GitHub/LineageOS/android_kernel_samsung_universal7580.git
15 years ago[S390] vmur: Invalid allocation sequence for vmur class
Michael Holzheu [Fri, 11 Sep 2009 08:28:49 +0000 (10:28 +0200)]
[S390] vmur: Invalid allocation sequence for vmur class

The vmur class is allocated after the CCW driver is registered
and it is destroyed before the CCW driver is unregistered.
This is not the correct sequence, because the vmur class can be used
via driver core callbacks that are triggered during the CCW driver
deregistration. For Example:

1. vmur device is online
2. vmur module is unloaded

This leads to the following function call stack:

    <4> [<0000000000387286>] device_destroy+0x36/0x5c
    <4> [<000003e000209714>] ur_set_offline_force+0x9c/0x10c [vmur]
    <4> [<000003e00020a928>] ur_remove+0x64/0xbc [vmur]
    <4> [<00000000003e4d2e>] ccw_device_remove+0x42/0x1ac
    <4> [<000000000038a1aa>] __device_release_driver+0x9a/0xe4
    <4> [<000000000038a2da>] driver_detach+0xe6/0xec
    <4> [<0000000000388ee4>] bus_remove_driver+0xc0/0x108
    <4> [<000003e00020ad5a>] ur_exit+0x52/0x84 [vmur]

In device_destroy() the vmur class is used. Since it is already freed,
this can lead to a kernel panic.

To fix the problem, the vmur class has to be allocated before the CCW
driver is registered and destroyed after the CCW driver has ben unregistered.

Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] hypfs: remove useless variable qname
Vitaliy Gusev [Fri, 11 Sep 2009 08:28:48 +0000 (10:28 +0200)]
[S390] hypfs: remove useless variable qname

Local variable 'qname' in the function hypfs_create_file() really is not
used for any purpose.

Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Cc: Michael Holzheu <holzheu@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] add call home support
Hans-Joachim Picht [Fri, 11 Sep 2009 08:28:47 +0000 (10:28 +0200)]
[S390] add call home support

Signed-off-by: Hans-Joachim Picht <hans@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] remove unused irq_cpustat_t defintion
Christoph Hellwig [Fri, 11 Sep 2009 08:28:46 +0000 (10:28 +0200)]
[S390] remove unused irq_cpustat_t defintion

No need to defined a irq_cpustat_t type if __ARCH_IRQ_STAT is defined.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] kernel: always keep machine flags in lowcore
Heiko Carstens [Fri, 11 Sep 2009 08:28:45 +0000 (10:28 +0200)]
[S390] kernel: always keep machine flags in lowcore

Eleminate the local variable machine_flags and always change machine
flags directly in the lowcore.
This avoids confusion about when and why the two variables have to be
synchronized.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] clean up linker script using new linker script macros.
Nelson Elhage [Fri, 11 Sep 2009 08:28:44 +0000 (10:28 +0200)]
[S390] clean up linker script using new linker script macros.

Note that this patch moves .data.init_task inside _edata.  In
addition, the alignment of .init.ramfs changes: It is now PAGE_ALIGNED
and __initramfs_end is arbitrarily aligned; Previously it was
only aligned to a 0x100-byte boundary, and always ended on an even
byte.

This change results in fewer output sections and in some data being
reordered, but should have no functional effect.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Tim Abbott <tabbott@ksplice.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] Use macros for .data.page_aligned.
Tim Abbott [Fri, 11 Sep 2009 08:28:43 +0000 (10:28 +0200)]
[S390] Use macros for .data.page_aligned.

.data.page_aligned should not need a separate output section, so as
part of this cleanup I moved into the .data output section in the
linker scripts in order to eliminate unnecessary references to the
section name.

Remove the reference to .data.idt, since nothing is put into the
.data.idt section on the s390 architecture.  It looks like Cyrill
Gorcunov posted a patch to remove the .data.idt code on s390
previously:

<http://lkml.indiana.edu/hypermail/linux/kernel/0802.2/2536.html>

CCing him and the people who acked that patch in case there's a reason
it wasn't applied.

Signed-off-by: Tim Abbott <tabbott@ksplice.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] move (io|sysc)_restore_trace_psw into .data section
Hendrik Brueckner [Fri, 11 Sep 2009 08:28:42 +0000 (10:28 +0200)]
[S390] move (io|sysc)_restore_trace_psw into .data section

The sysc_restore_trace_psw and io_restore_trace_psw storage locations
are created in the .text section. When creating and IPLing from a named
saved system (NSS), writing to these locations causes a protection exception
(because the .text section is mapped as shared read-only in the NSS).

To permit write access, move the storage locations into the .data section.

The problem occurs only when CONFIG_TRACE_IRQFLAGS is set.
The git commmit that has introduced these variables is:
411788ea7fca01ee803af8225ac35807b4d02050

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] kernel: Convert upper case scpdata to lower case
Hendrik Brueckner [Fri, 11 Sep 2009 08:28:41 +0000 (10:28 +0200)]
[S390] kernel: Convert upper case scpdata to lower case

If the CP SET LOADDEV on the 3215 console has been used to specify
SCPdata, all data is converted to upper case letters.

When scpdata contains upper case letters only, convert all letters
to lower case.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] kernel: Append scpdata to kernel boot command line
Hendrik Brueckner [Fri, 11 Sep 2009 08:28:40 +0000 (10:28 +0200)]
[S390] kernel: Append scpdata to kernel boot command line

Append scpdata to the kernel boot command line. If scpdata starts
with the equal sign (=), the kernel boot command line is replaced.
(For consistency with zIPL and IPL PARM parameters.)

To use scpdata for the kernel boot command line, scpdata must consist
of ascii characters only. If scpdata contains other characters,
scpdata is not appended to the kernel boot command line.
In addition, re-IPL is extended for setting scpdata for the next
Linux reboot.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] tape: use init_timer_on_stack() rather than init_timer()
Frank Munzert [Fri, 11 Sep 2009 08:28:39 +0000 (10:28 +0200)]
[S390] tape: use init_timer_on_stack() rather than init_timer()

With CONFIG_DEBUG_OBJECTS_TIMERS=y "chccwdev --online" for a tape device
will fail with message "ODEBUG: object is on stack, but not annotated".
We now use init_timer_on_stack.

Signed-off-by: Frank Munzert <munzert@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] proper use of device register
Sebastian Ott [Fri, 11 Sep 2009 08:28:38 +0000 (10:28 +0200)]
[S390] proper use of device register

Don't use kfree directly after device registration started.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] hibernation: merge files and move to kernel/
Heiko Carstens [Fri, 11 Sep 2009 08:28:37 +0000 (10:28 +0200)]
[S390] hibernation: merge files and move to kernel/

Merge the nearly empty C files and move everything from power/ to
kernel/. That way the files are easier to handle.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] hibernation: remove dead file
Heiko Carstens [Fri, 11 Sep 2009 08:28:36 +0000 (10:28 +0200)]
[S390] hibernation: remove dead file

There is no caller of do_after_copyback() anywhere. Remove it.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] atomic ops: small cleanups
Heiko Carstens [Fri, 11 Sep 2009 08:28:35 +0000 (10:28 +0200)]
[S390] atomic ops: small cleanups

Couple of coding style fixes, replace __inline__ with inline and
remove #ifdef __KERNEL_- since the header file isn't exported.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] atomic ops: add effecient atomic64 support for 31 bit
Heiko Carstens [Fri, 11 Sep 2009 08:28:34 +0000 (10:28 +0200)]
[S390] atomic ops: add effecient atomic64 support for 31 bit

Use compare double and swap to implement efficient atomic64 ops for 31 bit.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] improve mcount code
Martin Schwidefsky [Fri, 11 Sep 2009 08:28:33 +0000 (10:28 +0200)]
[S390] improve mcount code

Move the 64 bit mount code from mcount.S into mcount64.S and avoid
code duplication.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] convert/optimize csum_fold() to C
Heiko Carstens [Fri, 11 Sep 2009 08:28:32 +0000 (10:28 +0200)]
[S390] convert/optimize csum_fold() to C

In the meantime gcc generates better code than the old inline
assemblies do. Original inline assembly results in:

lr %r1,%r2
sr %r3,%r3
lr %r2,%r1
srdl %r2,16
alr %r2,%r3
alr %r1,%r2
srl %r1,16
xilf %r1,65535
llghr %r2,%r1
br %r14

Out of the C code gcc generates this:

rll %r1,%r2,16
ar %r1,%r2
srl %r1,16
xilf %r1,65535
llghr %r2,%r1
br %r14

In addition we don't have any static register allocations anymore and
gcc is free to shuffle instructions around for better pipeline usage.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] introduce get_clock_monotonic
Heiko Carstens [Fri, 11 Sep 2009 08:28:31 +0000 (10:28 +0200)]
[S390] introduce get_clock_monotonic

Introduce get_clock_monotonic() function which can be used to get a
(fast) timestamp. Resolution is the same as for get_clock(). The
only difference is that the timestamps are monotonic and don't jump
backward or forward.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] dasd: fix message naming
Stefan Haberland [Fri, 11 Sep 2009 08:28:30 +0000 (10:28 +0200)]
[S390] dasd: fix message naming

This patch fixes message naming so that generic dasd messages do not
contain the device discipline. For this purpose the dev_ makros are
replaced by pr_ makros for generic dasd messages.

Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] dasd: optimize cpu usage in goodcase
Stefan Haberland [Fri, 11 Sep 2009 08:28:29 +0000 (10:28 +0200)]
[S390] dasd: optimize cpu usage in goodcase

remove unnecessary dbf call, remove string operations for magic

Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] dasd: fail requests when device state is less then ready
Stefan Weinhuber [Fri, 11 Sep 2009 08:28:28 +0000 (10:28 +0200)]
[S390] dasd: fail requests when device state is less then ready

A DASD device that is not ready or online has no defined disk layout,
so all requests that arrive in such a state need to be returned as
failed.

Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: remove ccw_device init_name
Sebastian Ott [Fri, 11 Sep 2009 08:28:27 +0000 (10:28 +0200)]
[S390] cio: remove ccw_device init_name

We used the init_name to set the console ccw_device's name early
at the boot stage. This patch moves the name setting (for all ccw
devices) to the point where we actually register the device. At this
time we can do dynamic allocations and therefore use dev_set_name.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: move final put_device to ccw_device_unregister
Sebastian Ott [Fri, 11 Sep 2009 08:28:26 +0000 (10:28 +0200)]
[S390] cio: move final put_device to ccw_device_unregister

We use a test_and_clear_bit to prevent a device from being
unregistered twice. Unfortunately in this cases the "final"
put_device (from device_initialize) was issued more than once,
resulting in an use after free error. Fix this by moving this
put_device to ccw_device_unregister.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: remove subchannel init_name
Sebastian Ott [Fri, 11 Sep 2009 08:28:25 +0000 (10:28 +0200)]
[S390] cio: remove subchannel init_name

We used the init_name to set the console subchannels name early
at the boot stage. With the patch cio: fix memleak in subchannel validation
we moved the name setting to the point where we actually register the
console subchannel. At this time we can do dynamic allocations and therefore
use dev_set_name.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: fix memleak in subchannel validation
Sebastian Ott [Fri, 11 Sep 2009 08:28:24 +0000 (10:28 +0200)]
[S390] cio: fix memleak in subchannel validation

When scanning for new subchannels we have a code path where we allocate
memory for a struct subchannel, set the device name (which is dynamically
allocated now) and do a check if the underlying device is blacklisted - if
so we free the subchannel structure.
Since we have not set up refcounting at this stage, the device name's memory
is lost. Fix this by moving the dev_set_name after the blacklist test.

Note: With this patch the init_name for the console subchannel becomes
virtually obsolete.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: fix use after free in s390 debug feature
Sebastian Ott [Fri, 11 Sep 2009 08:28:23 +0000 (10:28 +0200)]
[S390] cio: fix use after free in s390 debug feature

When using s390dbf with "%s" in sprintf format strings the string itself
is not copied to the dbf buffer.
Since in this case only pointers are stored in the s390dbf, we should
not use dev_name - which is bound to the lifetime of the device.
Reading this entry from s390dbf after the device was released will cause
an use after free error.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] qdio: remove limited number of debugfs entries
Jan Glauber [Fri, 11 Sep 2009 08:28:22 +0000 (10:28 +0200)]
[S390] qdio: remove limited number of debugfs entries

The number of qdio debugfs entries was limited. Remove this limit
and group the queue files in a per device directory.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: failing set online/offline processing.
Michael Ernst [Fri, 11 Sep 2009 08:28:21 +0000 (10:28 +0200)]
[S390] cio: failing set online/offline processing.

When unit checks trigger sensing the device state is set to W4SENSE
until sense completion; then the device state is set back to
ONLINE. If a unit check occurs while set online or set offline
requests are processed then it might happen that the device's
temporary W4SENSE state causes these functions to terminate,
leaving the device in an inconsistent state when the state is set
back to ONLINE later on so that the device cannot be set online or
offline any longer.
To solve this, set online/offline and related rollback or error
routines are processed only if the device is in a final or
DISCONNECTED state.

Signed-off-by: Michael Ernst <mernst@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: ensure to hold a reference for deferred deregistration
Sebastian Ott [Fri, 11 Sep 2009 08:28:20 +0000 (10:28 +0200)]
[S390] cio: ensure to hold a reference for deferred deregistration

Ensure to always hold an extra device reference for scheduling a
subchannel deregistration, by moving the get_device to
ccw_device_schedule_sch_unregister. This fixes an use after free
error in ccw_device_call_sch_unregister where put_device was called
on an already freed device structure.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] qdio: continue polling if the queue is not finished
Jan Glauber [Fri, 11 Sep 2009 08:28:19 +0000 (10:28 +0200)]
[S390] qdio: continue polling if the queue is not finished

With commit c38f96080955854e54df9cb392bc674e1ae330e1 polling was
stopped for the queue even if new data is available.

Return immediately after scheduling the queue tasklet if the queue
is not done.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: increase trace level
Sebastian Ott [Fri, 11 Sep 2009 08:28:18 +0000 (10:28 +0200)]
[S390] cio: increase trace level

Move debug traces for start I/O and interrupt events to exclusive
trace levels. Also change tracing in hot-path from sprintf (costly)
to hex.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: fix not oper handling after failed [on|off]line processing
Sebastian Ott [Fri, 11 Sep 2009 08:28:17 +0000 (10:28 +0200)]
[S390] cio: fix not oper handling after failed [on|off]line processing

If online/offline processing of a ccw device fails, resulting in not
operational state, notify the driver and unregister the device in case
the driver dosn't want to keep it.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: consolidate subchannel intparm reset
Peter Oberparleiter [Fri, 11 Sep 2009 08:28:16 +0000 (10:28 +0200)]
[S390] cio: consolidate subchannel intparm reset

Ensure that the hardware interruption parameter for a subchannel is
reset when the associated subchannel data structure is freed.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: move scsw helper functions to header file
Heiko Carstens [Fri, 11 Sep 2009 08:28:15 +0000 (10:28 +0200)]
[S390] cio: move scsw helper functions to header file

All scsw helper functions are very short and usage of them shouldn't
result in function calls. Therefore we move them to a separate header
file.
Also saves a lot of EXPORT_SYMBOLs.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years ago[S390] cio: fix ineffective verify event
Peter Oberparleiter [Fri, 11 Sep 2009 08:28:14 +0000 (10:28 +0200)]
[S390] cio: fix ineffective verify event

Path verification events occurring for offline devices are currently
ignored. As a result, offline devices are not removed, even though
they might no longer be accessible (for example because the last path
to the device was varied offline). Fix this by scheduling a status
evaluation for the affected subchannel when a path verification event
occurs.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 years agomd: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined!
Geert Uytterhoeven [Thu, 10 Sep 2009 21:13:28 +0000 (23:13 +0200)]
md: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined!

Commit b8313b6da7e2e7c7f47d93d8561969a3ff9ba0ea ("dm log: remove incorrect
field from userspace table output") added a call to strstr() with a
single-character "needle" string parameter.

Unfortunately some versions of gcc replace such calls to strstr() by calls
to strchr() behind our back.  This causes linking errors if strchr() is
defined as an inline function in <asm/string.h> (e.g. on m68k):

| WARNING: "strchr" [drivers/md/dm-log-userspace.ko] undefined!

Avoid this by explicitly calling strchr() instead.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'lookup-permissions-cleanup'
Linus Torvalds [Thu, 10 Sep 2009 03:04:54 +0000 (20:04 -0700)]
Merge branch 'lookup-permissions-cleanup'

* lookup-permissions-cleanup:
  jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()'
  ext[234]: move over to 'check_acl' permission model
  shmfs: use 'check_acl' instead of 'permission'
  Make 'check_acl()' a first-class filesystem op
  Simplify exec_permission_lite(), part 3
  Simplify exec_permission_lite() further
  Simplify exec_permission_lite() logic
  Do not call 'ima_path_check()' for each path component

15 years agobinfmt_elf: fix PT_INTERP bss handling
Roland McGrath [Wed, 9 Sep 2009 02:49:40 +0000 (19:49 -0700)]
binfmt_elf: fix PT_INTERP bss handling

In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if
the PT_LOAD has no PROT_WRITE and no .bss.  This generates EFAULT.

Here is a small test case.  (Yes, there are other, useful PT_INTERP
which have only .text and no .data/.bss.)

----- ptinterp.S
_start: .globl _start
 nop
 int3
-----
$ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S
$ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c
$ ./hello
Segmentation fault  # during execve() itself

After applying the patch:
$ ./hello
Trace trap  # user-mode execution after execve() finishes

If the ELF headers are actually self-inconsistent, then dying is fine.
But having no PROT_WRITE segment is perfectly normal and correct if
there is no segment with p_memsz > p_filesz (i.e. bss).  John Reiser
suggested checking for PROT_WRITE in the bss logic.  I think it makes
most sense to simply apply the bss logic only when there is bss.

This patch looks less trivial than it is due to some reindentation.
It just moves the "if (last_bss > elf_bss) {" test up to include the
partial-page bss logic as well as the more-pages bss logic.

Reported-by: John Reiser <jreiser@bitwagon.com>
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoLinux 2.6.31
Linus Torvalds [Wed, 9 Sep 2009 22:13:59 +0000 (15:13 -0700)]
Linux 2.6.31

15 years agoaoe: allocate unused request_queue for sysfs
Ed Cashin [Wed, 9 Sep 2009 12:10:18 +0000 (14:10 +0200)]
aoe: allocate unused request_queue for sysfs

Andy Whitcroft reported an oops in aoe triggered by use of an
incorrectly initialised request_queue object:

  [ 2645.959090] kobject '<NULL>' (ffff880059ca22c0): tried to add
an uninitialized object, something is seriously wrong.
  [ 2645.959104] Pid: 6, comm: events/0 Not tainted 2.6.31-5-generic #24-Ubuntu
  [ 2645.959107] Call Trace:
  [ 2645.959139] [<ffffffff8126ca2f>] kobject_add+0x5f/0x70
  [ 2645.959151] [<ffffffff8125b4ab>] blk_register_queue+0x8b/0xf0
  [ 2645.959155] [<ffffffff8126043f>] add_disk+0x8f/0x160
  [ 2645.959161] [<ffffffffa01673c4>] aoeblk_gdalloc+0x164/0x1c0 [aoe]

The request queue of an aoe device is not used but can be allocated in
code that does not sleep.

Bruno bisected this regression down to

  cd43e26f071524647e660706b784ebcbefbd2e44

  block: Expose stacked device queues in sysfs

"This seems to generate /sys/block/$device/queue and its contents for
 everyone who is using queues, not just for those queues that have a
 non-NULL queue->request_fn."

Addresses http://bugs.launchpad.net/bugs/410198
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=13942

Note that embedding a queue inside another object has always been
an illegal construct, since the queues are reference counted and
must persist until the last reference is dropped. So aoe was
always buggy in this respect (Jens).

Signed-off-by: Ed Cashin <ecashin@coraid.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Bruno Premont <bonbons@linux-vserver.org>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
15 years agoi915: disable interrupts before tearing down GEM state
Linus Torvalds [Wed, 9 Sep 2009 00:09:24 +0000 (17:09 -0700)]
i915: disable interrupts before tearing down GEM state

Reinette Chatre reports a frozen system (with blinking keyboard LEDs)
when switching from graphics mode to the text console, or when
suspending (which does the same thing). With netconsole, the oops
turned out to be

BUG: unable to handle kernel NULL pointer dereference at 0000000000000084
IP: [<ffffffffa03ecaab>] i915_driver_irq_handler+0x26b/0xd20 [i915]

and it's due to the i915_gem.c code doing drm_irq_uninstall() after
having done i915_gem_idle(). And the i915_gem_idle() path will do

  i915_gem_idle() ->
    i915_gem_cleanup_ringbuffer() ->
      i915_gem_cleanup_hws() ->
        dev_priv->hw_status_page = NULL;

but if an i915 interrupt comes in after this stage, it may want to
access that hw_status_page, and gets the above NULL pointer dereference.

And since the NULL pointer dereference happens from within an interrupt,
and with the screen still in graphics mode, the common end result is
simply a silently hung machine.

Fix it by simply uninstalling the irq handler before idling rather than
after. Fixes

    http://bugzilla.kernel.org/show_bug.cgi?id=13819

Reported-and-tested-by: Reinette Chatre <reinette.chatre@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agojffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()'
Linus Torvalds [Fri, 28 Aug 2009 19:29:03 +0000 (12:29 -0700)]
jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()'

This avoids an indirect call in the VFS for each path component lookup.

Well, at least as long as you own the directory in question, and the ACL
check is unnecessary.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoext[234]: move over to 'check_acl' permission model
Linus Torvalds [Fri, 28 Aug 2009 19:12:24 +0000 (12:12 -0700)]
ext[234]: move over to 'check_acl' permission model

Don't implement per-filesystem 'extX_permission()' functions that have
to be called for every path component operation, and instead just expose
the actual ACL checking so that the VFS layer can now do it for us.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoshmfs: use 'check_acl' instead of 'permission'
Linus Torvalds [Fri, 28 Aug 2009 19:04:28 +0000 (12:04 -0700)]
shmfs: use 'check_acl' instead of 'permission'

shmfs wants purely standard POSIX ACL semantics, so we can use the new
generic VFS layer POSIX ACL checking rather than cooking our own
'permission()' function.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMake 'check_acl()' a first-class filesystem op
Linus Torvalds [Fri, 28 Aug 2009 18:51:25 +0000 (11:51 -0700)]
Make 'check_acl()' a first-class filesystem op

This is stage one in flattening out the callchains for the common
permission testing.  Rather than have most filesystem implement their
own inode->i_op->permission function that just calls back down to the
VFS layers 'generic_permission()' with the per-filesystem ACL checking
function, the filesystem can just expose its 'check_acl' function
directly, and let the VFS layer do everything for it.

This is all just preparatory - no filesystem actually enables this yet.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoSimplify exec_permission_lite(), part 3
Linus Torvalds [Fri, 28 Aug 2009 18:08:31 +0000 (11:08 -0700)]
Simplify exec_permission_lite(), part 3

Don't call down to the generic inode_permission() function just to
call the inode-specific permission function - just do it directly.

The generic inode_permission() code does things like checking MAY_WRITE
and devcgroup_inode_permission(), neither of which are relevant for the
light pathname walk permission checks (we always do just MAY_EXEC, and
the inode is never a special device).

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoSimplify exec_permission_lite() further
Linus Torvalds [Fri, 28 Aug 2009 17:53:56 +0000 (10:53 -0700)]
Simplify exec_permission_lite() further

This function is only called for path components that are already known
to be directories (they have a '->lookup' method).  So don't bother
doing that whole S_ISDIR() testing, the whole point of the 'lite()'
version is that we know that we are looking at a directory component,
and that we're only checking name lookup permission.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoSimplify exec_permission_lite() logic
Linus Torvalds [Fri, 28 Aug 2009 17:50:37 +0000 (10:50 -0700)]
Simplify exec_permission_lite() logic

Instead of returning EAGAIN and having the caller do something
special for that case,  just do the special case directly.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoDo not call 'ima_path_check()' for each path component
Linus Torvalds [Fri, 28 Aug 2009 17:05:33 +0000 (10:05 -0700)]
Do not call 'ima_path_check()' for each path component

Not only is that a supremely timing-critical path, but it's hopefully
some day going to be lockless for the common case, and ima can't do
that.

Plus the integrity code doesn't even care about non-regular files, so it
was always a total waste of time and effort.

Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agodrm/i915: fix mask bits setting
Zhenyu Wang [Tue, 8 Sep 2009 06:52:25 +0000 (14:52 +0800)]
drm/i915: fix mask bits setting

eDP is exclusive connector too, and add missing crtc_mask
setting for TV.

This fixes

http://bugzilla.kernel.org/show_bug.cgi?id=14139

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Reported-and-tested-by: Carlos R. Mafra <crmafra2@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Mon, 7 Sep 2009 18:42:25 +0000 (11:42 -0700)]
Merge branch 'drm-fixes' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: add LTE/GTE discard + rv515 two sided stencil register.

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Mon, 7 Sep 2009 18:41:15 +0000 (11:41 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  IMA: update ima_counts_put

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Mon, 7 Sep 2009 18:40:24 +0000 (11:40 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  gianfar: Fix build.

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6
Linus Torvalds [Mon, 7 Sep 2009 18:40:15 +0000 (11:40 -0700)]
Merge git://git./linux/kernel/git/davem/ide-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6:
  pcmcia: add CNF-CDROM-ID for ide

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt...
Linus Torvalds [Mon, 7 Sep 2009 18:38:30 +0000 (11:38 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/anholt/drm-intel

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel:
  agp/intel: support for new chip variant of IGDNG mobile
  drm/i915: Unref old_obj on get_fence_reg() error path
  drm/i915: increase default latency constant (v2 w/comment)

15 years agodrm/radeon/kms: add LTE/GTE discard + rv515 two sided stencil register.
Dave Airlie [Mon, 7 Sep 2009 05:26:19 +0000 (15:26 +1000)]
drm/radeon/kms: add LTE/GTE discard + rv515 two sided stencil register.

This adds some rv350+ register for LTE/GTE discard,
and enables the rv515 two sided stencil register.
It also disables the DEPTHXY_OFFSET register which
can be used to workaround the CS checker.
Moves rs690 to proper place in rs600 and uses correct
table on rs600.

Signed-off-by: Dave Airlie <airlied@redhat.com>
15 years agoIMA: update ima_counts_put
Mimi Zohar [Fri, 4 Sep 2009 17:08:46 +0000 (13:08 -0400)]
IMA: update ima_counts_put

- As ima_counts_put() may be called after the inode has been freed,
verify that the inode is not NULL, before dereferencing it.

- Maintain the IMA file counters in may_open() properly, decrementing
any counter increments on subsequent errors.

Reported-by: Ciprian Docan <docan@eden.rutgers.edu>
Reported-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Eric Paris <eparis@redhat.com
Signed-off-by: James Morris <jmorris@namei.org>
15 years agogianfar: Fix build.
David S. Miller [Sun, 6 Sep 2009 08:41:02 +0000 (01:41 -0700)]
gianfar: Fix build.

Reported by Michael Guntsche <mike@it-loops.com>

--------------------
Commit
38bddf04bcfe661fbdab94888c3b72c32f6873b3 gianfar: gfar_remove needs to call unregister_netdev()

breaks the build of the gianfar driver because "dev" is undefined in
this function. To quickly test rc9 I changed this to priv->ndev but I do
not know if this is the correct one.
--------------------

Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoLinux 2.6.31-rc9
Linus Torvalds [Sat, 5 Sep 2009 23:38:12 +0000 (16:38 -0700)]
Linux 2.6.31-rc9

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394...
Linus Torvalds [Sat, 5 Sep 2009 21:59:00 +0000 (14:59 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/ieee1394/linux1394-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: sbp2: fix freeing of unallocated memory
  firewire: ohci: fix Ricoh R5C832, video reception
  firewire: ohci: fix Agere FW643 and multiple cameras
  firewire: core: fix crash in iso resource management

15 years agopowerpc: Fix i8259 interrupt driver kernel crash on ML510
Roderick Colenbrander [Thu, 3 Sep 2009 15:57:23 +0000 (09:57 -0600)]
powerpc: Fix i8259 interrupt driver kernel crash on ML510

This patch fixes a null pointer exception caused by removal of
'ack()' for level interrupts in the Xilinx interrupt driver.  A recent
change to the xilinx interrupt controller removed the ack hook for
level irqs.

Signed-off-by: Roderick Colenbrander <thunderbird2k@gmail.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge git://git.infradead.org/~dwmw2/mtd-2.6.31
Linus Torvalds [Sat, 5 Sep 2009 21:57:04 +0000 (14:57 -0700)]
Merge git://git.infradead.org/~dwmw2/mtd-2.6.31

* git://git.infradead.org/~dwmw2/mtd-2.6.31:
  JFFS2: add missing verify buffer allocation/deallocation
  mtd: nftl: fix offset alignments
  mtd: nftl: write support is broken
  mtd: m25p80: fix null pointer dereference bug

15 years agoMerge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
Linus Torvalds [Sat, 5 Sep 2009 21:56:13 +0000 (14:56 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block

* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  block: Allow changing max_sectors_kb above the default 512

15 years agoMerge branch 'fix/oxygen' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
Linus Torvalds [Sat, 5 Sep 2009 21:55:30 +0000 (14:55 -0700)]
Merge branch 'fix/oxygen' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'fix/oxygen' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  sound: oxygen: handle cards with missing EEPROM
  sound: oxygen: fix MCLK rate for 192 kHz playback

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Sat, 5 Sep 2009 21:52:41 +0000 (14:52 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  tc: Fix unitialized kernel memory leak
  pkt_sched: Revert tasklet_hrtimer changes.
  net: sk_free() should be allowed right after sk_alloc()
  gianfar: gfar_remove needs to call unregister_netdev()
  ipw2200: firmware DMA loading rework

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Linus Torvalds [Sat, 5 Sep 2009 21:51:45 +0000 (14:51 -0700)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test

15 years agoMerge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq
Linus Torvalds [Sat, 5 Sep 2009 21:51:24 +0000 (14:51 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/davej/cpufreq

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq:
  [CPUFREQ] Re-enable cpufreq suspend and resume code

15 years agoMerge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
Linus Torvalds [Sat, 5 Sep 2009 21:50:53 +0000 (14:50 -0700)]
Merge branch 'release' of git://git./linux/kernel/git/aegl/linux-2.6

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] fix csum_ipv6_magic()
  [IA64] Fix warning in dma-mapping.c

15 years agoMerge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
Linus Torvalds [Sat, 5 Sep 2009 21:25:14 +0000 (14:25 -0700)]
Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs

* 'for-linus' of git://oss.sgi.com/xfs/xfs:
  xfs: actually enable the swapext compat handler

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke...
Linus Torvalds [Sat, 5 Sep 2009 21:24:33 +0000 (14:24 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/ryusuke/nilfs2

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
  nilfs2: fix preempt count underflow in nilfs_btnode_prepare_change_key

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
Linus Torvalds [Sat, 5 Sep 2009 21:22:00 +0000 (14:22 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tj/percpu

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
  percpu: don't assume existence of cpu0

15 years agoMerge branch 'slab/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg...
Linus Torvalds [Sat, 5 Sep 2009 20:57:53 +0000 (13:57 -0700)]
Merge branch 'slab/urgent' of git://git./linux/kernel/git/penberg/slab-2.6

* 'slab/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
  slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm
Linus Torvalds [Sat, 5 Sep 2009 20:51:07 +0000 (13:51 -0700)]
Merge git://git./linux/kernel/git/agk/linux-2.6-dm

* git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm:
  dm snapshot: fix on disk chunk size validation
  dm exception store: split set_chunk_size
  dm snapshot: fix header corruption race on invalidation
  dm snapshot: refactor zero_disk_area to use chunk_io
  dm log: userspace add luid to distinguish between concurrent log instances
  dm raid1: do not allow log_failure variable to unset after being set
  dm log: remove incorrect field from userspace table output
  dm log: fix userspace status output
  dm stripe: expose correct io hints
  dm table: add more context to terse warning messages
  dm table: fix queue_limit checking device iterator
  dm snapshot: implement iterate devices
  dm multipath: fix oops when request based io fails when no paths

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes...
Linus Torvalds [Sat, 5 Sep 2009 20:50:46 +0000 (13:50 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jbarnes/pci-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
  PCI SR-IOV: correct broken resource alignment calculations

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
Linus Torvalds [Sat, 5 Sep 2009 20:49:06 +0000 (13:49 -0700)]
Merge git://git./linux/kernel/git/davem/sparc-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sparc64: Fix bootup with mcount in some configs.
  sparc64: Kill spurious NMI watchdog triggers by increasing limit to 30 seconds.

15 years agoMerge branch 'perfcounters-fixes-for-linus' of git://git.kernel.org/pub/scm/linux...
Linus Torvalds [Sat, 5 Sep 2009 20:48:37 +0000 (13:48 -0700)]
Merge branch 'perfcounters-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'perfcounters-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf_counter/powerpc: Fix cache event codes for POWER7
  perf_counter: Fix /0 bug in swcounters
  perf_counters: Increase paranoia level

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Sat, 5 Sep 2009 20:41:29 +0000 (13:41 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: atkbd - add Compaq Presario R4000-series repeat quirk
  Input: i8042 - add Acer Aspire 5536 to the nomux list

15 years agoext2: fix unbalanced kmap()/kunmap()
Nicolas Pitre [Sat, 5 Sep 2009 04:25:37 +0000 (00:25 -0400)]
ext2: fix unbalanced kmap()/kunmap()

In ext2_rename(), dir_page is acquired through ext2_dotdot().  It is
then released through ext2_set_link() but only if old_dir != new_dir.
Failing that, the pkmap reference count is never decremented and the
page remains pinned forever.  Repeat that a couple times with highmem
pages and all pkmap slots get exhausted, and every further kmap() calls
end up stalling on the pkmap_map_wait queue at which point the whole
system comes to a halt.

Signed-off-by: Nicolas Pitre <nico@marvell.com>
Acked-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec...
Linus Torvalds [Sat, 5 Sep 2009 20:38:37 +0000 (13:38 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/jlbec/ocfs2

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2:
  ocfs2: ocfs2_write_begin_nolock() should handle len=0
  ocfs2: invalidate dentry if its dentry_lock isn't initialized.

15 years agopty: don't limit the writes to 'pty_space()' inside 'pty_write()'
Linus Torvalds [Sat, 5 Sep 2009 20:27:10 +0000 (13:27 -0700)]
pty: don't limit the writes to 'pty_space()' inside 'pty_write()'

The whole write-room thing is something that is up to the _caller_ to
worry about, not the pty layer itself.  The total buffer space will
still be limited by the buffering routines themselves, so there is no
advantage or need in having pty_write() artificially limit the size
somehow.

And what happened was that the caller (the n_tty line discipline, in
this case) may have verified that there is room for 2 bytes to be
written (for NL -> CRNL expansion), and it used to then do those writes
as two single-byte writes.  And if the first byte written (CR) then
caused a new tty buffer to be allocated, pty_space() may have returned
zero when trying to write the second byte (LF), and then incorrectly
failed the write - leading to a lost newline character.

This should finally fix

http://bugzilla.kernel.org/show_bug.cgi?id=14015

Reported-by: Mikael Pettersson <mikpe@it.uu.se>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agon_tty: do O_ONLCR translation as a single write
Linus Torvalds [Sat, 5 Sep 2009 19:46:07 +0000 (12:46 -0700)]
n_tty: do O_ONLCR translation as a single write

When translating CR to CRNL in the n_tty line discipline, we did it as
two tty_put_char() calls.  Which works, but is stupid, and has caused
problems before too with bad interactions with the write_room() logic.
The generic USB serial driver had that problem, for example.

Now the pty layer had similar issues after being moved to the generic
tty buffering code (in commit d945cb9cce20ac7143c2de8d88b187f62db99bdc:
"pty: Rework the pty layer to use the normal buffering logic").

So stop doing the silly separate two writes, and do it as a single write
instead.  That's what the n_tty layer already does for the space
expansion of tabs (XTABS), and it means that we'll now always have just
a single write for the CRNL to match the single 'tty_write_room()' test,
which hopefully means that the next time somebody screws up buffering,
it won't cause weeks of debugging.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoexec: do not sleep in TASK_TRACED under ->cred_guard_mutex
Oleg Nesterov [Sat, 5 Sep 2009 18:17:13 +0000 (11:17 -0700)]
exec: do not sleep in TASK_TRACED under ->cred_guard_mutex

Tom Horsley reports that his debugger hangs when it tries to read
/proc/pid_of_tracee/maps, this happens since

"mm_for_maps: take ->cred_guard_mutex to fix the race with exec"
04b836cbf19e885f8366bccb2e4b0474346c02d

commit in 2.6.31.

But the root of the problem lies in the fact that do_execve() path calls
tracehook_report_exec() which can stop if the tracer sets PT_TRACE_EXEC.

The tracee must not sleep in TASK_TRACED holding this mutex.  Even if we
remove ->cred_guard_mutex from mm_for_maps() and proc_pid_attr_write(),
another task doing PTRACE_ATTACH should not hang until it is killed or the
tracee resumes.

With this patch do_execve() does not use ->cred_guard_mutex directly and
we do not hold it throughout, instead:

- introduce prepare_bprm_creds() helper, it locks the mutex
  and calls prepare_exec_creds() to initialize bprm->cred.

- install_exec_creds() drops the mutex after commit_creds(),
  and thus before tracehook_report_exec()->ptrace_stop().

  or, if exec fails,

  free_bprm() drops this mutex when bprm->cred != NULL which
  indicates install_exec_creds() was not called.

Reported-by: Tom Horsley <tom.horsley@att.net>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agopage-allocator: always change pageblock ownership when anti-fragmentation is disabled
Mel Gorman [Sat, 5 Sep 2009 18:17:11 +0000 (11:17 -0700)]
page-allocator: always change pageblock ownership when anti-fragmentation is disabled

On low-memory systems, anti-fragmentation gets disabled as fragmentation
cannot be avoided on a sufficiently large boundary to be worthwhile.  Once
disabled, there is a period of time when all the pageblocks are marked
MOVABLE and the expectation is that they get marked UNMOVABLE at each call
to __rmqueue_fallback().

However, when MAX_ORDER is large the pageblocks do not change ownership
because the normal criteria are not met.  This has the effect of
prematurely breaking up too many large contiguous blocks.  This is most
serious on NOMMU systems which depend on high-order allocations to boot.
This patch causes pageblocks to change ownership on every fallback when
anti-fragmentation is disabled.  This prevents the large blocks being
prematurely broken up.

This is a fix to commit 49255c619fbd482d704289b5eb2795f8e3b7ff2e [page
allocator: move check for disabled anti-fragmentation out of fastpath] and
the problem affects 2.6.31-rc8.

Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Tested-by: Paul Mundt <lethal@linux-sh.org>
Cc: David Howells <dhowells@redhat.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Greg Ungerer <gerg@snapgear.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agonommu: fix error handling in do_mmap_pgoff()
David Howells [Sat, 5 Sep 2009 18:17:07 +0000 (11:17 -0700)]
nommu: fix error handling in do_mmap_pgoff()

Fix the error handling in do_mmap_pgoff().  If do_mmap_shared_file() or
do_mmap_private() fail, we jump to the error_put_region label at which
point we cann __put_nommu_region() on the region - but we haven't yet
added the region to the tree, and so __put_nommu_region() may BUG
because the region tree is empty or it may corrupt the region tree.

To get around this, we can afford to add the region to the region tree
before calling do_mmap_shared_file() or do_mmap_private() as we keep
nommu_region_sem write-locked, so no-one can race with us by seeing a
transient region.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Paul Mundt <lethal@linux-sh.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Greg Ungerer <gerg@snapgear.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoworkqueues: introduce __cancel_delayed_work()
Oleg Nesterov [Sat, 5 Sep 2009 18:17:06 +0000 (11:17 -0700)]
workqueues: introduce __cancel_delayed_work()

cancel_delayed_work() has to use del_timer_sync() to guarantee the timer
function is not running after return.  But most users doesn't actually
need this, and del_timer_sync() has problems: it is not useable from
interrupt, and it depends on every lock which could be taken from irq.

Introduce __cancel_delayed_work() which calls del_timer() instead.

The immediate reason for this patch is
http://bugzilla.kernel.org/show_bug.cgi?id=13757
but hopefully this helper makes sense anyway.

As for 13757 bug, actually we need requeue_delayed_work(), but its
semantics are not yet clear.

Merge this patch early to resolves cross-tree interdependencies between
input and infiniband.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Roland Dreier <rdreier@cisco.com>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agofirewire: sbp2: fix freeing of unallocated memory
Stefan Richter [Thu, 3 Sep 2009 21:07:35 +0000 (23:07 +0200)]
firewire: sbp2: fix freeing of unallocated memory

If a target writes invalid status (typically status of a command that
already timed out), firewire-sbp2 attempts to put away an ORB that
doesn't exist.  https://bugzilla.redhat.com/show_bug.cgi?id=519772

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: ohci: fix Ricoh R5C832, video reception
Stefan Richter [Fri, 28 Aug 2009 11:26:03 +0000 (13:26 +0200)]
firewire: ohci: fix Ricoh R5C832, video reception

In dual-buffer DMA mode, no video frames are ever received from R5C832
by libdc1394.  Fallback to packet-per-buffer DMA works reliably.
http://thread.gmane.org/gmane.linux.kernel.firewire.devel/13393/focus=13476

Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: ohci: fix Agere FW643 and multiple cameras
Stefan Richter [Fri, 28 Aug 2009 11:25:15 +0000 (13:25 +0200)]
firewire: ohci: fix Agere FW643 and multiple cameras

An Agere FW643 OHCI 1.1 card works fine for video reception from one
camera but fails early if receiving from two cameras.  After a short
while, no IR IRQ events occur and the context control register does not
react anymore.  This happens regardless whether both IR DMA contexts are
dual-buffer or one is dual-buffer and the other packet-per-buffer.

This can be worked around by disabling dual buffer DMA mode entirely.
http://sourceforge.net/mailarchive/message.php?msg_name=4A7C0594.2020208%40gmail.com
(Reported by Samuel Audet.)

In another report (by Jonathan Cameron), an FW643 works OK with two
cameras in dual buffer mode.  Whether this is due to different chip
revisions or different usage patterns (different video formats) is not
yet clear.  However, as far as the current capabilities of
firewire-core's isochronous I/O interface are concerned, simply
switching off dual-buffer on non-working and working FW643s alike is not
a problem in practice.  We only need to revisit this issue if we are
going to enhance the interface, e.g. so that applications can explicitly
choose modes.

Reported-by: Samuel Audet <samuel.audet@gmail.com>
Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: fix crash in iso resource management
Stefan Richter [Sat, 5 Sep 2009 11:23:49 +0000 (13:23 +0200)]
firewire: core: fix crash in iso resource management

This fixes a regression due to post 2.6.30 commit "firewire: core: do
not DMA-map stack addresses" 6fdc03709433ccc2005f0f593ae9d9dd04f7b485.

As David Moore noted, a previously correct sizeof() expression became
wrong since the commit changed its argument from an array to a pointer.
This resulted in an oops in ohci_cancel_packet in the shared workqueue
thread's context when an isochronous resource was to be freed.

Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoocfs2: ocfs2_write_begin_nolock() should handle len=0
Sunil Mushran [Fri, 4 Sep 2009 18:12:01 +0000 (11:12 -0700)]
ocfs2: ocfs2_write_begin_nolock() should handle len=0

Bug introduced by mainline commit e7432675f8ca868a4af365759a8d4c3779a3d922
The bug causes ocfs2_write_begin_nolock() to oops when len=0.

Signed-off-by: Sunil Mushran <sunil.mushran@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Joel Becker <joel.becker@oracle.com>
15 years agodm snapshot: fix on disk chunk size validation
Mikulas Patocka [Fri, 4 Sep 2009 19:40:43 +0000 (20:40 +0100)]
dm snapshot: fix on disk chunk size validation

Fix some problems seen in the chunk size processing when activating a
pre-existing snapshot.

For a new snapshot, the chunk size can either be supplied by the creator
or a default value can be used.  For an existing snapshot, the
chunk size in the snapshot header on disk should always be used.

If someone attempts to load an existing snapshot and has the 'default
chunk size' option set, the kernel uses its default value even when it
is incorrect for the snapshot being loaded.  This patch ensures the
correct on-disk value is always used.

Secondly, when the code does use the chunk size stored on the disk it is
prudent to revalidate it, so the code can exit cleanly if it got
corrupted as happened in
https://bugzilla.redhat.com/show_bug.cgi?id=461506 .

Cc: stable@kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm exception store: split set_chunk_size
Mikulas Patocka [Fri, 4 Sep 2009 19:40:41 +0000 (20:40 +0100)]
dm exception store: split set_chunk_size

Break the function set_chunk_size to two functions in preparation for
the fix in the following patch.

Cc: stable@kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm snapshot: fix header corruption race on invalidation
Mikulas Patocka [Fri, 4 Sep 2009 19:40:39 +0000 (20:40 +0100)]
dm snapshot: fix header corruption race on invalidation

If a persistent snapshot fills up, a race can corrupt the on-disk header
which causes a crash on any future attempt to activate the snapshot
(typically while booting).  This patch fixes the race.

When the snapshot overflows, __invalidate_snapshot is called, which calls
snapshot store method drop_snapshot. It goes to persistent_drop_snapshot that
calls write_header. write_header constructs the new header in the "area"
location.

Concurrently, an existing kcopyd job may finish, call copy_callback
and commit_exception method, that goes to persistent_commit_exception.
persistent_commit_exception doesn't do locking, relying on the fact that
callbacks are single-threaded, but it can race with snapshot invalidation and
overwrite the header that is just being written while the snapshot is being
invalidated.

The result of this race is a corrupted header being written that can
lead to a crash on further reactivation (if chunk_size is zero in the
corrupted header).

The fix is to use separate memory areas for each.

See the bug: https://bugzilla.redhat.com/show_bug.cgi?id=461506

Cc: stable@kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm snapshot: refactor zero_disk_area to use chunk_io
Mikulas Patocka [Fri, 4 Sep 2009 19:40:37 +0000 (20:40 +0100)]
dm snapshot: refactor zero_disk_area to use chunk_io

Refactor chunk_io to prepare for the fix in the following patch.

Pass an area pointer to chunk_io and simplify zero_disk_area to use
chunk_io.  No functional change.

Cc: stable@kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm log: userspace add luid to distinguish between concurrent log instances
Jonathan Brassow [Fri, 4 Sep 2009 19:40:34 +0000 (20:40 +0100)]
dm log: userspace add luid to distinguish between concurrent log instances

Device-mapper userspace logs (like the clustered log) are
identified by a universally unique identifier (UUID).  This
identifier is used to associate requests from the kernel to
a specific log in userspace.  The UUID must be unique everywhere,
since multiple machines may use this identifier when communicating
about a particular log, as is the case for cluster logs.

Sometimes, device-mapper/LVM may re-use a UUID.  This is the
case during pvmoves, when moving from one segment of an LV
to another, or when resizing a mirror, etc.  In these cases,
a new log is created with the same UUID and loaded in the
"inactive" slot.  When a device-mapper "resume" is issued,
the "live" table is deactivated and the new "inactive" table
becomes "live".  (The "inactive" table can also be removed
via a device-mapper 'clear' command.)

The above two issues were colliding.  More than one log was being
created with the same UUID, and there was no way to distinguish
between them.  So, sometimes the wrong log would be swapped
out during the exchange.

The solution is to create a locally unique identifier,
'luid', to go along with the UUID.  This new identifier is used
to determine exactly which log is being referenced by the kernel
when the log exchange is made.  The identifier is not
universally safe, but it does not need to be, since
create/destroy/suspend/resume operations are bound to a specific
machine; and these are the operations that make up the exchange.

Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm raid1: do not allow log_failure variable to unset after being set
Jonathan Brassow [Fri, 4 Sep 2009 19:40:32 +0000 (20:40 +0100)]
dm raid1: do not allow log_failure variable to unset after being set

This patch fixes a bug which was triggering a case where the primary leg
could not be changed on failure even when the mirror was in-sync.

The case involves the failure of the primary device along with
the transient failure of the log device.  The problem is that
bios can be put on the 'failures' list (due to log failure)
before 'fail_mirror' is called due to the primary device failure.
Normally, this is fine, but if the log device failure is transient,
a subsequent iteration of the work thread, 'do_mirror', will
reset 'log_failure'.  The 'do_failures' function then resets
the 'in_sync' variable when processing bios on the failures list.
The 'in_sync' variable is what is used to determine if the
primary device can be switched in the event of a failure.  Since
this has been reset, the primary device is incorrectly assumed
to be not switchable.

The case has been seen in the cluster mirror context, where one
machine realizes the log device is dead before the other machines.
As the responsibilities of the server migrate from one node to
another (because the mirror is being reconfigured due to the failure),
the new server may think for a moment that the log device is fine -
thus resetting the 'log_failure' variable.

In any case, it is inappropiate for us to reset the 'log_failure'
variable.  The above bug simply illustrates that it can actually
hurt us.

Cc: stable@kernel.org
Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm log: remove incorrect field from userspace table output
Jonathan Brassow [Fri, 4 Sep 2009 19:40:30 +0000 (20:40 +0100)]
dm log: remove incorrect field from userspace table output

The output of 'dmsetup table' includes an internal field that should not
be there.  This patch removes it.  To make the fix simpler, we first
reorder a constructor argument

The 'device size' argument is generated internally.  Currently it is
placed as the last space-separated word of the constructor string.
However, we need to use a version of the string without this word, so we
move it to the beginning instead so it is trivial to skip past it.

We keep a copy of the arguments passed to userspace for creating a log,
just in case we need to resend them.  These are the same arguments that
are desired in the STATUSTYPE_TABLE request, except for one.  When
creating the userspace log, the userspace daemon must know the size of
the mirror, so that is added to the arguments given in the constructor
table.  We were printing this extra argument out as well, which is a
mistake.

Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm log: fix userspace status output
Jonathan Brassow [Fri, 4 Sep 2009 19:40:28 +0000 (20:40 +0100)]
dm log: fix userspace status output

Fix 'dmsetup table' output.

There is a missing ' ' at the end of the string causing two
words to run together.

Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
15 years agodm stripe: expose correct io hints
Mike Snitzer [Fri, 4 Sep 2009 19:40:25 +0000 (20:40 +0100)]
dm stripe: expose correct io hints

Set sensible I/O hints for striped DM devices in the topology
infrastructure added for 2.6.31 for userspace tools to
obtain via sysfs.

Add .io_hints to 'struct target_type' to allow the I/O hints portion
(io_min and io_opt) of the 'struct queue_limits' to be set by each
target and implement this for dm-stripe.

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>