aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-04-24Char: mxser, fix TIOCMIWAITJiri Slaby
There was schedule() missing in the TIOCMIWAIT ioctl. Solve it by moving the code to the wait_event_interruptible. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Jan Yenya Kasprzak <kas@fi.muni.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24Char: mxser_new, fix TIOCMIWAITJiri Slaby
There was schedule() missing in the TIOCMIWAIT ioctl. Solve it by moving the code to the wait_event_interruptible. Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24Char: mxser_new, fix recursive lockingJan Yenya Kasprzak
Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Acked-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24fix OOM killing processes wrongly thought MPOL_BINDHugh Dickins
I only have CONFIG_NUMA=y for build testing: surprised when trying a memhog to see lots of other processes killed with "No available memory (MPOL_BIND)". memhog is killed correctly once we initialize nodemask in constrained_alloc(). Signed-off-by: Hugh Dickins <hugh@veritas.com> Acked-by: Christoph Lameter <clameter@sgi.com> Acked-by: William Irwin <bill.irwin@oracle.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24Fix possible NULL pointer access in 8250 serial driverTaku Izumi
I encountered the following kernel panic. The cause of this problem was NULL pointer access in check_modem_status() in 8250.c. I confirmed this problem is fixed by the attached patch, but I don't know this is the correct fix. sadc[4378]: NaT consumption 2216203124768 [1] Modules linked in: binfmt_misc dm_mirror dm_mod thermal processor fan container button sg e100 eepro100 mii ehci_hcd ohci_hcd Pid: 4378, CPU 0, comm: sadc psr : 00001210085a2010 ifs : 8000000000000289 ip : [<a000000100482071>] Not tainted ip is at check_modem_status+0xf1/0x360 Call Trace: [<a000000100013940>] show_stack+0x40/0xa0 [<a0000001000145a0>] show_regs+0x840/0x880 [<a0000001000368e0>] die+0x1c0/0x2c0 [<a000000100036a30>] die_if_kernel+0x50/0x80 [<a000000100037c40>] ia64_fault+0x11e0/0x1300 [<a00000010000bdc0>] ia64_leave_kernel+0x0/0x280 [<a000000100482070>] check_modem_status+0xf0/0x360 [<a000000100482300>] serial8250_get_mctrl+0x20/0xa0 [<a000000100478170>] uart_read_proc+0x250/0x860 [<a0000001001c16d0>] proc_file_read+0x1d0/0x4c0 [<a0000001001394b0>] vfs_read+0x1b0/0x300 [<a000000100139cd0>] sys_read+0x70/0xe0 [<a00000010000bc20>] ia64_ret_from_syscall+0x0/0x20 [<a000000000010620>] __kernel_syscall_via_break+0x0/0x20 Fix the possible NULL pointer access in check_modem_status() in 8250.c. The check_modem_status() would access 'info' member of uart_port structure, but it is not initialized before uart_open() is called. The check_modem_status() can be called through /proc/tty/driver/serial before uart_open() is called. Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Signed-off-by: Taku Izumi <izumi2005@soft.fujitsu.com> Cc: Russell King <rmk@arm.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24oom: kill all threads that share mm with killed taskDavid Rientjes
oom_kill_task() calls __oom_kill_task() to OOM kill a selected task. When finding other threads that share an mm with that task, we need to kill those individual threads and not the same one. (Bug introduced by f2a2a7108aa0039ba7a5fe7a0d2ecef2219a7584) Acked-by: William Irwin <bill.irwin@oracle.com> Acked-by: Christoph Lameter <clameter@engr.sgi.com> Cc: Nick Piggin <npiggin@suse.de> Cc: Andrew Morton <akpm@osdl.org> Cc: Andi Kleen <ak@suse.de> Signed-off-by: David Rientjes <rientjes@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-23Add missing USRobotics Wireless Adapter (Model 5423) id into zd1211rwS.Çağlar Onur
USRobotics Wireless Adapter (Model 5423) works well with current zd1211rw driver also (i have tested 2.6.18, 2.6.20 and 2.6.21-rc7). It just needs its ID added to the list of devices. Signed-off-by: S.Çağlar Onur <caglar@pardus.org.tr> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-23Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SUNHME]: Fix module unload. [SUNLANCE]: Fix module unload. [SUNQE]: Fix MAC address assignment. [SBUS] vfc_dev.c: kzalloc
2007-04-23Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [PPP]: Fix skbuff.c:BUG due incorrect logic in process_input_packet()
2007-04-21[SUNHME]: Fix module unload.Marcel van Nies
Signed-off-by: Marcel van Nies <morcles@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-21[SUNLANCE]: Fix module unload.Marcel van Nies
Signed-off-by: Marcel van Nies <morcles@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-21[SUNQE]: Fix MAC address assignment.Marcel van Nies
The MAC address assignment at module loading is simply forgotten. The bug at module unloading is caused by an incorrect call. The bug at module unloading does not only happen for sunqe, sunlance and sunhme (sbus) suffer from it too. I've tested this on my SS20. Signed-off-by: Marcel van Nies <morcles@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-21[SBUS] vfc_dev.c: kzallocvignesh babu
Replacing kmalloc/memset combination with kzalloc. Signed-off-by: vignesh babu <vignesh.babu@wipro.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-20Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6: ide/Kconfig: add missing range check for IDE_MAX_HWIFS hpt366: fix kernel oops with HPT302N ide/pci/delkin_cb.c: add new PCI ID
2007-04-20Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Fix wrong checksum for split TCP packets on 64-bit MIPS [MIPS] Fix BUG(), BUG_ON() handling [MIPS] Retry {save,restore}_fp_context if failed in atomic context. [MIPS] Disallow CpU exception in kernel again. [MIPS] Add missing silicon revisions for BCM112x
2007-04-20RPC: Fix the TCP resend semantics for NFSv4Trond Myklebust
Fix a regression due to the patch "NFS: disconnect before retrying NFSv4 requests over TCP" The assumption made in xprt_transmit() that the condition "req->rq_bytes_sent == 0 and request is on the receive list" should imply that we're dealing with a retransmission is false. Firstly, it may simply happen that the socket send queue was full at the time the request was initially sent through xprt_transmit(). Secondly, doing this for each request that was retransmitted implies that we disconnect and reconnect for _every_ request that happened to be retransmitted irrespective of whether or not a disconnection has already occurred. Fix is to move this logic into the call_status request timeout handler. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20NFS: Fix race in nfs_set_page_dirtyTrond Myklebust
Protect nfs_set_page_dirty() against races with nfs_inode_add_request. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20NFS: Fix the 'desynchronized value of nfs_i.ncommit' errorTrond Myklebust
Redirtying a request that is already marked for commit will screw up the accounting for NR_UNSTABLE_NFS as well as nfs_i.ncommit. Ensure that all requests on the commit queue are labelled with the PG_NEED_COMMIT flag, and avoid moving them onto the dirty list inside nfs_page_mark_flush(). Also inline nfs_mark_request_dirty() into nfs_page_mark_flush() for atomicity reasons. Avoid dropping the spinlock until we're done marking the request in the radix tree and have added it to the ->dirty list. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20NFS: Don't clear PG_writeback until after we've processed unstable writesTrond Myklebust
Ensure that we don't release the PG_writeback lock until after the page has either been redirtied, or queued on the nfs_inode 'commit' list. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20NFS: clean up the unstable write codeTrond Myklebust
Get rid of the inlined #ifdefs. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20Longhaul - Revert ACPI C3 on Longhaul ver. 2Dave Jones
Support for Longhaul ver. 2 broke driver for VIA C3 Eden 600MHz with Samuel 2 core. Processor is not able to switch frequency anymore. I don't know much about this issue at the moment, but until (if ever) I will know why, this part should be reversed. Signed-off-by: Rafal Bilski <rafalbilski@interia.pl> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20cfq-iosched: fix sequential write regressionJens Axboe
We have a 10-15% performance regression for sequential writes on TCQ/NCQ enabled drives in 2.6.21-rcX after the CFQ update went in. It has been reported by Valerie Clement <valerie.clement@bull.net> and the Intel testing folks. The regression is because of CFQ's now more aggressive queue control, limiting the depth available to the device. This patches fixes that regression by allowing a greater depth when only one queue is busy. It has been tested to not impact sync-vs-async workloads too much - we still do a lot better than 2.6.20. Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-20ide/Kconfig: add missing range check for IDE_MAX_HWIFSBartlomiej Zolnierkiewicz
ide_hwif_to_major[] has only 10 entries as there are 10 major numbers reserved for IDE (if somebody needs more it shouldn't be hard to fix). Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-04-20hpt366: fix kernel oops with HPT302NSergei Shtylyov
The driver crashes the kernel on HPT302N chips due to the missing initializer for 'hpt302n.settings' having been unfortunately overlooked so far. :-< Much thanks to Mike Mattie for pin-pointing the reason of crash. Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-04-20ide/pci/delkin_cb.c: add new PCI IDMark Lord
Add PCI ID for a newer variant of cardbus CF/IDE adapter card. Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-04-20[MIPS] Fix wrong checksum for split TCP packets on 64-bit MIPSDave Johnson
I've traced down an off-by-one TCP checksum calculation error under the following conditions: 1) The TCP code needs to split a full-sized packet due to a reduced MSS (typically due to the addition of TCP options mid-stream like SACK). _AND_ 2) The checksum of the 2nd fragment is larger than the checksum of the original packet. After subtraction this results in a checksum for the 1st fragment with bits 16..31 set to 1. (this is ok) _AND_ 3) The checksum of the 1st fragment's TCP header plus the previously 32bit checksum of the 1st fragment DOES NOT cause a 32bit overflow when added together. This results in a checksum of the TCP header plus TCP data that still has the upper 16 bits as 1's. _THEN_ 4) The TCP+data checksum is added to the checksum of the pseudo IP header with csum_tcpudp_nofold() incorrectly (the bug). The problem is the checksum of the TCP+data is passed to csum_tcpudp_nofold() as an 32bit unsigned value, however the assembly code acts on it as if it is a 64bit unsigned value. This causes an incorrect 32->64bit extension if the sum has bit 31 set. The resulting checksum is off by one. This problems is data and TCP header dependent due to #2 and #3 above so it doesn't occur on every TCP packet split. Signed-off-by: Dave Johnson <djohnson+linux-mips@sw.starentnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-04-20[MIPS] Fix BUG(), BUG_ON() handlingAtsushi Nemoto
With commit 63dc68a8cf60cb110b147dab1704d990808b39e2, kernel can not handle BUG() and BUG_ON() properly since get_user() returns false for kernel code. Use __get_user() to skip unnecessary access_ok(). This patch also make BRK_BUG code encoded in the TNE instruction. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-04-20[MIPS] Retry {save,restore}_fp_context if failed in atomic context.Atsushi Nemoto
The save_fp_context()/restore_fp_context() might sleep on accessing user stack and therefore might lose FPU ownership in middle of them. If these function failed due to "in_atomic" test in do_page_fault, touch the sigcontext area in non-atomic context and retry these save/restore operation. This is a replacement of a (broken) fix which was titled "Allow CpU exception in kernel partially". Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-04-20[MIPS] Disallow CpU exception in kernel again.Atsushi Nemoto
The commit 4d40bff7110e9e1a97ff8c01bdd6350e9867cc10 ("Allow CpU exception in kernel partially") was broken. The commit was to fix theoretical problem but broke usual case. Revert it for now. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-04-20[MIPS] Add missing silicon revisions for BCM112xMark Mason
Recent versions of the BCM112X processors aren't recognized by Linux (preventing Linux from booting on those processors). This patch adds support for those that are missing. Signed-off-by: Mark Mason <mason@broadcom.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-04-19Revert "e1000: fix NAPI performance on 4-port adapters"Linus Torvalds
This reverts commit 60cba200f11b6f90f35634c5cd608773ae3721b7. It's been linked to lockups of the e1000 hardware, see for example https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229603 but it's likely that the commit itself is not really introducing the bug, but just allowing an unrelated problem to rear its ugly head (ie one current working theory is that the code exposes us to a hardware race condition by decreasing the amount of time we spend in each NAPI poll cycle). We'll revert it until root cause is known. Intel has a repeatable reproduction on two different machines and bus traces of the hardware doing something bad. Acked-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Cc: Jeff Garzik <jeff@garzik.org> Cc: David S. Miller <davem@davemloft.net> Cc: Greg KH <gregkh@suse.de> Cc: Dave Jones <davej@redhat.com> Cc: Auke Kok <auke-jan.h.kok@intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-19Merge branch 'upstream-linus' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev: pata_sis: Fix oops on boot
2007-04-19pata_sis: Fix oops on bootAlan Cox
A small number of SiS setups require special handling (not many judging by how long this dumb bug survived). A couple of Fedora 7 devel testers hit an Oops on pata_sis loading which is caused by terminal confusion between chipset as 'the chipset we have found' and chipset as 'array iterator' Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19[PPP]: Fix skbuff.c:BUG due incorrect logic in process_input_packet()Paul Mackerras
From: Paul Mackerras <paulus@samba.org> This fixes: Subject: kernel BUG at net/core/skbuff.c in linux-2.6.21-rc6 process_input_packet() treats the case where the first byte is 0xff (PPP_ALLSTATIONS) but the second byte is 0x03 (PPP_UI) as indicating a packet with a PPP protocol number of 0xff. Arguably that's wrong since PPP protocol 0xff is reserved, and the RFC does envision the possibility of receiving frames where the control field has values other than 0x03. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-19sky2: version 1.14Stephen Hemminger
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19sky2: no jumbo on Yukon FEStephen Hemminger
The Yukon FE (100mbit only) chips do not support large packets. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19sky2: EC-U performance and jumbo supportStephen Hemminger
The Yukon EC Ultra chips have transmit settings for store and forward and PCI buffering. By setting these appropriately, normal performance goes from 750Mbytes/sec to 940Mbytes/sec (non-jumbo). It is also possible to do Jumbo mode, but it means turning off TSO and checksum offload so the performance gets worse. There isn't enough buffering for checksum offload to work. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19sky2: disable ASF on all chip typesStephen Hemminger
Need to make sure and disable ASF on all chip types. Otherwise, there may be random reboots. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19sky2: handle descriptor errorsStephen Hemminger
There should never be descriptor error unless hardware or driver is buggy. But if an error occurs, print useful information, clear irq, and recover. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19sky2: disable support for 88E8056Stephen Hemminger
This device is having all sorts of problems that lead to data corruption and system instability. It gets receive status and data out of order, it generates descriptor and TSO errors, etc. Until the problems are resolved, it should not be used by anyone who cares about there system. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19gianfar needs crc32 lib dependencyDave Jiang
Gianfar needs crc32 to be selected to compile. Signed-off-by: Dave Jiang <djiang@mvista.com> -- drivers/net/Kconfig | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) -- Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19spidernet: Fix problem sending IP fragmentsLinas Vepstas
The basic structure of "normal" UDP/IP/Ethernet frames (that actually work): - It starts with the Ethernet header (dest MAC, src MAC, etc.) - The next part is occupied by the IP header (version info, length of packet, id=0, fragment offset=0, checksum, from / to address, etc.) - Then comes the UDP header (src / dest port, length, checksum) - Actual payload - Ethernet checksum Now what's different for IP fragment: - The IP header has id set to some value (same for all fragments), offset is set appropriately (i.e. 0 for first fragment, following according to size of other fragments), size is the length of the frame. - UDP header is unchanged. I.e. length is according to full UDP datagram, not just the part within the actual frame! But this is only true within the first frame: all following frames don't have a valid UDP-header at all. The spidernet silicon seems to be quite intelligent: It's able to compute (IP / UDP / Ethernet) checksums on the fly and tests if frames are conforming to RFC -- at least conforming to RFC on complete frames. But IP fragments are different as explained above: I.e. for IP fragments containing part of a UDP datagram it sees incompatible length in the headers for IP and UDP in the first frame and, thus, skips this frame. But the content *is* correct for IP fragments. For all following frames it finds (most probably) no valid UDP header at all. But this *is* also correct for IP fragments. The Linux IP-stack seems to be clever in this point. It expects the spidernet to calculate the checksum (since the module claims to be able to do so) and marks the skb's for "normal" frames accordingly (ip_summed set to CHECKSUM_HW). But for the IP fragments it does not expect the driver to be capable to handle the frames appropriately. Thus all checksums are allready computed. This is also flaged within the skb (ip_summed set to CHECKSUM_NONE). Unfortunately the spidernet driver ignores that hints. It tries to send the IP fragments of UDP datagrams as normal UDP/IP frames. Since they have different structure the silicon detects them the be not "well-formed" and skips them. The following one-liner against 2.6.21-rc2 changes this behavior. If the IP-stack claims to have done the checksumming, the driver should not try to checksum (and analyze) the frame but send it as is. Signed-off-by: Norbert Eicker <n.eicker@fz-juelich.de> Signed-off-by: Linas Vepstas <linas@austin.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19cxgb3 - PHY interrupts and GPIO pins.Divy Le Ray
Remove assumption that PHY interrupts use GPIOs 3 and 5. Deal with PHY interrupts connected to any GPIO pins. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19cxgb3 - Fix low memory conditionsDivy Le Ray
Reuse the incoming skb when a clientless abort req is recieved. The release of RDMA connections HW resources might be deferred in low memory situations. Ensure that no further activity is passed up to the RDMA driver for these connections. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-04-19Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvmLinus Torvalds
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm: KVM: Fix off-by-one when writing to a nonpae guest pde
2007-04-19KVM: Fix off-by-one when writing to a nonpae guest pdeAvi Kivity
Nonpae guest pdes are shadowed by two pae ptes, so we double the offset twice: once to account for the pte size difference, and once because we need to shadow pdes for a single guest pde. But when writing to the upper guest pde we also need to truncate the lower bits, otherwise the multiply shifts these bits into the pde index and causes an access to the wrong shadow pde. If we're at the end of the page (accessing the very last guest pde) we can even overflow into the next host page and oops. Signed-off-by: Avi Kivity <avi@qumranet.com>
2007-04-18[NETLINK]: Don't attach callback to a going-away netlink socketDenis Lunev
There is a race between netlink_dump_start() and netlink_release() that can lead to the situation when a netlink socket with non-zero callback is freed. Here it is: CPU1: CPU2 netlink_release(): netlink_dump_start(): sk = netlink_lookup(); /* OK */ netlink_remove(); spin_lock(&nlk->cb_lock); if (nlk->cb) { /* false */ ... } spin_unlock(&nlk->cb_lock); spin_lock(&nlk->cb_lock); if (nlk->cb) { /* false */ ... } nlk->cb = cb; spin_unlock(&nlk->cb_lock); ... sock_orphan(sk); /* * proceed with releasing * the socket */ The proposal it to make sock_orphan before detaching the callback in netlink_release() and to check for the sock to be SOCK_DEAD in netlink_dump_start() before setting a new callback. Signed-off-by: Denis Lunev <den@openvz.org> Signed-off-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Pavel Emelianov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-18[IrDA]: Correctly handling socket errorOlaf Kirch
This patch fixes an oops first reported in mid 2006 - see http://lkml.org/lkml/2006/8/29/358 The cause of this bug report is that when an error is signalled on the socket, irda_recvmsg_stream returns without removing a local wait_queue variable from the socket's sk_sleep queue. This causes havoc further down the road. In response to this problem, a patch was made that invoked sock_orphan on the socket when receiving a disconnect indication. This is not a good fix, as this sets sk_sleep to NULL, causing applications sleeping in recvmsg (and other places) to oops. This is against the latest net-2.6 and should be considered for -stable inclusion. Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-18[SCTP]: Do not interleave non-fragments when in partial deliveryVlad Yasevich
The way partial delivery is currently implemnted, it is possible to intereleave a message (either from another steram, or unordered) that is not part of partial delivery process. The only way to this is for a message to not be a fragment and be 'in order' or unorderd for a given stream. This will result in bypassing the reassembly/ordering queues where things live duing partial delivery, and the message will be delivered to the socket in the middle of partial delivery. This is a two-fold problem, in that: 1. the app now must check the stream-id and flags which it may not be doing. 2. this clearing partial delivery state from the association and results in ulp hanging. This patch is a band-aid over a much bigger problem in that we don't do stream interleave. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-18[IPSEC] af_key: Fix thinko in pfkey_xfrm_policy2msg()David S. Miller
Make sure to actually assign the determined mode to rq->sadb_x_ipsecrequest_mode. Noticed by Joe Perches. Signed-off-by: David S. Miller <davem@davemloft.net>