Please apply the following patch to 2.6.5-rc2-bk9 and 2.4.26-rc1 to
include support for the 79C976. Tested on IA32.

On Wed, 31 Mar 2004 15:05:16 -0500
Jeff Garzik <jgarzik@pobox.com> wrote:

> I really should remove the ability to configure 8139_RXBUF_IDX=3.

On Tue, Apr 13, 2004 at 02:35:40PM -0400, Jeff Garzik wrote:
> Russell,
>
> Would you be willing to provide an updated diff of this?

I didn't particularly like the PRIV() method implemented previously -
gcc appears to want to avoid some optimisations it if its an inline
function rather than a macro.

Also, 'ei_local' may look unused in some functions, but it's your
typical hidden-use-in-a-macro crap which 8390 likes.

In systems with mixed network cards, and all drivers compiled into
the kernel; the PCI device (eth0) will get probed first, before the ISA.

The problem is that the ISA device can mistakenly try to probe
for eth0.  The problem is that the ISA driver will not detect the failure
until it goes to call register_netdevice, and not all drivers have
perfect error unwind code.

This patch short circuits the device probe, so it won't bother
looking for devices that already are registered.

* Ken Ashcraft (ken@coverity.com) wrote:
> [BUG]
> /home/kash/linux/linux-2.6.5/drivers/net/e1000/e1000_ethtool.c:1494:e1000_ethtool_ioctl: ERROR:TAINT: 1487:1494:Passing unbounded user value "(regs).len" as arg 2 to function "copy_to_user", which uses it unsafely in model [SOURCE_MODEL=(lib,copy_from_user,user,taintscalar)] [SINK_MODEL=(lib,copy_to_user,user,trustingsink)]    [PATH=]
> 	}
> 	case ETHTOOL_GREGS: {
> 		struct ethtool_regs regs = {ETHTOOL_GREGS};
> 		uint32_t regs_buff[E1000_REGS_LEN];
>
> Start --->
> 		if(copy_from_user(&regs, addr, sizeof(regs)))
> 			return -EFAULT;
> 		e1000_ethtool_gregs(adapter, &regs, regs_buff);
> 		if(copy_to_user(addr, &regs, sizeof(regs)))
> 			return -EFAULT;
>
> 		addr += offsetof(struct ethtool_regs, data);
> Error --->
> 		if(copy_to_user(addr, regs_buff, regs.len))
> 			return -EFAULT;
>
> 		return 0;

Looks like a bug.  Possible patch below zeros the buffer (since it's not
filled completely by e1000_ethtool_gregs()), and truncates len.

I get the following warning in 2.6.5-mm6 and 2.6.6-rc1:

<--  snip  -->

...
  CC      drivers/net/tulip/timer.o
drivers/net/tulip/timer.c: In function `comet_timer':
drivers/net/tulip/timer.c:156: warning: unused variable `ioaddr'
...

<--  snip  -->


Since the
   [netdrvr tulip] add MII support for Comet chips
patch has removed the only use of this variable, the fix is simple:

They are now upstream, we don't need driver-local ones anymore.

Tangentially noticed by Stanford checker.

Trivial patchlet...ethtool core already caps regs.len at a max of
->get_regs_len():

	reglen = ops->get_regs_len(dev);
	if (regs.len > reglen)
		regs.len = reglen;

So doing the same in the in de2104x driver ->get_regs() is redundant.
Patch below simply removes it to clarify the guarantee of the API.

> [BUG] minor
> /home/kash/linux/linux-2.6.5/drivers/net/wan/sdla.c:1206:sdla_xfer:
> ERROR:TAINT: 1201:1206:Passing unbounded user value "(mem).len" as arg 0
> to function "kmalloc", which uses it unsafely in model
> [SOURCE_MODEL=(lib,copy_from_user,user,taintscalar)]
> [SINK_MODEL=(lib,kmalloc,user,trustingsink)]  [MINOR]  [PATH=] [Also
> used at, line 1219 in argument 0 to function "kmalloc"]
> static int sdla_xfer(struct net_device *dev, struct sdla_mem *info, int
> read)
> {
> 	struct sdla_mem mem;
> 	char	*temp;
>
> Start --->
> 	if(copy_from_user(&mem, info, sizeof(mem)))
> 		return -EFAULT;
>
> 	if (read)
> 	{
> Error --->
> 		temp = kmalloc(mem.len, GFP_KERNEL);
> 		if (!temp)
> 			return(-ENOMEM);
> 		sdla_read(dev, mem.addr, temp, mem.len);

Hrm, I believe you could use this to read 128k of kernel memory.
sdla_read() takes len as a short, whereas mem.len is an int.  So,
if mem.len == 0x20000, the allocation could still succeed.  When cast
to short, len will be 0x0, causing the read loop to copy nothing into
the buffer.  At least it's protected by a capable() check.  I don't
know what proper upper bound is for this hardware, or how much it's
used/cared about.  Simple memset() is trivial fix.

Caught by Stanford checker.

If __ISAPNP__ and CONFIG_X86_PC9800 are not set, we forget to link the device
into the global chain and el3_init_module dereferences NULL.

small cosmetic fix for powermac mace network driver.

eth%d: MACE at 00:05:02:f4:1b:1d, chip revision 25.64
vs.
eth0: MACE at 00:05:02:f4:1b:1d, chip revision 25.64

into ppc970.osdl.org:/home/torvalds/v2.6/linux

This removes a number of unnecessary includes from the ARM specific
files throughout the kernel.  Most notably asm/pgalloc.h is
needlessly included in several places.  There were some places
including it as a means to get at the cache flushing functions,
so this has been corrected.

This is my brown paper bag day, I sent you the wrong patch for
fixing the deadlock in rtas.c, here's one to apply on top of current
bk that fixes build.

Amiga Zorro8390 Ethernet: Add KERN_* prefixes to printk() messages

Amiga Hydra Ethernet: Add KERN_* prefixes to printk() messages

Amiga Ariadne Ethernet: Add KERN_* prefixes to printk() messages

Amiga A2065 Ethernet: Add missing variable in debug code

From: Andrey Panin <pazke@donpac.ru>

this small patch fixes visws build error in 2.6.5.

From: Bart Samwel <bart@samwel.tk>

Currently, an `hdparm -Y' can trigger a sync in laptop mode.  We should
only count fs-originated requests as being "disk activity".

Take the idr's lock while removing an element on the error path.  Spotted by
Nathan Lynch <nathanl@austin.ibm.com>.

From: Rusty Russell <rusty@rustcorp.com.au>

People still build modules wrong, particularly without -fno-common.  The
resulting modules don't load, but we should at least warn about it.

Reduce the locking coverage of the oft-used j_list_lock: the per-bh
jbd_lock_bh_state() gives us sufficient locking of buffer_head and
journal_head internals.

From: Hugh Dickins <hugh@veritas.com>

The earlier changes introducing PageAnon left truncated pages mapped into
nonlinear vmas unswappable.  Once we go to object-based rmap, it's
impossible to find where file page is mapped once page->mapping cleared:
switching them to anonymous is odd, and breaks strict commit accounting.

So now handle truncation of nonlinear vmas correctly.  And factor in
Daniel's cluster filesystem needs while we're there: when invalidating
local cache, we do want to unmap shared pages from all mms, but we do not
want to discard private COWed modifications of those pages (which
truncation discards to satisfy the SIGBUS semantics demanded by specs).

Drew from Daniel's patch (LKML 2 Mar 04), but didn't always follow it;
fewer name changes, but still some - "unmap" rather than "invalidate".
zap_page_range is not exported, safe to give it and all the too-many layers
an extra zap_details arg, in normal cases just NULL.

Given details, zap_pte_range checks page mapping or index to skip anon or
untruncated pages.  I didn't realize before implementing, that in nonlinear
case, it should set a file pte when truncating - otherwise linear pages
might appear in place of SIGBUS.  I suspect this implies that ->populate
functions ought to set file ptes beyond EOF instead of failing, but haven't
changed them as yet.

To avoid making yet another copy of that ugly linear pgidx test, added
inline function linear_page_index (to pagemap.h to get PAGE_CACHE_SIZE,
though as usual things don't really work if it differs from PAGE_SIZE). 
Ooh, I thought I'd removed ___add_to_page_cache last time, do so now.

unmap_page_range static, shift its hugepage check up into sole caller
unmap_vmas.  Killed "killme" debug from unmap_vmas, not seen it trigger.
unmap_mapping_range is exported without restriction: I'm one of those who
believe it should be generally available.  But I'm wrongly placed to decide
that, probably just sob quietly to myself if _GPL added later.

From: Hugh Dickins <hugh@veritas.com>

Good example of "swapper_space considered harmful": swap_unplug_io_fn was
originally designed for calling via swapper_space.backing_dev_info; but
that way it loses track of which device is to be unplugged, so had to
unplug all swap devices.  But now sync_page tests SwapCache anyway, can
call swap_unplug_io_fn with page, which leads direct to the device.

Reverted -mc4's CONFIG_SWAP=n fix, just add another NOTHING for it.
Reverted -mc3's editorial adjustments to swap_backing_dev_info and
swapper_space initializations: they document the few fields which are
actually used now, as comment above them says (sound of slapped wrist).

From: Hugh Dickins <hugh@veritas.com>

One of the callers of flush_dcache_page is do_generic_mapping_read, where
file is read without i_sem and without page lock: concurrent truncation may
at any moment remove page from cache, NULLing ->mapping, making
flush_dcache_page liable to oops.  Put result of page_mapping in a local
variable and apply mapping_mapped to that (if we were to check for NULL
within mapping_mapped, it's unclear whether to say yes or no).

parisc and arm do have other locking unsafety in their i_mmap(_shared)
searching, but that's a larger issue to be dealt with down the line.

From: Anton Blanchard <anton@samba.org>

Oprofilefs cant handle > 99 cpus. This should fix it.

From: Rusty Russell <rusty@rustcorp.com.au>

# lsmod
Module                  Size  Used by
1                      26060  6
#

The compiler #define's unix to 1: we use -DKBUILD_MODNAME=unix.  We used to
#undef unix at the top of af_unix.c, but now the name is inserted by
modpost, that doesn't help.

#undef unix in modpost.c's generated C file.

From: Benjamin Herrenschmidt <benh@kernel.crashing.org>

My RTAS locking fixes incorrectly added a spinlock around the function used
to stop a CPU, that function never returns, thus the lock becomes stale.
The correct fix is to disable interrupts instead (the RTAS params beeing
per-CPU, this should be safe enough)

But obviously only if we're not passing in any offset pointer.

This is how 2.4.x worked, and vsftpd relies on it.

Bug reported by Chris < chris@scary.beasts.org>

into ppc970.osdl.org:/home/torvalds/v2.6/linux

This adds detailed documentation concerning how we map the Linux
page table structure onto the hardware tables on ARM.  In addition,
it also adds documentation describing how we emulate the "dirty"
and "young" or "accessed" page table bits.

This should be of interest to Linux MM developers.

It occurred to me that if vma and new_vma are one and the same, then
vma_relink_file will not do a good job of linking it after itself - in
that pretty unlikely case when move_page_tables fails.

And more generally, whenever copy_vma's vma_merge succeeds, we have no
guarantee that old vma comes before new_vma in the i_mmap lists, as we
need to satisfy Rajesh's point: that ordering is only guaranteed in the
newly allocated case.

We have to abandon the ordering method when/if we move from lists to
prio_trees, so this patch switches to the less glamorous use of
i_shared_sem exclusion, as in my prio_tree mremap.

The field in question is
  a) unused
  b) damn next to impossible to use correctly, due to struct super_block
     lifetime and locking rules.

into ppc970.osdl.org:/home/torvalds/v2.6/linux