- 05 Feb, 2007 40 commits
-
-
Chris Wright authored
-
Ingo Molnar authored
Remove the __resched_legal() check: it is conceptually broken. The biggest problem it had is that it can mask buggy cond_resched() calls. A cond_resched() call is only legal if we are not in an atomic context, with two narrow exceptions: - if the system is booting - a reacquire_kernel_lock() down() done while PREEMPT_ACTIVE is set But __resched_legal() hid this and just silently returned whenever these primitives were called from invalid contexts. (Same goes for cond_resched_locked() and cond_resched_softirq()). Furthermore, the __legal_resched(0) call was buggy in that it caused unnecessarily long softirq latencies via cond_resched_softirq(). (which is only called from softirq-off sections, hence the code did nothing.) The fix is to resurrect the efficiency of the might_sleep checks and to only allow the narrow exceptions. Signed-off-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org> [chrisw: backport to 2.6.19.2] Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
-
Kirill Korotaev authored
move_task_off_dead_cpu() requires interrupts to be disabled, while migrate_dead() calls it with enabled interrupts. Added appropriate comments to functions and added BUG_ON(!irqs_disabled()) into double_rq_lock() and double_lock_balance() which are the origin sources of such bugs. Signed-off-by:
Kirill Korotaev <dev@openvz.org> Acked-by:
-
Trond Myklebust authored
This patch fixes a regression in 2.6.19 in which the use of multiple krb5 mounts against the same NFS server may result in an Oops on unmount. The Oops is due to the fact that multiple NFS krb5 clients may end up inadvertently sharing the same rpc_pipefs upcall pipe. The first client to 'umount' will unlink that shared pipe, causing an Oops. The solution is to give each client their own upcall pipe. This fix has been in mainline since 2.6.20-rc1. Signed-off-by:
Trond Myklebust <Trond.Myklebust@netapp.com> [chrisw: backport to 2.6.19.2] Signed-off-by:
-
Patrick McHardy authored
When the packet counter of a connection is zero a division by zero occurs in div64_64(). Fix that by using zero as average value, which is correct as long as the packet counter didn't overflow, at which point we have lost anyway. Additionally we're probably going to go back to 64 bit counters in 2.6.21. Based on patch from Jonas Berlin <xkr47@outerspace.dyndns.org>, with suggestions from KOVACS Krisztian <hidden@balabit.hu>. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Masayuki Nakagawa authored
I encountered a kernel panic with my test program, which is a very simple IPv6 client-server program. The server side sets IPV6_RECVPKTINFO on a listening socket, and the client side just sends a message to the server. Then the kernel panic occurs on the server. (If you need the test program, please let me know. I can provide it.) This problem happens because a skb is forcibly freed in tcp_rcv_state_process(). When a socket in listening state(TCP_LISTEN) receives a syn packet, then tcp_v6_conn_request() will be called from tcp_rcv_state_process(). If the tcp_v6_conn_request() successfully returns, the skb would be discarded by __kfree_skb(). However, in case of a listening socket which was already set IPV6_RECVPKTINFO, an address of the skb will be stored in treq->pktopts and a ref count of the skb will be incremented in tcp_v6_conn_request(). But, even if the skb is still in use, the skb will be freed. Then someone still using the freed skb will cause the kernel panic. I suggest to use kfree_skb() instead of __kfree_skb(). Signed-off-by:
Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Baruch Even authored
The sorting of SACK blocks actually munges them rather than sort, causing the TCP stack to ignore some SACK information and breaking the assumption of ordered SACK blocks after sorting. The sort takes the data from a second buffer which isn't moved causing subsequent data moves to occur from the wrong location. The fix is to use a temporary buffer as a normal sort does. Signed-off-By:
Baruch Even <baruch@ev-en.org> Signed-off-by:
-
Jarek Poplawski authored
The patch "Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE" changed to unconditional copying of ip_summed field from collapsed skb. This patch reverts this change. The majority of substantial work including heavy testing and diagnosing by: Michael Tokarev <mjt@tls.msk.ru> Possible reasons pointed by: Herbert Xu and Patrick McHardy. Signed-off-by:
Jarek Poplawski <jarkao2@o2.pl> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
David S. Miller authored
If the device is down, invoking the device hard header callbacks is not legal, so check it early. Based upon a shaper OOPS report from Frederik Deweerdt. Signed-off-by:
-
David S. Miller authored
This fixes a bug introduced by: commit fda9ef5d Author: Dmitry Mishin <dim@openvz.org> Date: Thu Aug 31 15:28:39 2006 -0700 [NET]: Fix sk->sk_filter field access sk_run_filter() returns either 0 or an unsigned 32-bit length which says how much of the packet to retain. If that 32-bit unsigned integer is larger than the packet, this is fine we just leave the packet unchanged. The above commit caused all filter return values which were negative when interpreted as a signed integer to indicate a packet drop, which is wrong. Based upon a report and initial patch by Raivis Bucis. Signed-off-by:
-
Robert Olsson authored
When main table is just a single leaf this gets printed as belonging to the local table in /proc/net/fib_trie. A fix is below. Signed-off-by:
Robert Olsson <robert.olsson@its.uu.se> Acked-by:
Eric W. Biederman <ebiederm@xmission.com> Signed-off-by:
-
Eric W. Biederman authored
In a kernel with trie routing enabled I had a simple routing setup with only a single route to the outside world and no default route. "ip route table list main" showed my the route just fine but /proc/net/route was an empty file. What was going on? Thinking it was a bug in something I did and I looked deeper. Eventually I setup a second route and everything looked correct, huh? Finally I realized that the it was just the iterator pair in fib_trie_get_first, fib_trie_get_next just could not handle a routing table with a single entry. So to save myself and others further confusion, here is a simple fix for the fib proc iterator so it works even when there is only a single route in a routing table. Signed-off-by:
-
Bob Breuer authored
In some cases such as: iph->check = 0; iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); GCC may optimize out the previous store. Observed as a failure of NFS over udp (bad checksums on ip fragments) when compiled with GCC 3.4.2. Signed-off-by:
Bob Breuer <breuerr@mc.net> Signed-off-by:
-
Eric W. Biederman authored
While enhancing the neighbour code to handle multiple network namespaces I noticed that decnet is assuming neigh_parms_alloc will allways succeed, which is clearly wrong. So handle the failure. Signed-off-by:
Steven Whitehouse <steve@chygwyn.com> Signed-off-by:
-
ethanhsiao@jmicron.com authored
jmicron module detects all JMB36x as JMB361 and PATA0 has wrong pin status of XICBLID. Cc: Jeff Garzik <jeff@garzik.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> cebbert@redhat.com: I folded in the warning fix (a51545ab) because otherwise it makes the tester think the patch caused the warning that was already there. Cc: Dave Jones <davej@redhat.com> Signed-off-by:
Chuck Ebbert <cebbert@redhat.com> Signed-off-by:
-
Andy Gospodarek authored
While working with the latest bonding code I noticed a nasty problem that will prevent arp monitoring from always functioning correctly on x86_64 systems. Comparing ints to longs and expecting reliable results on x86_64 is a bad idea. With this patch, arp monitoring works correctly again. Signed-off-by:
Andy Gospodarek <andy@greyhouse.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Stephen Hemminger <shemminger@osdl.org> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by:
Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Jeff Dike authored
Use the same signal frame alignment calculations as the underlying architecture. x86_64 appeared to do this, but the "- 8" was really subtracting 8 * sizeof(struct rt_sigframe) rather than 8 bytes. UML/i386 might have been OK, but I changed the calculation to match i386 just to be sure. Signed-off-by:
Jeff Dike <jdike@addtoit.com> Cc: <stable@kernel.org> Cc: Adrian Bunk <bunk@stusta.de> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by:
Antoine Martin <antoine@nagafix.co.uk> Signed-off-by:
-
Adam Litke authored
When expanding the stack, we don't currently check if the VMA will cross into an area of the address space that is reserved for hugetlb pages. Subsequent faults on the expanded portion of such a VMA will confuse the low-level MMU code, resulting in an OOPS. Check for this. Signed-off-by:
Adam Litke <agl@us.ibm.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: William Lee Irwin III <wli@holomorphy.com> Cc: Hugh Dickins <hugh@veritas.com> Cc: <stable@kernel.org> Signed-off-by:
-
Jeff Garzik authored
We are inside spin_lock_irqsave(). quoth akpm's debug facility: [ 231.948000] SCSI device sda: 195371568 512-byte hdwr sectors (100030 MB) [ 232.232000] ata1.00: configured for UDMA/33 [ 232.404000] WARNING (1) at arch/i386/mm/highmem.c:47 kmap_atomic() [ 232.404000] [<c01162e6>] kmap_atomic+0xa9/0x1ab [ 232.404000] [<c0242c81>] ata_scsi_rbuf_get+0x1c/0x30 [ 232.404000] [<c0242caf>] ata_scsi_rbuf_fill+0x1a/0x87 [ 232.404000] [<c0243ab2>] ata_scsiop_mode_sense+0x0/0x309 [ 232.404000] [<c01729d5>] end_bio_bh_io_sync+0x0/0x37 [ 232.404000] [<c02311c6>] scsi_done+0x0/0x16 [ 232.404000] [<c02311c6>] scsi_done+0x0/0x16 [ 232.404000] [<c0242dcc>] ata_scsi_simulate+0xb0/0x13f [...] Signed-off-by:
-
NeilBrown authored
If a GFP_KERNEL allocation is attempted in md while the mddev_lock is held, it is possible for a deadlock to eventuate. This happens if the array was marked 'clean', and the memalloc triggers a write-out to the md device. For the writeout to succeed, the array must be marked 'dirty', and that requires getting the mddev_lock. So, before attempting a GFP_KERNEL alloction while holding the lock, make sure the array is marked 'dirty' (unless it is currently read-only). Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
NeilBrown authored
While developing more functionality in mdadm I found some bugs in md... - When we remove a device from an inactive array (write 'remove' to the 'state' sysfs file - see 'state_store') would should not update the superblock information - as we may not have read and processed it all properly yet. - initialise all raid_disk entries to '-1' else the 'slot sysfs file will claim '0' for all devices in an array before the array is started. - all '\n' not to be present at the end of words written to sysfs files - when we use SET_ARRAY_INFO to set the md metadata version, set the flag to say that there is persistant metadata. - allow GET_BITMAP_FILE to be called on an array that hasn't been started yet. Signed-off-by:
-
NeilBrown authored
When 'repair' finds a block that is different one the various parts of the mirror. it is meant to write a chosen good version to the others. However it currently writes out the original data to each. The memcpy to make all the data the same is missing. Signed-off-by:
-
NeilBrown authored
Fix few bugs that meant that: - superblocks weren't alway written at exactly the right time (this could show up if the array was not written to - writting to the array causes lots of superblock updates and so hides these errors). - restarting device recovery after a clean shutdown (version-1 metadata only) didn't work as intended (or at all). 1/ Ensure superblock is updated when a new device is added. 2/ Remove an inappropriate test on MD_RECOVERY_SYNC in md_do_sync. The body of this if takes one of two branches depending on whether MD_RECOVERY_SYNC is set, so testing it in the clause of the if is wrong. 3/ Flag superblock for updating after a resync/recovery finishes. 4/ If we find the neeed to restart a recovery in the middle (version-1 metadata only) make sure a full recovery (not just as guided by bitmaps) does get done. Signed-off-by: -
NeilBrown authored
The nfsservctl systemcall isn't used but recent nfs-utils releases for exporting filesystems, and consequently the code that is uses - exp_export - has suffered some bitrot. Particular: - some newly added fields in 'struct svc_export' are being initialised properly. - the return value is now always -ENOMEM ... This patch fixes both these problems. Signed-off-by: -
NeilBrown authored
nfsd defines a type 'encode_dent_fn' which is much like 'filldir_t' except that the first pointer is 'struct readdir_cd *' rather than 'void *'. It then casts encode_dent_fn points to 'filldir_t' as needed. This hides any other type mismatches between the two such as the fact that the 'ino' arg recently changed from ino_t to u64. So: get rid of 'encode_dent_fn', get rid of the cast of the function type, change the first arg of various functions from 'struct readdir_cd *' to 'void *', and live with the fact that we have a little less type checking on the calling of these functions now. Less internal (to nfsd) checking offset by more external checking, which is more important. Thanks to Gabriel Paubert <paubert@iram.es> for discovering this and providing an initial patch. Signed-off-by:
Gabriel Paubert <paubert@iram.es> Signed-off-by:
-
NeilBrown authored
NFSd assumes that largest number of pages that will be needed for a request+response is 2+N where N pages is the size of the largest permitted read/write request. The '2' are 1 for the non-data part of the request, and 1 for the non-data part of the reply. However, when a read request is not page-aligned, and we choose to use ->sendfile to send it directly from the page cache, we may need N+1 pages to hold the whole reply. This can overflow and array and cause an Oops. This patch increases size of the array for holding pages by one and makes sure that entry is NULL when it is not in use. Signed-off-by:
-
NeilBrown authored
Due to silly typos, if the nfs versions are explicitly set, no NFSACL versions get enabled. Also improve an error message that would have made this bug a little easier to find. Signed-off-by:
-
Francois Romieu authored
Fix from http://bugzilla.kernel.org/show_bug.cgi?id=7747Signed-off-by:
Francois Romieu <romieu@fr.zoreil.com> Signed-off-by:
-
David S. Miller authored
Mirror the logic in the sun4u handler, we have to update both registers even when we branch out to window fault fixup handling. The way it works is that if we are in etrap processing a fault already, g4/g5 holds the original fault information. If we take a window spill fault while doing etrap, then we put the window spill fault info into g4/g5 and this is what the top-level fault handler ends up processing first. Then we retry the originally faulting instruction, and process the original fault at that time. This is all necessary because of how constrained the trap registers are in these code paths. These cases trigger very rarely, so even if there is some performance implication it's doesn't happen very often. In fact the rarity is why it took so long to trigger and find this particular bug. Signed-off-by:
-
Mike Frysinger authored
rtc_sysfs_add_device is needed even after dev initialization, so drop __devinit. Signed-off-by:
Mike Frysinger <vapier@gentoo.org> Acked-by:
Alessandro Zummo <a.zummo@towertech.it> Cc: <stable@kernel.org> Signed-off-by:
-
Linus Torvalds authored
This reverts commit 99a10a60. As per Hugh Dickins: "Nadia Derbey has reported that mmap of /dev/kmem no longer works with the kernel virtual address as offset, and Franck has confirmed that his patch came from a misunderstanding of what an offset means to /dev/kmem - whereas his patch description seems to say that he was correcting the offset on a few plaforms, there was no such problem to correct, and his patch was in fact changing its API on all platforms." Suggested-by:
Hugh Dickins <hugh@veritas.com> Cc: Franck Bui-Huu <fbuihuu@gmail.com> Cc: Nadia Derbey <Nadia.Derbey@bull.net> Cc: Andi Kleen <ak@suse.de> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Andrew Morton <akpm@osdl.org> Signed-off-by:
-
Linas Vepstas authored
A flag was recently added to the elevator code to avoid performing an unplug when reuests are being re-queued. The goal of this flag was to avoid a deep recursion that can occur when re-queueing requests after a SCSI device/host reset. See http://lkml.org/lkml/2006/5/17/254 However, that fix added the flag near the bottom of a case statement, where an earlier break (in an if statement) could transport one out of the case, without setting the flag. This patch sets the flag earlier in the case statement. I re-discovered the deep recursion recently during testing; I was told that it was a known problem, and the fix to it was in the kernel I was testing. Indeed it was ... but it didn't fix the bug. With the patch below, I no longer see the bug. Signed-off by: Linas Vepstas <linas@austin.ibm.com> Signed-off-by:
Jens Axboe <axboe@suse.de> Signed-off-by:
-
Patrick McHardy authored
With the introduction of x_tables we accidentally broke compatibility by defining IPT_TABLE_MAXNAMELEN to XT_FUNCTION_MAXNAMELEN instead of XT_TABLE_MAXNAMELEN, which is two bytes larger. On most architectures it doesn't really matter since we don't have any tables with names that long in the kernel and the structure layout didn't change because of alignment requirements of following members. On CRIS however (and other architectures that don't align data) this changed the structure layout and thus broke compatibility with old iptables binaries. Changing it back will break compatibility with binaries compiled against recent kernels again, but since the breakage has only been there for three releases this seems like the better choice. Spotted by Jonas Berlin <xkr47@outerspace.dyndns.org>. Signed-off-by:
-
Andi Kleen authored
The new PDA code uses a dummy _proxy_pda variable to describe memory references to the PDA. It is never referenced in inline assembly, but exists as input/output arguments. gcc 4.2 in some cases can CSE references to this which causes unresolved symbols. Define it to zero to avoid this. Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
Ingo Molnar authored
recently cpufreq support on my laptop (Lenovo T60) broke completely: when it's plugged into AC it would never go higher than 1 GHz - neither 1.3 GHz nor 1.83 GHz is possible - no matter which governor (userspace, speed or ondemand) is used. after some cpufreq debugging i tracked the regression back to the following (totally correct) bug-fix commit: commit 0916bd3e Author: Dave Jones <davej@redhat.com> Date: Wed Nov 22 20:42:01 2006 -0500 [PATCH] Correct bound checking from the value returned from _PPC method. this bugfix, which makes other laptops work, made a previously hidden (BIOS) bug visible on my laptop. The bug is the following: if the _PPC (Performance Present Capabilities) optional ACPI object is queried /after/ bootup then the BIOS reports an incorrect value of '2'. My laptop (Lenovo T60) has the following performance states supported: 0: 1833000 1: 1333000 2: 1000000 Per ACPI specification, a _PPC value of '0' means that all 3 performance states are usable. A _PPC value of '1' means states 1 .. 2 are usable, a value of '2' means only state '2' (slowest) is usable. now, the _PPC object is optional, and it also comes with notification. Furthermore, when a CPU object is initialized, the _PPC object is initialized as well. So the following evaluation of the _PPC object is superfluous: [<c028ba5f>] acpi_processor_get_platform_limit+0xa1/0xaf [<c028c040>] acpi_processor_register_performance+0x3b9/0x3ef [<c0111a85>] acpi_cpufreq_cpu_init+0xb7/0x596 [<c03dab74>] cpufreq_add_dev+0x160/0x4a8 [<c02bed90>] sysdev_driver_register+0x5a/0xa0 [<c03d9c4c>] cpufreq_register_driver+0xb4/0x176 [<c068ac08>] acpi_cpufreq_init+0xe5/0xeb [<c010056e>] init+0x14f/0x3dd and this is the point where my laptop's BIOS returns the incorrect value of '2'. Note that it has not sent any notification event, so the value is probably not really intentional (possibly spurious), and Windows likely doesnt query it after bootup either. Maybe the value is kept at '2' normally, and is only set to the real value when a true asynchronous event (such as AC plug event, battery switch, etc.) occurs. So i /think/ this is a grey area of the ACPI spec: per the letter of the spec the _PPC value only changes when notified, so there's no reason to query it after the system has booted up. So in my opinion the best (and most compatible) strategy would be to do the change below, and to not evaluate the _PPC object in the acpi_processor_get_performance_info() call, but only evaluate it if _PPC is present during CPU object init, or if it's notified during an asynchronous event. This change is more permissive than the previous logic, so it definitely shouldnt break any existing system. This also happens to fix my laptop, which is merrily chugging along at 1.83 GHz now. Yay! Signed-off-by:
Len Brown <len.brown@intel.com> Signed-off-by:
-
Jeff Dike authored
This fixes UML on hosts with non-standard VM splits. We had changed the config variable that controls UML behavior on such hosts, but not propogated the change everywhere. In particular, the values of STUB_CODE and STUB_DATA relied on the old variable. I also reformatted the HOST_VMSPLIT_3G help to make it more standard. Spotted by uml@flonatel.org. Signed-off-by:
-
Erez Zilber authored
iSER limits the number of outstanding PDUs to send. When this threshold is reached, it should return an error code (-ENOBUFS) instead of setting the suspend_tx bit (which should be used only by libiscsi). Without this fix, during logout, open-iscsi over iSER tries to logout forever. Signed-off-by:
Erez Zilber <erezz@voltaire.com> Signed-off-by:
-
Paul Moore authored
In the case where a user has configured NetLabel in the kernel but is not using a SELinux policy with the MLS/MCS feature enabled there is a bug in mls_export_cat() where a NULL pointer is used. The initial problem report and discussion can be found here (this patch has been ACK'd by Stephen Smalley and James Morris in the discussion thread below): * http://marc2.theaimsgroup.com/?t=116920302500004&r=1&w=2 This patch is specific to the 2.6.19.y kernel series as the mls_export_cat() function has been replaced in the 2.6.20 kernel. Signed-off-by:
Paul Moore <paul.moore@hp.com> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Acked-by:
James Morris <jmorris@namei.org> Signed-off-by:
-
Takashi Iwai authored
Fix NULL dereference in hda_generic.c. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Jaroslav Kysela <perex@suse.cz> Signed-off-by:
-
Herbert Xu authored
The recent hashing introduced an off-by-one bug in policy list insertion. Instead of adding after the last entry with a lesser or equal priority, we're adding after the successor of that entry. This patch fixes this and also adds a warning if we detect a duplicate entry in the policy list. This should never happen due to this if clause. Signed-off-by:
-
