I noticed a strange behavior in a tmpfs file system the other day, while
building packages - occasionally, and seemingly at random, make decided to
rebuild a target. However, only on tmpfs.

A file would be created, and if checked, it had a sub-second timestamp.
However, after an utimes related call where sub-seconds should be set, they
were zeroed instead. In the case that a file was created, and utimes(...,NULL)
was used on it in the same second, the timestamp on the file moved backwards.

After some digging, I found that this was being caused by tmpfs not having a
time granularity set, thus inheriting the default 1 second granularity.

Hugh adds: yes, we missed tmpfs when the s_time_gran mods went into 2.6.11.
Unfortunately, the granularity of CURRENT_TIME, often used in filesystems,
does not match the default granularity set by alloc_super.  A few more such
discrepancies have been found, but this is the most important to fix now.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Do not double-export sys_close() when CONFIG_SOLARIS_EMUL_MODULE

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IPV4]: Increment ipInHdrErrors when TTL expires.
  [TCP]: continued: reno sacked_out count fix
  [DCCP] Ackvec: fix soft lockup in ackvec handling code

* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] Fix Integrator and Versatile interrupt initialisation
  [ARM] 3546/1: PATCH: subtle lost interrupts bug on i.MX
  [ARM] 3547/1: PXA-OHCI: Allow platforms to specify a power budget
  [ARM] Fix Neponset IRQ handling

Signed-off-by: Weidong <weid@nanjing-fnst.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This fixes two independent problems: it would not save the PCI state on
suspend (and thus try to resume a nonexistent state on resume), and
while shut off, if an interrupt happened on the same shared irq, the irq
handler would react very badly to the interrupt status being an invalid
all-ones state.
Acked-by: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  [PATCH] sata_mv: grab host lock inside eng_timeout

From: Aki M Nyrhinen <anyrhine@cs.helsinki.fi>

IMHO the current fix to the problem (in_flight underflow in reno)
is incorrect.  it treats the symptons but ignores the problem. the
problem is timing out packets other than the head packet when we
don't have sack. i try to explain (sorry if explaining the obvious).

with sack, scanning the retransmit queue for timed out packets is
fine because we know which packets in our retransmit queue have been
acked by the receiver.

without sack, we know only how many packets in our retransmit queue the
receiver has acknowledged, but no idea which packets.

think of a "typical" slow-start overshoot case, where for example
every third packet in a window get lost because a router buffer gets
full.

with sack, we check for timeouts on those every third packet (as the
rest have been sacked). the packet counting works out and if there
is no reordering, we'll retransmit exactly the packets that were 
lost.

without sack, however, we check for timeout on every packet and end up
retransmitting consecutive packets in the retransmit queue. in our
slow-start example, 2/3 of those retransmissions are unnecessary. these
unnecessary retransmissions eat the congestion window and evetually
prevent fast recovery from continuing, if enough packets were lost.
Signed-off-by: David S. Miller <davem@davemloft.net>

A soft lockup existed in the handling of ack vector records.
Specifically, when a tail of the list of ack vector records was
removed, it was possible to end up iterating infinitely on an element
of the tail.
Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>

It is already exported by fs/open.c

Noticed by Ben Collins.
Signed-off-by: David S. Miller <davem@davemloft.net>

People have been reporting that PPP connections over ptys, such as
used with PPTP, will hang randomly when transferring large amounts of
data, for instance in http://bugzilla.kernel.org/show_bug.cgi?id=6530.
I have managed to reproduce the problem, and the patch below fixes the
actual cause.

The problem is not in fact in ppp_async.c but in n_tty.c.  What
happens is that when pptp reads from the pty, we call read_chan() in
drivers/char/n_tty.c on the master side of the pty.  That copies all
the characters out of its buffer to userspace and then calls
check_unthrottle(), which calls the pty unthrottle routine, which
calls tty_wakeup on the slave side, which calls ppp_asynctty_wakeup,
which calls tasklet_schedule.  So far so good.  Since we are in
process context, the tasklet runs immediately and calls
ppp_async_process(), which calls ppp_async_push, which calls the
tty->driver->write function to send some more output.

However, tty->driver->write() returns zero, because the master
tty->receive_room is still zero.  We haven't returned from
check_unthrottle() yet, and read_chan() only updates tty->receive_room
_after_ calling check_unthrottle.  That means that the driver->write
call in ppp_async_process() returns 0.  That would be fine if we were
going to get a subsequent wakeup call, but we aren't (we just had it,
and the buffer is now empty).

The solution is for n_tty.c to update tty->receive_room _before_
calling the driver unthrottle routine.  The patch below does this.
With this patch I was able to transfer a 900MB file over a PPTP
connection (taking about 25 minutes), whereas without the patch the
connection would always stall in under a minute.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Bug fix:  mv_eng_timeout() calls mv_err_intr() without first grabbing the host lock,
which can lead to all sorts of interesting scenarios.

This whole error-handling portion of sata_mv is nasty (and will get fixed for
the new EH stuff), but for now this patch will help keep it on life-support.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6:
  [PATCH] PCI: reverse pci config space restore order
  [PATCH] PCI: Improve PCI config space writeback
  [PATCH] PCI: Error handling on PCI device resume
  [PATCH] PCI: fix pciehp compile issue when CONFIG_ACPI is not enabled

From: Christoph Lameter <clameter@sgi.com>

Looks like a comma was left from the conversion from a struct to an
assignment.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

According to Intel ICH spec, there are several rules that Base Address
should be programmed before IOSE  (PCICMD register ) enabled.

For example ICH7:

12.1.3  SATA : the base address register for the bus master register
               should be programmed before this bit is set.

11.1.3:  PCICMD (USB): The base address register for USB should be
                       programmed before this bit is set.
....

To make sure kernel code follow this rule , and prevent unnecessary
confusion. I proposal this patch.
Signed-off-by: Luming Yu <luming.yu@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

At least one laptop blew up on resume from suspend with a black screen due
to a lack of this patch.  By only writing back config space that is
different, we minimise the possibility of accidents like this.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

We currently don't handle errors properly when resuming a PCI device:
* In pci_default_resume() we capture the error code returned by
  pci_enable_device() but don't pass it up to the caller.
  Introduced by commit 95a62965
* In pci_resume_device(), the errors possibly returned by the driver's
  .resume method or by the generic pci_default_resume() function are
  ignored.

This patch fixes both issues.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Fix build error when CONFIG_ACPI not defined
Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch sets the max_cache_size value required to tune up
scheduler in SMP systems. Otherwise, the calculated
migration_cost is too high and task scheduling may lock up.
Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: David S. Miller <davem@davemloft.net>

* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Avoid JBUS errors on some Niagara systems.
  [FUSION]: Fix mptspi.c build with CONFIG_PM not set.
  [TG3]: Handle Sun onboard tg3 chips more correctly.
  [SPARC64]: Dump local cpu registers in sun4v_log_error()

From: Milton Miller <miltonm@bga.com>

The add_preferred_console call in rtas_console.c was not causing the
console to be selected.  It turns out that the add_preferred_console was
being called after the hvc_console driver was registered.  It only works
when it is called before the console driver is registered.

Reorder hvc_console.o after the hvc_console drivers to allow the selection
during console_initcall processing.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: Markus Lidel <Markus.Lidel@shadowconnect.com>

- Fixed locking of struct i2o_exec_wait in Executive-OSM

- Removed LCT Notify in i2o_exec_probe() which caused freeing memory and
  accessing freed memory during first enumeration of I2O devices

- Added missing locking in i2o_exec_lct_notify()

- removed put_device() of I2O controller in i2o_iop_remove() which caused
  the controller structure get freed to early

- Fixed size of mempool in i2o_iop_alloc()

- Fixed access to freed memory in i2o_msg_get()

See http://bugzilla.kernel.org/show_bug.cgi?id=6561Signed-off-by: Markus Lidel <Markus.Lidel@shadowconnect.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: Andrew Morton <akpm@osdl.org>

Work around the oops reported in
http://bugzilla.kernel.org/show_bug.cgi?id=6478.

Thanks to Ralf Hildebrandt <ralf.hildebrandt@charite.de> for testing and
reporting.
Acked-by: Dave Jones <davej@codemonkey.org.uk>
Cc: "Brown, Len" <len.brown@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: David Howells <dhowells@redhat.com>

Apply some alterations to the memory barrier document that I worked out
with Paul McKenney of IBM, plus some of the alterations suggested by Alan
Stern.

The following changes were made:

 (*) One of the examples given for what can happen with overlapping memory
     barriers was wrong.

 (*) The description of general memory barriers said that a general barrier is
     a combination of a read barrier and a write barrier.  This isn't entirely
     true: it implies both, but is more than a combination of both.

 (*) The first example in the "SMP Barrier Pairing" section was wrong: the
     loads around the read barrier need to touch the memory locations in the
     opposite order to the stores around the write barrier.

 (*) Added a note to make explicit that the loads should be in reverse order to
     the stores.

 (*) Adjusted the diagrams in the "Examples Of Memory Barrier Sequences"
     section to make them clearer.  Added a couple of diagrams to make it more
     clear as to how it could go wrong without the barrier.

 (*) Added a section on memory speculation.

 (*) Dropped any references to memory allocation routines doing memory
     barriers.  They may do sometimes, but it can't be relied on.  This may be
     worthy of further documentation later.

 (*) Made the fact that a LOCK followed by an UNLOCK should not be considered a
     full memory barrier more explicit and gave an example.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Paul E. McKenney <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
  [PATCH] powerpc: Fix cell blade detection
  [PATCH] powerpc: Fix call to ibm,client-architecture-support
  powerpc: Fix machine check problem on 32-bit kernels

Both Integrator and Versatile were using set_irq_handler() and
enable_irq(), and working around the initialisation of the
chained interrupt, instead of the more correct
set_irq_chained_handler() function.  Fix Integrator and
Versatile to use the right function, and remove these work-arounds.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

Doing PCI config space accesses to non-present PCI slots
can result in fatal JBUS errors if the PCI config access
hypervisor call is performed on cpus other than the boot
cpu.

PCI config space accesses to present PCI slots works just
fine.

Recursively traverse the OBP device tree under the PCI
controller node and record all present device IDs into
a small hash table.

Avoid the hypervisor call for any PCI config space access
attempt for a device not recorded in the hash table.
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Get rid of all the SUN_570X logic and instead:

1) Make sure MEMARB_ENABLE is set when we probe the SRAM
   for config information.  If that is off we will get
   timeouts.

2) Always try to sync with the firmware, if there is no
   firmware running do not treat it as an error and instead
   just report it the first time we notice this condition.

3) If there is no valid SRAM signature, assume the device
   is onboard by setting TG3_FLAG_EEPROM_WRITE_PROT.

Update driver version and release date.

With help from Michael Chan and Fabio Massimo Di Nitto.
Signed-off-by: David S. Miller <davem@davemloft.net>

This makes the debugging information more usable.
Signed-off-by: David S. Miller <davem@davemloft.net>

The IBM Cell blade firmware might confuse the kernel to think it's a
pSeries machine. This fixes it for now. With a bit of luck, the firmware
will be updated to avoid that in the future but currently that patch is
needed.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>

The code in prom_init.c calling the firmware
ibm,client-architecture-support method on pSeries has a bug where it
fails to properly pass the instance handle of the firmware object when
trying to call a method. Result ranges from the call doing nothing to
the firmware crashing. (Found by Segher, thanks !)
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>

This fixes a bug found by Dave Jones that means that it is possible
for userspace to provoke a machine check on 32-bit kernels.  This
also fixes a couple of other places where I found similar problems
by inspection.
Signed-off-by: Paul Mackerras <paulus@samba.org>

* 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  e1000: remove risky prefetch on next_skb->data
  e1000: fix ethtool test irq alloc as "probe"
  [PATCH] bcm43xx: add DMA rx poll workaround to DMA4

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

__futex_atomic_op needs to do an atomic operation in the user address space,
not the kernel address space.  Add the missing sacf 256/sacf 0 to switch to
the secondary mode before doing the compare-and-swap.  In addition add
another fixup for catch specification exceptions if the compare-and-swap
address is not aligned.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Looking at the reiser4 crash, I found a leak in debugfs. In
debugfs_mknod(), we create the inode before checking if the dentry
already has one attached. We don't free it if that is the case.

These bugs happen quite often, I'm starting to think we should disallow
such coding in CodingStyle.
Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

There's a race between shutting down one io scheduler and firing up the
next, in which a new io could enter and cause the io scheduler to be
invoked with bad or NULL data.

To fix this, we need to maintain the queue lock for a bit longer.
Unfortunately we cannot do that, since the elevator init requires to be
run without the lock held.  This isn't easily fixable, without also
changing the mempool API.  So split the initialization into two parts,
and alloc-init operation and an attach operation.  Then we can
preallocate the io scheduler and related structures, and run the attach
inside the lock after we detach the old one.

This patch has survived 30 minutes of 1 second io scheduler switching
with a very busy io load.
Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: Malcom Parsons <malcolm.parsons@gmail.com>

When scrolling up in SCROLL_PAN_REDRAW mode with a large limited scroll
region, the bottom few lines have to be redrawn.  Without this patch, the
wrong text is drawn into these lines, corrupting the display.

Observed in 2.6.14 when running an IRC client in the Nintendo DS linux
port.

I haven't tested if scrolling down has the same problem.
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: Ralf Baechle <ralf@linux-mips.org>

<linux/mempolicy.h> uses struct mm_struct and relies on a definition or
declaration somehow magically being dragged in which may result in a
build:

[...]
  CC      mm/mempolicy.o
In file included from mm/mempolicy.c:69:
include/linux/mempolicy.h:150: warning: ‘struct mm_struct’ declared inside parameter list
include/linux/mempolicy.h:150: warning: its scope is only this definition or declaration, which is probably not what you want
include/linux/mempolicy.h:175: warning: ‘struct mm_struct’ declared inside parameter list
mm/mempolicy.c:622: error: conflicting types for ‘do_migrate_pages’
include/linux/mempolicy.h:175: error: previous declaration of ‘do_migrate_pages’ was here
mm/mempolicy.c:1661: error: conflicting types for ‘mpol_rebind_mm’
include/linux/mempolicy.h:150: error: previous declaration of ‘mpol_rebind_mm’ was here
make[1]: *** [mm/mempolicy.o] Error 1
make: *** [mm] Error 2
[ralf@denk linux-ip35]$

Including <linux/sched.h> is a step into direction of include hell so
fixed by adding a forward declaration of struct mm_struct instead.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>