<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/include, branch v2.6.33.17</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/include?h=v2.6.33.17</id>
<link rel='self' href='https://git.amat.us/linux/atom/include?h=v2.6.33.17'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2011-08-08T17:36:11Z</updated>
<entry>
<title>drm/i915: Fix typo in DRM_I915_OVERLAY_PUT_IMAGE ioctl define</title>
<updated>2011-08-08T17:36:11Z</updated>
<author>
<name>Ole Henrik Jahren</name>
<email>olehenja@alumni.ntnu.no</email>
</author>
<published>2011-07-22T13:56:01Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=8b65599076036bbb2830391b0ca00f2d9f4bd5ce'/>
<id>urn:sha1:8b65599076036bbb2830391b0ca00f2d9f4bd5ce</id>
<content type='text'>
commit 842d452985300f4ec14c68cb86046e8a1a3b7251 upstream.

Because of a typo, calling ioctl with DRM_IOCTL_I915_OVERLAY_PUT_IMAGE
is broken if the macro is used directly. When using libdrm the bug is
not hit, since libdrm handles the ioctl encoding internally.

The typo also leads to the .cmd and .cmd_drv fields of the drm_ioctl
structure for DRM_I915_OVERLAY_PUT_IMAGE having inconsistent content.

Signed-off-by: Ole Henrik Jahren &lt;olehenja@alumni.ntnu.no&gt;
Acked-by: Daniel Vetter &lt;daniel.vetter@ffwll.ch&gt;
Signed-off-by: Keith Packard &lt;keithp@keithp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>gro: Only reset frag0 when skb can be pulled</title>
<updated>2011-08-08T17:35:52Z</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2011-07-27T13:16:28Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=d2b8665554f9c074e7290801584b1a1a82d2ed27'/>
<id>urn:sha1:d2b8665554f9c074e7290801584b1a1a82d2ed27</id>
<content type='text'>
commit 17dd759c67f21e34f2156abcf415e1f60605a188 upstream.

Currently skb_gro_header_slow unconditionally resets frag0 and
frag0_len.  However, when we can't pull on the skb this leaves
the GRO fields in an inconsistent state.

This patch fixes this by only resetting those fields after the
pskb_may_pull test.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>mm: prevent concurrent unmap_mapping_range() on the same inode</title>
<updated>2011-07-13T03:31:27Z</updated>
<author>
<name>Miklos Szeredi</name>
<email>mszeredi@suse.cz</email>
</author>
<published>2011-02-23T12:49:47Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=7cf46ba5d43e2596e559df7988eaf7ada966a6c8'/>
<id>urn:sha1:7cf46ba5d43e2596e559df7988eaf7ada966a6c8</id>
<content type='text'>
commit 2aa15890f3c191326678f1bd68af61ec6b8753ec upstream.

Michael Leun reported that running parallel opens on a fuse filesystem
can trigger a "kernel BUG at mm/truncate.c:475"

Gurudas Pai reported the same bug on NFS.

The reason is, unmap_mapping_range() is not prepared for more than
one concurrent invocation per inode.  For example:

  thread1: going through a big range, stops in the middle of a vma and
     stores the restart address in vm_truncate_count.

  thread2: comes in with a small (e.g. single page) unmap request on
     the same vma, somewhere before restart_address, finds that the
     vma was already unmapped up to the restart address and happily
     returns without doing anything.

Another scenario would be two big unmap requests, both having to
restart the unmapping and each one setting vm_truncate_count to its
own value.  This could go on forever without any of them being able to
finish.

Truncate and hole punching already serialize with i_mutex.  Other
callers of unmap_mapping_range() do not, and it's difficult to get
i_mutex protection for all callers.  In particular -&gt;d_revalidate(),
which calls invalidate_inode_pages2_range() in fuse, may be called
with or without i_mutex.

This patch adds a new mutex to 'struct address_space' to prevent
running multiple concurrent unmap_mapping_range() on the same mapping.

[ We'll hopefully get rid of all this with the upcoming mm
  preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex
  lockbreak" patch in particular.  But that is for 2.6.39 ]

Signed-off-by: Miklos Szeredi &lt;mszeredi@suse.cz&gt;
Reported-by: Michael Leun &lt;lkml20101129@newton.leun.net&gt;
Reported-by: Gurudas Pai &lt;gurudas.pai@oracle.com&gt;
Tested-by: Gurudas Pai &lt;gurudas.pai@oracle.com&gt;
Acked-by: Hugh Dickins &lt;hughd@google.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>af_packet: prevent information leak</title>
<updated>2011-07-13T03:31:27Z</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2011-06-07T05:42:06Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=26d3cbdece9463926d553dbeed3df10af22bb161'/>
<id>urn:sha1:26d3cbdece9463926d553dbeed3df10af22bb161</id>
<content type='text'>
[ Upstream commit 13fcb7bd322164c67926ffe272846d4860196dc6 ]

In 2.6.27, commit 393e52e33c6c2 (packet: deliver VLAN TCI to userspace)
added a small information leak.

Add padding field and make sure its zeroed before copy to user.

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
CC: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
<entry>
<title>bug.h: Add WARN_RATELIMIT</title>
<updated>2011-07-13T03:31:26Z</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2011-05-21T07:48:39Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=7cad013caa9a0f16f47b1b5139b67bdf1bf5c7d1'/>
<id>urn:sha1:7cad013caa9a0f16f47b1b5139b67bdf1bf5c7d1</id>
<content type='text'>
[ Upstream commit b3eec79b0776e5340a3db75b34953977c7e5086e ]

Add a generic mechanism to ratelimit WARN(foo, fmt, ...) messages
using a hidden per call site static struct ratelimit_state.

Also add an __WARN_RATELIMIT variant to be able to use a specific
struct ratelimit_state.

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
<entry>
<title>netlink: Make nlmsg_find_attr take a const nlmsghdr*.</title>
<updated>2011-07-13T03:31:26Z</updated>
<author>
<name>Nelson Elhage</name>
<email>nelhage@ksplice.com</email>
</author>
<published>2010-11-03T16:35:40Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=29ee67cbbaac453bea60fcf843e91b9cb3f49874'/>
<id>urn:sha1:29ee67cbbaac453bea60fcf843e91b9cb3f49874</id>
<content type='text'>
commit 6b8c92ba07287578718335ce409de8e8d7217e40 upstream.

This will let us use it on a nlmsghdr stored inside a netlink_callback.

Signed-off-by: Nelson Elhage &lt;nelhage@ksplice.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>clocksource: Make watchdog robust vs. interruption</title>
<updated>2011-07-13T03:31:23Z</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@linutronix.de</email>
</author>
<published>2011-06-16T14:22:08Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=43b951e4185f3132e77e6340d1aed42e90618e4b'/>
<id>urn:sha1:43b951e4185f3132e77e6340d1aed42e90618e4b</id>
<content type='text'>
commit b5199515c25cca622495eb9c6a8a1d275e775088 upstream.

The clocksource watchdog code is interruptible and it has been
observed that this can trigger false positives which disable the TSC.

The reason is that an interrupt storm or a long running interrupt
handler between the read of the watchdog source and the read of the
TSC brings the two far enough apart that the delta is larger than the
unstable treshold. Move both reads into a short interrupt disabled
region to avoid that.

Reported-and-tested-by: Vernon Mauery &lt;vernux@us.ibm.com&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>pata_cm64x: fix boot crash on parisc</title>
<updated>2011-06-23T22:28:42Z</updated>
<author>
<name>James Bottomley</name>
<email>James.Bottomley@suse.de</email>
</author>
<published>2011-04-24T19:30:14Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=d1ce81094e627b7d1f3b64ae3c727b4e8e63f2f4'/>
<id>urn:sha1:d1ce81094e627b7d1f3b64ae3c727b4e8e63f2f4</id>
<content type='text'>
commit 9281b16caac1276817b77033c5b8a1f5ca30102c upstream.

The old IDE cmd64x checks the status of the CNTRL register to see if
the ports are enabled before probing them.  pata_cmd64x doesn't do
this, which causes a HPMC on parisc when it tries to poke at the
secondary port because apparently the BAR isn't wired up (and a
non-responding piece of memory causes a HPMC).

Fix this by porting the CNTRL register port detection logic from IDE
cmd64x.  In addition, following converns from Alan Cox, add a check to
see if a mobility electronics bridge is the immediate parent and forgo
the check if it is (prevents problems on hotplug controllers).

Signed-off-by: James Bottomley &lt;James.Bottomley@suse.de&gt;
Signed-off-by: Jeff Garzik &lt;jgarzik@pobox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>seqlock: Don't smp_rmb in seqlock reader spin loop</title>
<updated>2011-06-23T22:28:35Z</updated>
<author>
<name>Milton Miller</name>
<email>miltonm@bga.com</email>
</author>
<published>2011-05-12T09:13:54Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=f9d42dd4fc06dac8ccbcdc0f4777c311355b9429'/>
<id>urn:sha1:f9d42dd4fc06dac8ccbcdc0f4777c311355b9429</id>
<content type='text'>
commit 5db1256a5131d3b133946fa02ac9770a784e6eb2 upstream.

Move the smp_rmb after cpu_relax loop in read_seqlock and add
ACCESS_ONCE to make sure the test and return are consistent.

A multi-threaded core in the lab didn't like the update
from 2.6.35 to 2.6.36, to the point it would hang during
boot when multiple threads were active.  Bisection showed
af5ab277ded04bd9bc6b048c5a2f0e7d70ef0867 (clockevents:
Remove the per cpu tick skew) as the culprit and it is
supported with stack traces showing xtime_lock waits including
tick_do_update_jiffies64 and/or update_vsyscall.

Experimentation showed the combination of cpu_relax and smp_rmb
was significantly slowing the progress of other threads sharing
the core, and this patch is effective in avoiding the hang.

A theory is the rmb is affecting the whole core while the
cpu_relax is causing a resource rebalance flush, together they
cause an interfernce cadance that is unbroken when the seqlock
reader has interrupts disabled.

At first I was confused why the refactor in
3c22cd5709e8143444a6d08682a87f4c57902df3 (kernel: optimise
seqlock) didn't affect this patch application, but after some
study that affected seqcount not seqlock. The new seqcount was
not factored back into the seqlock.  I defer that the future.

While the removal of the timer interrupt offset created
contention for the xtime lock while a cpu does the
additonal work to update the system clock, the seqlock
implementation with the tight rmb spin loop goes back much
further, and is just waiting for the right trigger.

Signed-off-by: Milton Miller &lt;miltonm@bga.com&gt;
Cc: &lt;linuxppc-dev@lists.ozlabs.org&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Andi Kleen &lt;andi@firstfloor.org&gt;
Cc: Nick Piggin &lt;npiggin@kernel.dk&gt;
Cc: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: Anton Blanchard &lt;anton@samba.org&gt;
Cc: Paul McKenney &lt;paulmck@linux.vnet.ibm.com&gt;
Acked-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Link: http://lkml.kernel.org/r/%3Cseqlock-rmb%40mdm.bga.com%3E
Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>ptrace: Prepare to fix racy accesses on task breakpoints</title>
<updated>2011-05-23T18:22:56Z</updated>
<author>
<name>Frederic Weisbecker</name>
<email>fweisbec@gmail.com</email>
</author>
<published>2011-04-07T14:53:20Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=e12f87c3a2414e032610a0ff96402f2526983a76'/>
<id>urn:sha1:e12f87c3a2414e032610a0ff96402f2526983a76</id>
<content type='text'>
commit bf26c018490c2fce7fe9b629083b96ce0e6ad019 upstream.

When a task is traced and is in a stopped state, the tracer
may execute a ptrace request to examine the tracee state and
get its task struct. Right after, the tracee can be killed
and thus its breakpoints released.
This can happen concurrently when the tracer is in the middle
of reading or modifying these breakpoints, leading to dereferencing
a freed pointer.

Hence, to prepare the fix, create a generic breakpoint reference
holding API. When a reference on the breakpoints of a task is
held, the breakpoints won't be released until the last reference
is dropped. After that, no more ptrace request on the task's
breakpoints can be serviced for the tracer.

Reported-by: Oleg Nesterov &lt;oleg@redhat.com&gt;
Signed-off-by: Frederic Weisbecker &lt;fweisbec@gmail.com&gt;
Cc: Ingo Molnar &lt;mingo@elte.hu&gt;
Cc: Peter Zijlstra &lt;a.p.zijlstra@chello.nl&gt;
Cc: Will Deacon &lt;will.deacon@arm.com&gt;
Cc: Prasad &lt;prasad@linux.vnet.ibm.com&gt;
Cc: Paul Mundt &lt;lethal@linux-sh.org&gt;
Link: http://lkml.kernel.org/r/1302284067-7860-2-git-send-email-fweisbec@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
</feed>
