serial driver in PIO mode cant handle input very quickly
  [Blackfin] arch: kill section mismatch warnings
  [Blackfin] arch: handle the most common L1 shrinkage case (L1 does not exist for a part) so that any parts labeled for L1 instead get placed into external memory sections
  [Blackfin] arch: add bfin_clear_PPIx_STATUS() helper funcs like we have for other parts
  [Blackfin] arch: make sure we have proper description/copyright/license lines
  [Blackfin] arch: Fix CONFIG_PM support for BF561
  [Blackfin] arch: Remove DPMC char driver option
  ...

* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6:
  [XFS] If you mount an XFS filesystem with no mount options at all, then

This removes code duplication and makes __dec_zone_page_state look like
__inc_zone_page_state.
Signed-off-by: Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
Acked-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  arch/sh/drivers/dma/dma-sh.c: Correct use of ! and &
  serial: Move asm-sh/sci.h to linux/serial_sci.h.
  sh: Fix up HAS_SR_RB typo in entry-macros.
  
  maple: fix device detection
  sh: fix rtc_resources setup for sh770x
  sh: heartbeat: ioremap is expected to succeed
  sh: Storage class should be before const qualifier
  maple: remove unused variable
  sh: SH5-103 needs to select CPU_SH5.
  sh: Rename SH-3 CCR3 reg to avoid synclink_cs clash.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (79 commits)
  [X25]: Use proc_create() to setup ->proc_fops first
  [WANROUTER]: Use proc_create() to setup ->proc_fops first
  [8021Q]: Use proc_create() to setup ->proc_fops first
  [IPV4]: Use proc_create() to setup ->proc_fops first
  [IPV6]: Use proc_create() to setup ->proc_fops first
  [SCTP]: Use proc_create() to setup ->proc_fops first
  [PKTGEN]: Use proc_create() to setup ->proc_fops first
  [NEIGHBOUR]: Use proc_create() to setup ->proc_fops first
  [LLC]: Use proc_create() to setup ->proc_fops first
  [IPX]: Use proc_create() to setup ->proc_fops first
  [SUNRPC]: Use proc_create() to setup ->proc_fops first
  [ATM]: Use proc_create() to setup ->proc_fops first
  [SCTP]: Update AUTH structures to match declarations in draft-16.
  [SCTP]: Incorrect length was used in SCTP_*_AUTH_CHUNKS socket option
  [SCTP]: Clean up naming conventions of sctp protocol/address family registration
  [APPLETALK]: Use proc_create() to setup ->proc_fops first
  [BNX2X]: add bnx2x to MAINTAINERS
  [BNX2X]: update version, remove CVS strings
  [BNX2X]: Fix Xmit bugs
  [BNX2X]: Prevent PCI queue overflow
  ...

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Adjust kernel PC validation test in fault handler.
  [SPARC64]: Loosen checks in exception table handling.
  [SPARC64]: Fix section mismatch from kernel_map_range
  [SPARC64]: Fix section mismatchs from dr_cpu_data
  [SPARC]: Fix build in arch/sparc/kernel/led.c

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  MAINTAINERS: neteffect update
  RDMA/nes: Fix interrupt moderation low threshold
  RDMA/nes: Fix CRC endianness for RDMA connection establishment on big-endian
  RDMA/nes: Fix use-after-free in mini_cm_dec_refcnt_listen()
  RDMA/nes: Fix use-after-free in nes_create_cq()
  RDMA/nes: Fix a check-after-use in nes_probe()
  RDMA/nes: Fix a memory leak in schedule_nes_timer()
  RDMA/nes: Fix off-by-one
  RDMA/nes: Resurrect error path dead code
  RDMA/cxgb3: Fix shift calc in build_phys_page_list() for 1-entry page lists

* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
  ide: remove stale comments from ide-dma.c (take 2)
  ide: remove ide-tape documentation from Documentation/ide.txt
  qd65xx: remove commented out code
  ide-tape: schedule driver for removal after 6 months
  ide-disk: add missing printk() KERN_* levels
  ide: fix sparse warning about shadowing 'flags' symbol
  ide-cd: fix CD/DVD burning
  ide-cd: fix 'ireason' handling for REQ_TYPE_ATA_PC requests
  qd65xx: fix setup of QD6580 Control register
  ide: skip probing port if "hdx=noprobe" was used for both devices on it
  ide: remove redundant comment from ide_unregister()
  hpt366: fix section mismatch warnings
  ide-cd: Enable audio play quirk for Optiarc DVD RW AD-5200A drive

Fix hpet_(un)register_irq_handler() for when CONFIG_HPET_EMULATE_RTC=n.  They
are provided macros that substitute value 0, but if they are called as
functions and the return value isn't checked, the following warnings appear:

	drivers/char/rtc.c: In function `rtc_init':
	drivers/char/rtc.c:1063: warning: statement with no effect
	drivers/char/rtc.c: In function `rtc_exit':
	drivers/char/rtc.c:1157: warning: statement with no effect
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>