GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
18 years agoSELinux: remove current object class and permission validation mechanism
Chad Sellers [Mon, 6 Nov 2006 17:38:15 +0000 (12:38 -0500)]
SELinux: remove current object class and permission validation mechanism

Removes the current SELinux object class and permission validation code,
as the current code makes it impossible to change or remove object classes
and permissions on a running system. Additionally, the current code does
not actually validate that the classes and permissions are correct, but
instead merely validates that they do not change between policy reloads.

Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
18 years agoFix 'ALIGN()' macro, take 2
Linus Torvalds [Mon, 27 Nov 2006 03:05:22 +0000 (19:05 -0800)]
Fix 'ALIGN()' macro, take 2

You wouldn't think that doing an ALIGN() macro that aligns something up
to a power-of-two boundary would be likely to have bugs, would you?

But hey, in the wonderful world of mixing integer types, you have to be
careful.  This just makes sure that the alignment is interpreted in the
same type as the thing to be aligned.

Thanks to Roland Dreier, who noticed that the amso1100 driver got broken
by the previous fix (that just extended the mask to "unsigned long", but
was still broken in "unsigned long long" - it just happened to be the
same on 64-bit architectures).

See commit 4c8bd7eeee4c8f157fb61fb64b57500990b42e0e for the history of
bugs here...

Acked-by: Roland Dreier <rdreier@cisco.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: David Miller <davem@davemloft.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Fix incorrent type of flags in <asm/semaphore.h>
Kyle McMartin [Sun, 26 Nov 2006 23:56:56 +0000 (18:56 -0500)]
[PATCH] Fix incorrent type of flags in <asm/semaphore.h>

I still think using BUILD_BUG_ON() is unacceptable, especially given how
vague the error message was.

Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
[ And I already removed gthe BUILD_BUG_ON() in the previous commit ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoRevert "[PATCH] Enforce "unsigned long flags;" when spinlocking"
Linus Torvalds [Mon, 27 Nov 2006 00:27:17 +0000 (16:27 -0800)]
Revert "[PATCH] Enforce "unsigned long flags;" when spinlocking"

This reverts commit ee3ce191e8eaa4cc15c51a28b34143b36404c4f5, since it
broke on at least ARM, MIPS and PA-RISC due to complicated header file
dependencies.

Conflicts in include/linux/spinlock.h (due to the "nested" variety
fixes) fixed up by hand.

Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Kyle McMartin <kyle@parisc-linux.org>
Cc: Russell King <rmk+lkml@arm.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Sun, 26 Nov 2006 17:42:40 +0000 (09:42 -0800)]
Merge /pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
  [NET]: Re-fix of doc-comment in sock.h
  [6PACK]: Masking bug in 6pack driver.
  [NET]: Fix kfifo_alloc() error check.
  [UDP]: Make udp_encap_rcv use pskb_may_pull
  [NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT

18 years agoV4L/DVB (4874): Fix oops on symbol rate==0
Andrew de Quincey [Wed, 22 Nov 2006 21:01:21 +0000 (18:01 -0300)]
V4L/DVB (4874): Fix oops on symbol rate==0

The tda10086 causes an oops (divide by zero) if a zero symbol rate is used;
this prevents this.

Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4885): Improve saa711x check
Hans Verkuil [Sat, 25 Nov 2006 12:40:28 +0000 (09:40 -0300)]
V4L/DVB (4885): Improve saa711x check

The old code would accept any device on the same i2c address as the
saa711x chips as an saa711x. However, this fails with saa717x chips,
which use that same address and so are misdetected as a saa7111. Now
check whether the chip is really a saa711x model.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4865): Fix: Slot 0 not NULL on disconnecting SN9C10x PC Camera
Luca Risolia [Tue, 21 Nov 2006 11:13:59 +0000 (08:13 -0300)]
V4L/DVB (4865): Fix: Slot 0 not NULL on disconnecting SN9C10x PC Camera

The patch fix bug 5748.

Signed-off-by: Luca Risolia <luca.risolia@studio.unibo.it>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4849): Add missing spin_unlock to saa6588 decoder driver
Ira Snyder [Mon, 20 Nov 2006 10:20:48 +0000 (07:20 -0300)]
V4L/DVB (4849): Add missing spin_unlock to saa6588 decoder driver

Sparse noticed a lock imbalance in read_from_buf(). Further inspection shows
that the lock should not be held when the function exits.
This adds a spin_unlock_irqrestore(), so that every exit path of the
read_from_buf() function is consistent. The unlock was missing on an error
path.

Signed-off-by: Ira W. Snyder <devel@irasnyder.com>
Signed-off-by: Hans J. Koch <koch@hjk-az.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4832): Fix uninitialised variable in dvb_frontend_swzigzag
Andrew de Quincey [Fri, 17 Nov 2006 01:12:40 +0000 (22:12 -0300)]
V4L/DVB (4832): Fix uninitialised variable in dvb_frontend_swzigzag

Spotted by coverity/Adrian Bunk.

Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4840): Budget: diseqc_method module parameter for cards with subsystem-id...
Oliver Endriss [Sun, 19 Nov 2006 05:15:37 +0000 (02:15 -0300)]
V4L/DVB (4840): Budget: diseqc_method module parameter for cards with subsystem-id 13c2:1003

New module parameter diseqc_method for cards with subsystem-id 13c2:1003.
- 0: unreliable method, can be used by all board revisions (default)
- 1: reliable method, works for newer board layouts only
The parameter has no effect for cards with other subsystem-ids.

Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB (4831): Fix tuning on older budget DVBS cards.
Andrew de Quincey [Thu, 16 Nov 2006 21:31:04 +0000 (18:31 -0300)]
V4L/DVB (4831): Fix tuning on older budget DVBS cards.

Fixes to DISEQC on these cards inadvertently broke normal tone/voltage
signalling. This restores the necessary function.

Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years ago[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
Masahide NAKAMURA [Sat, 25 Nov 2006 04:34:51 +0000 (20:34 -0800)]
[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.

When application uses XFRM_MSG_GETSA to get state entry through
netlink socket and kernel has no matching one, the application expects
reply message with error status by kernel.

Kernel doesn't send the message back in the case of Mobile IPv6 route
optimization protocols (i.e. routing header or destination options
header). This is caused by incorrect return code "0" from
net/xfrm/xfrm_user.c(xfrm_user_state_lookup) and it makes kernel skip
to acknowledge at net/netlink/af_netlink.c(netlink_rcv_skb).

This patch fix to reply ESRCH to application.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: TAKAMIYA Noriaki <takamiya@po.ntts.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Re-fix of doc-comment in sock.h
Paul Bonser [Fri, 24 Nov 2006 01:56:13 +0000 (17:56 -0800)]
[NET]: Re-fix of doc-comment in sock.h

Restoring old, correct comment for sk_filter_release, moving it to
where it should actually be, and changing new comment into proper
comment for sk_filter_rcu_free, where it actually makes sense.

The original fix submitted for this on Oct 23 mistakenly documented
the wrong function.

Signed-off-by: Paul Bonser <misterpib@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[6PACK]: Masking bug in 6pack driver.
Jean Delvare [Thu, 23 Nov 2006 19:48:28 +0000 (11:48 -0800)]
[6PACK]: Masking bug in 6pack driver.

Looks like a broken masking to me, binary not is used where bitwise
not was intended.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Fix kfifo_alloc() error check.
Akinobu Mita [Thu, 23 Nov 2006 04:26:11 +0000 (20:26 -0800)]
[NET]: Fix kfifo_alloc() error check.

The return value of kfifo_alloc() should be checked by IS_ERR().

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[UDP]: Make udp_encap_rcv use pskb_may_pull
Olaf Kirch [Thu, 23 Nov 2006 04:11:42 +0000 (20:11 -0800)]
[UDP]: Make udp_encap_rcv use pskb_may_pull

Make udp_encap_rcv use pskb_may_pull

IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset,
when header split is enabled. When receiving sufficiently large packets, the
driver puts everything up to and including the UDP header into the header
portion of the skb, and the rest goes into the paged part. udp_encap_rcv
forgets to use pskb_may_pull, and fails to decapsulate it. Instead, it
passes it up it to the IKE daemon.

Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT
Faidon Liambotis [Wed, 22 Nov 2006 05:46:02 +0000 (21:46 -0800)]
[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT

H.323 connection tracking code calls ip_ct_refresh_acct() when
processing RCFs and URQs but passes NULL as the skb.
When CONFIG_IP_NF_CT_ACCT is enabled, the connection tracking core tries
to derefence the skb, which results in an obvious panic.
A similar fix was applied on the SIP connection tracking code some time
ago.

Signed-off-by: Faidon Liambotis <paravoid@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PATCH] uml: make execvp safe for our usage
Paolo 'Blaisorblade' Giarrusso [Sat, 25 Nov 2006 19:09:39 +0000 (11:09 -0800)]
[PATCH] uml: make execvp safe for our usage

Reimplement execvp for our purposes - after we call fork() it is fundamentally
unsafe to use the kernel allocator - current is not valid there.  So we simply
pass to our modified execvp() a preallocated buffer.  This fixes a real bug
and works very well in testing (I've seen indirectly warning messages from the
forked thread - they went on the pipe connected to its stdout and where read
as a number by UML, when calling read_output().  I verified the obtained
number corresponded to "BUG:").

The added use of __cant_sleep() is not a new bug since __cant_sleep() is
already used in the same function - passing an atomicity parameter would be
better but it would require huge change, stating that this function must not
be called in atomic context and can sleep is a better idea (will make sure of
this gradually).

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] usb: ati remote memleak fix
Mariusz Kozlowski [Sat, 25 Nov 2006 19:09:38 +0000 (11:09 -0800)]
[PATCH] usb: ati remote memleak fix

This is a bug.  When checking for ati_remote->outbuf we free freeing
ati_remote->inbuf so we end up freeing ati_remote->inbuf twice.

Also the checks for 'ati_remote->inbuf != NULL' and 'ati_remote->outbuf !=
NULL' are redundant as usb_buffer_free() does this.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] lockdep: spin_lock_irqsave_nested()
Arjan van de Ven [Sat, 25 Nov 2006 19:09:37 +0000 (11:09 -0800)]
[PATCH] lockdep: spin_lock_irqsave_nested()

Introduce spin_lock_irqsave_nested(); implementation from:
 http://lkml.org/lkml/2006/6/1/122
Patch from:
 http://lkml.org/lkml/2006/9/13/258

[akpm@osdl.org: two compile fixes]
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Jiri Kosina <jikos@jikos.cz>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Enforce "unsigned long flags;" when spinlocking
Alexey Dobriyan [Sat, 25 Nov 2006 19:09:36 +0000 (11:09 -0800)]
[PATCH] Enforce "unsigned long flags;" when spinlocking

Make it break or warn if you pass to spin_lock_irqsave() and friends
something different from "unsigned long flags;".  Suprisingly large amount
of these was caught by recent commit
c53421b18f205c5f97c604ae55c6a921f034b0f6 and others.

Idea is largely from FRV typechecking. Suggestions from Andrew Morton.
All stupid typos in first version fixed.

Passes allmodconfig on i386, x86_64, alpha, arm as well as my usual config.

Note #1: checking with sparse is still needed, because a driver can save
 and pass around flags or something. So far patch is very intrusive.
Note #2: techically, we should break only if
sizeof(flags) < sizeof(unsigned long),
 however, the more pain for getting suspicious code into kernel,
 the better.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] tlclk: fix platform_device_register_simple() error check
Akinobu Mita [Sat, 25 Nov 2006 19:09:35 +0000 (11:09 -0800)]
[PATCH] tlclk: fix platform_device_register_simple() error check

The return value of platform_device_register_simple() should be checked by
IS_ERR().

This patch also fix misc_register() error case.  Because misc_register()
returns error code.

Cc: Sebastien Bouchard <sebastien.bouchard@ca.kontron.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] fix copy_process() error check
Akinobu Mita [Sat, 25 Nov 2006 19:09:34 +0000 (11:09 -0800)]
[PATCH] fix copy_process() error check

The return value of copy_process() should be checked by IS_ERR().

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] sgiioc4: Disable module unload
Jeremy Higdon [Sat, 25 Nov 2006 19:09:33 +0000 (11:09 -0800)]
[PATCH] sgiioc4: Disable module unload

This patch removes a module_exit function that sgiioc4 should not have had.

It seems that the IDE layer doesn't support submodule unloading.  sgiioc4 was
the only driver in drivers/ide/pci that had an exit function.  After an
unload, the devices would stay around and the next attempt to reference would
crash...

Signed-off-by: Jeremy Higdon <jeremy@sgi.com>
Acked-by: "Bartlomiej Zolnierkiewicz" <bzolnier@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] fix menuconfig colours with TERM=vt100
Roman Zippel [Sat, 25 Nov 2006 19:09:32 +0000 (11:09 -0800)]
[PATCH] fix menuconfig colours with TERM=vt100

On Mon, 13 Nov 2006, Phil Oester wrote:
> In commit 350b5b76384e77bcc58217f00455fdbec5cac594, the default menuconfig
> color scheme was changed to bluetitle.  This breaks the highlighting
> of the selected item for me with TERM=vt100.  The only way I can see
> which item is selected is via:
>
>     make MENUCONFIG_COLOR=mono menuconfig
>
> Which restores the pre-2.6.19 white on black highlighting.

Fix.

Cc: Phil Oester <kernel@linuxace.com>
Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] qconf: fix uninitialsied member
Roman Zippel [Sat, 25 Nov 2006 19:09:31 +0000 (11:09 -0800)]
[PATCH] qconf: fix uninitialsied member

Fixes a segfault reported by Randy.

Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Fix device_attribute memory leak in device_del
Catalin Marinas [Sat, 25 Nov 2006 19:09:30 +0000 (11:09 -0800)]
[PATCH] Fix device_attribute memory leak in device_del

dev->devt_attr is allocated in device_add() but it is never freed in
device_del() in the drivers/base/core.c file (reported by kmemleak).

Signed-off-by: Catalin Marinas <catalin.marinas@gmail.com>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] reiserfs: fmt bugfix
Alexey Dobriyan [Sat, 25 Nov 2006 19:09:30 +0000 (11:09 -0800)]
[PATCH] reiserfs: fmt bugfix

One reiserfs_warning() call uses %lu, but doesn't supply what to print.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] drivers/rtc/rtc-rs5c372.c: fix a NULL dereference
Adrian Bunk [Sat, 25 Nov 2006 19:09:29 +0000 (11:09 -0800)]
[PATCH] drivers/rtc/rtc-rs5c372.c: fix a NULL dereference

The correct order is: NULL check before dereference

This was a guaranteed NULL dereference with debugging enabled since
rs5c372_sysfs_show_osc() does actually pass NULL...

Spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] rtc class locking bugfixes
David Brownell [Sat, 25 Nov 2006 19:09:28 +0000 (11:09 -0800)]
[PATCH] rtc class locking bugfixes

I got a lockdep warning when running "rtctest" so I though it'd be good
to see what was up.

 - The warning was for rtc->irq_task_lock, gotten from rtc_update_irq()
   by irq handlerss ... but in a handful of other cases, grabbed without
   blocking IRQs.

 - Some callers to rtc_update_irq() were not ensuring IRQs were blocked,
   yet the routine expects that; make sure all callers block IRQs.

It would appear that RTC API tests haven't been part of anyone's kernel
regression test suite recently, at least not with lockdep running.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] rtc framework handles periodic irqs
David Brownell [Sat, 25 Nov 2006 19:09:27 +0000 (11:09 -0800)]
[PATCH] rtc framework handles periodic irqs

The RTC framework has an irq_set_freq() method that should be used to manage
the periodic IRQ frequency, but the current ioctl logic doesn't know how to do
that.  This patch teaches it how.

This means that drivers implementing irq_set_freq() will automatically support
RTC_IRQP_{READ,SET} ioctls; that logic doesn't need duplication within the
driver.

[akpm@osdl.org: export rtc_irq_set_freq]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Documentation/rtc.txt updates (for rtc class)
David Brownell [Sat, 25 Nov 2006 19:09:26 +0000 (11:09 -0800)]
[PATCH] Documentation/rtc.txt updates (for rtc class)

This updates the RTC documentation to summarize the two APIs now available:
the old PC/AT one, and the new RTC class drivers.  It also updates the
included "rtctest.c" file to better meet Linux style guidelines, and to work
with the new RTC drivers.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] debugfs: add header file
Randy Dunlap [Sat, 25 Nov 2006 19:09:26 +0000 (11:09 -0800)]
[PATCH] debugfs: add header file

debugfs needs include/linux/kobject.h for <kernel_subsys>.

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] mounstats NULL pointer dereference
Vasily Tarasov [Sat, 25 Nov 2006 19:09:22 +0000 (11:09 -0800)]
[PATCH] mounstats NULL pointer dereference

OpenVZ developers team has encountered the following problem in 2.6.19-rc6
kernel. After some seconds of running script

while [[ 1 ]]
do
find  /proc -name mountstats | xargs cat
done

this Oops appears:

BUG: unable to handle kernel NULL pointer dereference at virtual address
00000010
 printing eip:
c01a6b70
*pde = 00000000
Oops: 0000 [#1]
SMP
Modules linked in: xt_length ipt_ttl xt_tcpmss ipt_TCPMSS iptable_mangle
iptable_filter xt_multiport xt_limit ipt_tos ipt_REJECT ip_tables x_tables
parport_pc lp parport sunrpc af_packet thermal processor fan button battery
asus_acpi ac ohci_hcd ehci_hcd usbcore i2c_nforce2 i2c_core tg3 floppy
pata_amd
ide_cd cdrom sata_nv libata
CPU:    1
EIP:    0060:[<c01a6b70>]    Not tainted VLI
EFLAGS: 00010246   (2.6.19-rc6 #2)
EIP is at mountstats_open+0x70/0xf0
eax: 00000000   ebx: e6247030   ecx: e62470f8   edx: 00000000
esi: 00000000   edi: c01a6b00   ebp: c33b83c0   esp: f4105eb4
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 6044, ti=f4105000 task=f4104a70 task.ti=f4105000)
Stack: c33b83c0 c04ee940 f46a4a80 c33b83c0 e4df31b4 c01a6b00 f4105000 c0169231
       e4df31b4 c33b83c0 c33b83c0 f4105f20 00000003 f4105000 c0169445 f2503cf0
       f7f8c4c0 00008000 c33b83c0 00000000 00008000 c0169350 f4105f20 00008000
Call Trace:
 [<c01a6b00>] mountstats_open+0x0/0xf0
 [<c0169231>] __dentry_open+0x181/0x250
 [<c0169445>] nameidata_to_filp+0x35/0x50
 [<c0169350>] do_filp_open+0x50/0x60
 [<c01873d6>] seq_read+0xc6/0x300
 [<c0169511>] get_unused_fd+0x31/0xc0
 [<c01696d3>] do_sys_open+0x63/0x110
 [<c01697a7>] sys_open+0x27/0x30
 [<c01030bd>] sysenter_past_esp+0x56/0x79
 =======================
Code: 45 74 8b 54 24 20 89 44 24 08 8b 42 f0 31 d2 e8 47 cb f8 ff 85 c0 89 c3
74 51 8d 80 a0 04 00 00 e8 46 06 2c 00 8b 83 48 04 00 00 <8b> 78 10 85 ff 74
03
f0 ff 07 b0 01 86 83 a0 04 00 00 f0 ff 4b
EIP: [<c01a6b70>] mountstats_open+0x70/0xf0 SS:ESP 0068:f4105eb4

The problem is that task->nsproxy can be equal NULL for some time during
task exit. This patch fixes the BUG.

Signed-off-by: Vasily Tarasov <vtaras@openvz.org>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] fuse: fix Oops in lookup
Miklos Szeredi [Sat, 25 Nov 2006 19:09:20 +0000 (11:09 -0800)]
[PATCH] fuse: fix Oops in lookup

Fix bug in certain error paths of lookup routines.  The request object was
reused for sending FORGET, which is illegal.  This bug could cause an Oops
in 2.6.18.  In earlier versions it might silently corrupt memory, but this
is very unlikely.

These error paths are never triggered by libfuse, so this wasn't noticed
even with the 2.6.18 kernel, only with a filesystem using the raw kernel
interface.

Thanks to Russ Cox for the bug report and test filesystem.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] initramfs: handle more than one source dir or file list
Thomas Chou [Sat, 25 Nov 2006 19:09:18 +0000 (11:09 -0800)]
[PATCH] initramfs: handle more than one source dir or file list

Fix bug 7401.

Handle more than one source dir or file list to the initramfs gen scripts.

The Kconfig help for INITRAMFS_SOURCE claims that you can specify multiple
space-separated sources in order to allow unprivileged users to build an
image.  There are two bugs in the current implementation that prevent this
from working.

First, we pass "file1 dir2" to the gen_initramfs_list.sh script, which it
obviously can't open.

Second, gen_initramfs_list.sh -l outputs multiple definitions for
deps_initramfs -- one for each argument.

Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
Cc: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] fix "pcmcia: fix 'rmmod pcmcia' with unbound devices"
Daniel Ritz [Sat, 25 Nov 2006 19:09:17 +0000 (11:09 -0800)]
[PATCH] fix "pcmcia: fix 'rmmod pcmcia' with unbound devices"

Add required locking to dfbc9e9d33adb1ac9910dd7f8ceb911947039a52

Signed-off-by: Daniel Ritz <daniel.ritz@gmx.ch>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Pavol Gono <Palo.Gono@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] x86_64: fix bad page state in process 'swapper'
Mel Gorman [Thu, 23 Nov 2006 12:01:41 +0000 (12:01 +0000)]
[PATCH] x86_64: fix bad page state in process 'swapper'

find_min_pfn_for_node() and find_min_pfn_with_active_regions() both
depend on a sorted early_node_map[].  However, sort_node_map() is being
called after fin_min_pfn_with_active_regions() in
free_area_init_nodes().

In most cases, this is ok, but on at least one x86_64, the SRAT table
caused the E820 ranges to be registered out of order.  This gave the
wrong values for the min PFN range resulting in some pages not being
initialised.

This patch sorts the early_node_map in find_min_pfn_for_node().  It has
been boot tested on x86, x86_64, ppc64 and ia64.

Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Acked-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Fix i2c-ixp4xx compile (missing brace)
Jean Delvare [Thu, 23 Nov 2006 12:28:50 +0000 (13:28 +0100)]
[PATCH] Fix i2c-ixp4xx compile (missing brace)

Fix recent i2c-ixp4xx compilation breakage. Sorry for overlooking it.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] Correct bound checking from the value returned from _PPC method.
Dave Jones [Thu, 23 Nov 2006 01:42:01 +0000 (20:42 -0500)]
[PATCH] Correct bound checking from the value returned from _PPC method.

processor_perflib.c::acpi_processor_ppc_notifier() check if the value
returned by the processor's _PPC method is 0 and return failed if so.
This is wrong since 0 indicate that the bios think the processor can go
to the highest frequency.  This patch for example fix the HP NX 6125 to
allow its highest frequency to be available.

Signed-off-by: Bruno Ducrot <ducrot@poupinou.org>
Cc: "Pallipadi, Venkatesh" <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoMerge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm
Linus Torvalds [Thu, 23 Nov 2006 17:17:16 +0000 (09:17 -0800)]
Merge branch 'for-linus' of /home/rmk/linux-2.6-arm

* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3941/1: [Jornada7xx] - Addition to MAINTAINERS
  [ARM] 3942/1: ARM: comment: consistent_sync should not be called directly
  [ARM] ebsa110: fix warnings generated by asm/arch/io.h
  [ARM] 3933/1: Source drivers/ata/Kconfig

18 years agoMerge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Thu, 23 Nov 2006 00:36:33 +0000 (16:36 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [PATCH] make au1xxx-ide compile again
  [MIPS] Hack for SB1 cache issues

18 years ago[PATCH] make au1xxx-ide compile again
Manuel Lauss [Wed, 22 Nov 2006 13:51:32 +0000 (14:51 +0100)]
[PATCH] make au1xxx-ide compile again

The Au1xx IDE controller driver doesn't compile:

  CC      drivers/ide/mips/au1xxx-ide.o
/linux-2.6.19-rc6-work/drivers/ide/mips/au1xxx-ide.c:480: error: conflicting types for 'auide_ddma_tx_callback'
include2/asm/mach-au1x00/au1xxx_ide.h:174: error: previous declaration of 'auide_ddma_tx_callback' was here
/linux-2.6.19-rc6-work/drivers/ide/mips/au1xxx-ide.c:486: error: conflicting types for 'auide_ddma_rx_callback'
include2/asm/mach-au1x00/au1xxx_ide.h:176: error: previous declaration of 'auide_ddma_rx_callback' was here

Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
18 years ago[MIPS] Hack for SB1 cache issues
Thiemo Seufer [Thu, 16 Nov 2006 22:13:54 +0000 (22:13 +0000)]
[MIPS] Hack for SB1 cache issues

Removing flush_icache_page a while ago broke SB1 which was using an empty
flush_data_cache_page function.  This glues things well enough so a more
efficient but also more intrusive solution can be found later.

Signed-Off-By: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
18 years ago[AGP] Allocate AGP pages with GFP_DMA32 by default
Linus Torvalds [Wed, 22 Nov 2006 22:55:29 +0000 (14:55 -0800)]
[AGP] Allocate AGP pages with GFP_DMA32 by default

Not all graphic page remappers support physical addresses over the 4GB
mark for remapping, so while some do (the AMD64 GART always did, and I
just fixed the i965 to do so properly), we're safest off just forcing
GFP_DMA32 allocations to make sure graphics pages get allocated in the
low 32-bit address space by default.

AGP sub-drivers that really care, and can do better, could just choose
to implement their own allocator (or we could add another "64-bit safe"
default allocator for their use), but quite frankly, you're not likely
to care in practice.

So for now, this trivial change means that we won't be allocating pages
that we can't map correctly by mistake on x86-64.

[ On traditional 32-bit x86, this could never happen, because GFP_KERNEL
  would never allocate any highmem memory anyway ]

Acked-by: Andi Kleen <ak@suse.de>
Acked-by: Dave Jones <davej@redhat.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[ARM] 3941/1: [Jornada7xx] - Addition to MAINTAINERS
Kristoffer Ericson [Tue, 21 Nov 2006 00:20:31 +0000 (01:20 +0100)]
[ARM] 3941/1: [Jornada7xx] - Addition to MAINTAINERS

Adding myself to the MAINTAINERS file.

Signed-off-by: Kristoffer Ericson <Kristoffer_e1@hotmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
18 years ago[ARM] 3942/1: ARM: comment: consistent_sync should not be called directly
Dan Williams [Tue, 21 Nov 2006 21:57:23 +0000 (22:57 +0100)]
[ARM] 3942/1: ARM: comment: consistent_sync should not be called directly

/*
 * Note: Drivers should NOT use this function directly, as it will break
 * platforms with CONFIG_DMABOUNCE.
 * Use the driver DMA support - see dma-mapping.h (dma_sync_*)
 */

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
18 years ago[AGP] Fix intel 965 AGP memory mapping function
Linus Torvalds [Wed, 22 Nov 2006 17:37:54 +0000 (09:37 -0800)]
[AGP] Fix intel 965 AGP memory mapping function

This introduces a i965-specific "mask_memory()" function that knows
about the extended physical addresses that the i965 supports.  This
allows us to correctly map in physical memory in the >4GB range into the
GTT.

Also simplify/clean-up the i965 case for the aperture sizing by just
returning the fixed 512kB size from "fetch_size()".  We don't really
care that not all of the aperture may be visible - the only thing that
cares about the aperture size is the Intel "stolen memory" calculation,
which depends on the fixed size.

Cc: Keith Packard <keithp@keithp.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoDon't call "note_interrupt()" with irq descriptor lock held
Linus Torvalds [Wed, 22 Nov 2006 17:32:06 +0000 (09:32 -0800)]
Don't call "note_interrupt()" with irq descriptor lock held

This reverts commit f72fa707604c015a6625e80f269506032d5430dc, and solves
the problem that it tried to fix by simply making "__do_IRQ()" call the
note_interrupt() function without the lock held, the way everybody else
does.

It should be noted that all interrupt handling code must never allow the
descriptor actors to be entered "recursively" (that's why we do all the
magic IRQ_PENDING stuff in the first place), so there actually is
exclusion at that much higher level, even in the absense of locking.

Acked-by: Vivek Goyal <vgoyal@in.ibm.com>
Acked-by:Pavel Emelianov <xemul@openvz.org>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoMerge branch 'merge' of master.kernel.org:/pub/scm/linux/kernel/git/paulus/powerpc
Linus Torvalds [Wed, 22 Nov 2006 02:42:44 +0000 (18:42 -0800)]
Merge branch 'merge' of /linux/kernel/git/paulus/powerpc

* 'merge' of master.kernel.org:/pub/scm/linux/kernel/git/paulus/powerpc:
  [POWERPC] Fix ucc_geth of_device discovery on mpc832x
  [POWERPC] Revert "[POWERPC] Add powerpc get/set_rtc_time interface to new generic rtc class"
  [POWERPC] Revert "[POWERPC] Enable generic rtc hook for the MPC8349 mITX"

18 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Wed, 22 Nov 2006 02:36:59 +0000 (18:36 -0800)]
Merge /pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [TG3]: Add missing unlock in tg3_open() error path.
  [IPV6]: Fix address/interface handling in UDP and DCCP, according to the scoping architecture.
  [IRDA]: Lockdep fix.
  [BLUETOOTH]: Fix unaligned access in hci_send_to_sock.
  [XFRM]: nlmsg length not computed correctly in the presence of subpolicies
  [XFRM]: Sub-policies broke policy events
  [IGMP]: Fix IGMPV3_EXP() normalization bit shift value.
  [Bluetooth] Ignore L2CAP config requests on disconnect
  [Bluetooth] Always include MTU in L2CAP config responses
  [Bluetooth] Check if RFCOMM session is still attached to the TTY
  [Bluetooth] Handling pending connect attempts after inquiry
  [Bluetooth] Attach low-level connections to the Bluetooth bus
  [IPV6] IP6TUNNEL: Add missing nf_reset() on input path.
  [IPV6] IP6TUNNEL: Delete all tunnel device when unloading module.
  [IPV6] ROUTE: Do not enable router reachability probing in router mode.
  [IPV6] ROUTE: Prefer reachable nexthop only if the caller requests.
  [IPV6] ROUTE: Try to use router which is not known unreachable.

18 years ago[POWERPC] Fix ucc_geth of_device discovery on mpc832x
Kim Phillips [Wed, 22 Nov 2006 00:19:42 +0000 (18:19 -0600)]
[POWERPC] Fix ucc_geth of_device discovery on mpc832x

mpc832x, as in mpc8360, needs to explicitly find and create the
platform device for ucc_geth in 2.6.19.  This code will likely be
readapted to Benh's new of_ methods for 2.6.20.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[TG3]: Add missing unlock in tg3_open() error path.
Ira W. Snyder [Wed, 22 Nov 2006 01:44:31 +0000 (17:44 -0800)]
[TG3]: Add missing unlock in tg3_open() error path.

Sparse noticed a locking imbalance in tg3_open(). This patch adds an
unlock to one of the error paths, so that tg3_open() always exits
without the lock held.

Signed-off-by: Ira W. Snyder <kernel@irasnyder.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: Fix address/interface handling in UDP and DCCP, according to the scoping...
YOSHIFUJI Hideaki [Wed, 22 Nov 2006 01:41:56 +0000 (17:41 -0800)]
[IPV6]: Fix address/interface handling in UDP and DCCP, according to the scoping architecture.

TCP and RAW do not have this issue.  Closes Bug #7432.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IRDA]: Lockdep fix.
Peter Zijlstra [Wed, 22 Nov 2006 01:33:01 +0000 (17:33 -0800)]
[IRDA]: Lockdep fix.

On Sat, 2006-11-18 at 16:12 +0300, Andrey Borzenkov wrote:

> =============================================
> [ INFO: possible recursive locking detected ]
> 2.6.19-rc5-2avb #2
> - ---------------------------------------------
> pppd/26425 is trying to acquire lock:
>  (&hashbin->hb_spinlock){....}, at: [<dfdea87a>] irlmp_slsap_inuse+0x5a/0x170
> [irda]
>
> but task is already holding lock:
>  (&hashbin->hb_spinlock){....}, at: [<dfdea857>] irlmp_slsap_inuse+0x37/0x170
> [irda]
>
> other info that might help us debug this:
> 1 lock held by pppd/26425:
>  #0:  (&hashbin->hb_spinlock){....}, at: [<dfdea857>]
> irlmp_slsap_inuse+0x37/0x170 [irda]
>
> stack backtrace:
>  [<c010413c>] dump_trace+0x1cc/0x200
>  [<c010418a>] show_trace_log_lvl+0x1a/0x30
>  [<c01047f2>] show_trace+0x12/0x20
>  [<c01048c9>] dump_stack+0x19/0x20
>  [<c01346ca>] __lock_acquire+0x8fa/0xc20
>  [<c0134d2d>] lock_acquire+0x5d/0x80
>  [<c02a851c>] _spin_lock+0x2c/0x40
>  [<dfdea87a>] irlmp_slsap_inuse+0x5a/0x170 [irda]
>  [<dfdebab2>] irlmp_open_lsap+0x62/0x180 [irda]
>  [<dfdf35d1>] irttp_open_tsap+0x181/0x230 [irda]
>  [<dfdc0c3d>] ircomm_open_tsap+0x5d/0xa0 [ircomm]
>  [<dfdc05d8>] ircomm_open+0xb8/0xd0 [ircomm]
>  [<dfdd0477>] ircomm_tty_open+0x4f7/0x570 [ircomm_tty]
>  [<c020bbe4>] tty_open+0x174/0x340
>  [<c016bd69>] chrdev_open+0x89/0x170
>  [<c0167bd6>] __dentry_open+0xa6/0x1d0
>  [<c0167da5>] nameidata_to_filp+0x35/0x40
>  [<c0167df9>] do_filp_open+0x49/0x50
>  [<c0167e47>] do_sys_open+0x47/0xd0
>  [<c0167f0c>] sys_open+0x1c/0x20
>  [<c010307d>] sysenter_past_esp+0x56/0x8d
>  [<b7f86410>] 0xb7f86410
>  =======================

The comment at the nesting lock says:

/* Careful for priority inversions here !
 * irlmp->links is never taken while another IrDA
 * spinlock is held, so we are safe. Jean II */

So, under the assumption the author was right, it just needs a lockdep
annotation.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[POWERPC] Revert "[POWERPC] Add powerpc get/set_rtc_time interface to new generic...
Kim Phillips [Tue, 21 Nov 2006 16:31:14 +0000 (10:31 -0600)]
[POWERPC] Revert "[POWERPC] Add powerpc get/set_rtc_time interface to new generic rtc class"

This reverts commit 7a69af63e788a324d162201a0b23df41bcf158dd.

As advised by David Brownell:

http://marc.theaimsgroup.com/?l=linux-kernel&m=116387226902131&w=2

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[POWERPC] Revert "[POWERPC] Enable generic rtc hook for the MPC8349 mITX"
Kim Phillips [Tue, 21 Nov 2006 16:31:08 +0000 (10:31 -0600)]
[POWERPC] Revert "[POWERPC] Enable generic rtc hook for the MPC8349 mITX"

This reverts commit a8ed4f7ec3aa472134d7de6176f823b2667e450b.

As advised by David Brownell:

http://marc.theaimsgroup.com/?l=linux-kernel&m=116387226902131&w=2

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
18 years ago[BLUETOOTH]: Fix unaligned access in hci_send_to_sock.
David S. Miller [Wed, 22 Nov 2006 00:17:41 +0000 (16:17 -0800)]
[BLUETOOTH]: Fix unaligned access in hci_send_to_sock.

The "u16 *" derefs of skb->data need to be wrapped inside of
a get_unaligned().

Thanks to Gustavo Zacarias for the bug report.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: nlmsg length not computed correctly in the presence of subpolicies
Jamal Hadi Salim [Sun, 19 Nov 2006 22:55:30 +0000 (14:55 -0800)]
[XFRM]: nlmsg length not computed correctly in the presence of subpolicies

I actually dont have a test case for these; i just found them by
inspection. Refer to patch "[XFRM]: Sub-policies broke policy events"
for more info

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: Sub-policies broke policy events
Jamal Hadi Salim [Sun, 19 Nov 2006 22:53:07 +0000 (14:53 -0800)]
[XFRM]: Sub-policies broke policy events

XFRM policy events are broken when sub-policy feature is turned on.
A simple test to verify this:
run ip xfrm mon on one window and add then delete a policy on another
window ..

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IGMP]: Fix IGMPV3_EXP() normalization bit shift value.
David L Stevens [Sun, 19 Nov 2006 18:38:39 +0000 (10:38 -0800)]
[IGMP]: Fix IGMPV3_EXP() normalization bit shift value.

The IGMPV3_EXP() macro doesn't correctly shift the normalization bit, so
time-out values are longer than they should be.

Thanks to Dirk Ooms for finding the problem in IGMPv3 - MLDv2 had a
similar problem that was already fixed a year ago. :-(

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[Bluetooth] Ignore L2CAP config requests on disconnect
Marcel Holtmann [Sat, 18 Nov 2006 21:15:20 +0000 (22:15 +0100)]
[Bluetooth] Ignore L2CAP config requests on disconnect

Any L2CAP connection in disconnecting state shall not response
to any further config requests from the remote side. So in case
such a request is received, ignore it.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
18 years ago[Bluetooth] Always include MTU in L2CAP config responses
Marcel Holtmann [Sat, 18 Nov 2006 21:15:00 +0000 (22:15 +0100)]
[Bluetooth] Always include MTU in L2CAP config responses

When sending a positive config response it shall include the actual
MTU to be used on this channel. This differs from the Bluetooth 1.1
specification where it was enough to acknowledge the config request.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
18 years ago[Bluetooth] Check if RFCOMM session is still attached to the TTY
Marcel Holtmann [Sat, 18 Nov 2006 21:14:42 +0000 (22:14 +0100)]
[Bluetooth] Check if RFCOMM session is still attached to the TTY

If the RFCOMM session is no longer attached to the TTY device, then it
makes no sense to go through with changing the termios settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
18 years ago[Bluetooth] Handling pending connect attempts after inquiry
Marcel Holtmann [Sat, 18 Nov 2006 21:14:22 +0000 (22:14 +0100)]
[Bluetooth] Handling pending connect attempts after inquiry

After an inquiry completed or got canceled the Bluetooth core should
check for any pending connect attempts.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
18 years ago[Bluetooth] Attach low-level connections to the Bluetooth bus
Marcel Holtmann [Sat, 18 Nov 2006 21:14:05 +0000 (22:14 +0100)]
[Bluetooth] Attach low-level connections to the Bluetooth bus

To receive uvents for the low-level ACL and SCO links, they must be
assigned to a subsystem. It is enough to attach them to the already
established Bluetooth bus.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
18 years ago[IPV6] IP6TUNNEL: Add missing nf_reset() on input path.
Yasuyuki Kozakai [Mon, 6 Nov 2006 18:06:23 +0000 (10:06 -0800)]
[IPV6] IP6TUNNEL: Add missing nf_reset() on input path.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] IP6TUNNEL: Delete all tunnel device when unloading module.
Yasuyuki Kozakai [Mon, 6 Nov 2006 18:06:22 +0000 (10:06 -0800)]
[IPV6] IP6TUNNEL: Delete all tunnel device when unloading module.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] ROUTE: Do not enable router reachability probing in router mode.
YOSHIFUJI Hideaki [Mon, 6 Nov 2006 17:45:45 +0000 (09:45 -0800)]
[IPV6] ROUTE: Do not enable router reachability probing in router mode.

RFC4191 explicitly states that the procedures are applicable to
hosts only.  We should not have changed behavior of routers.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] ROUTE: Prefer reachable nexthop only if the caller requests.
YOSHIFUJI Hideaki [Mon, 6 Nov 2006 17:45:45 +0000 (09:45 -0800)]
[IPV6] ROUTE: Prefer reachable nexthop only if the caller requests.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] ROUTE: Try to use router which is not known unreachable.
YOSHIFUJI Hideaki [Mon, 6 Nov 2006 17:45:44 +0000 (09:45 -0800)]
[IPV6] ROUTE: Try to use router which is not known unreachable.

Only routers in "FAILED" state should be considered unreachable.
Otherwise, we do not try to use speicific routes unless all least specific
routers are considered unreachable.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[PATCH] Fix CPU_FREQ_GOV_ONDEMAND=y compile error
Dave Jones [Tue, 21 Nov 2006 21:58:59 +0000 (16:58 -0500)]
[PATCH] Fix CPU_FREQ_GOV_ONDEMAND=y compile error

The ONDEMAND governor needs FREQ_TABLE

Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoMerge branch 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6
Linus Torvalds [Tue, 21 Nov 2006 16:07:38 +0000 (08:07 -0800)]
Merge branch 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6

* 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6:
  [PATCH] x86_64: Align data segment to PAGE_SIZE boundary
  [PATCH] x86-64: increase PHB1 split transaction timeout
  [PATCH] x86-64: Fix C3 timer test

18 years ago[PATCH] x86_64: Align data segment to PAGE_SIZE boundary
Vivek Goyal [Mon, 20 Nov 2006 16:29:09 +0000 (11:29 -0500)]
[PATCH] x86_64: Align data segment to PAGE_SIZE boundary

o Explicitly align data segment to PAGE_SIZE boundary otherwise depending on
  config options and tool chain it might be placed on a non PAGE_SIZE aligned
  boundary and vmlinux loaders like kexec fail when they encounter a
  PT_LOAD type segment which is not aligned to PAGE_SIZE boundary.

Signed-off-by: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andi Kleen <ak@suse.de>
18 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Andi Kleen [Tue, 21 Nov 2006 09:22:09 +0000 (10:22 +0100)]
Merge branch 'master' of git://git./linux/kernel/git/torvalds/linux-2.6

18 years ago[XFS] Stale the correct inode when freeing clusters.
David Chinner [Tue, 21 Nov 2006 07:55:33 +0000 (18:55 +1100)]
[XFS] Stale the correct inode when freeing clusters.

SGI-PV: 958376
SGI-Modid: xfs-linux-melb:xfs-kern:27503a

Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Tim Shimmin <tes@sgi.com>
18 years ago[XFS] Fix uninitialized br_state and br_startoff in
Lachlan McIlroy [Tue, 21 Nov 2006 07:55:16 +0000 (18:55 +1100)]
[XFS] Fix uninitialized br_state and br_startoff in
xfs_bmap_add_extent_delay_real()

SGI-PV: 957008
SGI-Modid: xfs-linux-melb:xfs-kern:27457a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Shailendra Tripathi <stripathi@agami.com>
Signed-off-by: Tim Shimmin <tes@sgi.com>
18 years agoIB/ipath: Depend on CONFIG_NET
Bryan O'Sullivan [Mon, 20 Nov 2006 18:54:34 +0000 (10:54 -0800)]
IB/ipath: Depend on CONFIG_NET

ipath uses skb functions and won't build without CONFIG_NET.

Spotted by Randy Dunlap.

Signed-off-by: Bryan O'Sullivan <bryan.osullivan@qlogic.com>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
18 years agoAdd "pure_initcall" for static variable initialization
Linus Torvalds [Mon, 20 Nov 2006 19:47:18 +0000 (11:47 -0800)]
Add "pure_initcall" for static variable initialization

This is a quick hack to overcome the fact that SRCU currently does not
allow static initializers, and we need to sometimes initialize those
things before any other initializers (even "core" ones) can do so.

Currently we don't allow this at all for modules, and the only user that
needs is right now is cpufreq. As reported by Thomas Gleixner:

   "Commit b4dfdbb3c707474a2254c5b4d7e62be31a4b7da9 ("[PATCH] cpufreq:
    make the transition_notifier chain use SRCU breaks cpu frequency
    notification users, which register the callback > on core_init
    level."

Cc: Thomas Gleixner <tglx@timesys.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Andrew Morton <akpm@osdl.org>,
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoMerge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband
Linus Torvalds [Mon, 20 Nov 2006 18:48:23 +0000 (10:48 -0800)]
Merge branch 'for-linus' of /linux/kernel/git/roland/infiniband

* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
  IPoIB: Clear high octet in QP number

18 years ago[PATCH] m68knommu: fix up for the irq_handler_t changes
Greg Ungerer [Mon, 20 Nov 2006 05:46:22 +0000 (15:46 +1000)]
[PATCH] m68knommu: fix up for the irq_handler_t changes

Switch to using irq_handler_t for interrupt function handler pointers.

Change name of m68knommu's irq_hanlder_t data structure so it doesn't
clash with the common type (include/linux/interrupt.h).

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] fix build error for HISAX_NETJET
Toralf Foerster [Sun, 19 Nov 2006 06:19:41 +0000 (22:19 -0800)]
[PATCH] fix build error for HISAX_NETJET

Fix a build error for the  enter:now PCI card.

Signed-off-by: Toralf Foerster <toralf.foerster@gmx.de>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] ftape: fix printk format warnings
Randy Dunlap [Sun, 19 Nov 2006 06:19:41 +0000 (22:19 -0800)]
[PATCH] ftape: fix printk format warnings

Fix printk format warnings:
drivers/char/ftape/zftape/zftape-buffers.c:87: warning: format '%d' expects type
'int', but argument 3 has type 'size_t'
drivers/char/ftape/zftape/zftape-buffers.c:104: warning: format '%d' expects type
 'int', but argument 3 has type 'size_t'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] x86_64: fix memory hotplug build with NUMA=n
Yasunori Goto [Sun, 19 Nov 2006 06:19:40 +0000 (22:19 -0800)]
[PATCH] x86_64: fix memory hotplug build with NUMA=n

This is to fix compile error of x86-64 memory hotplug without any NUMA
option.

  CC      arch/x86_64/mm/init.o
arch/x86_64/mm/init.c:501: error: redefinition of 'memory_add_physaddr_to_nid'
include/linux/memory_hotplug.h:71: error: previous definition of 'memory_add_phys
addr_to_nid' was here
arch/x86_64/mm/init.c:509: error: redefinition of 'memory_add_physaddr_to_nid'
arch/x86_64/mm/init.c:501: error: previous definition of 'memory_add_physaddr_to_
nid' was here

I confirmed compile completion with !NUMA, (NUMA & !ACPI_NUMA),
or (NUMA & ACPI_NUMA).

Signed-off-by: Yasunori Goto <y-goto@jp.fujitsu.com>
Acked-by: Andi Kleen <ak@suse.de>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] scx200_acb: handle PCI errors
Jeff Garzik [Sun, 19 Nov 2006 06:19:39 +0000 (22:19 -0800)]
[PATCH] scx200_acb: handle PCI errors

Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] i2c-ixp4xx: fix ") != 0))" typo
Alexey Dobriyan [Sun, 19 Nov 2006 06:19:36 +0000 (22:19 -0800)]
[PATCH] i2c-ixp4xx: fix ") != 0))" typo

i2c_bit_add_bus() returns -E;
-E != 0 => err = 1
probe fails with positive error code

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Cc: Deepak Saxena <dsaxena@mvista.com>
Acked-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] pcmcia: fix 'rmmod pcmcia' with unbound devices
Daniel Ritz [Sun, 19 Nov 2006 06:19:34 +0000 (22:19 -0800)]
[PATCH] pcmcia: fix 'rmmod pcmcia' with unbound devices

Having unbound PCMCIA devices: doing a 'find /sys' after a 'rmmod pcmcia'
gives an oops because the pcmcia_device is not unregisterd from the driver
core.

fixes bugzilla #7481

Signed-off-by: Daniel Ritz <daniel.ritz@gmx.ch>
Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Pavol Gono <Palo.Gono@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[ARM] ebsa110: fix warnings generated by asm/arch/io.h
Russell King [Mon, 20 Nov 2006 15:59:10 +0000 (15:59 +0000)]
[ARM] ebsa110: fix warnings generated by asm/arch/io.h

Remove two warnings:
drivers/serial/8250_early.c:136: warning: unused variable 'mapsize'
include/linux/io.h:47: warning: passing argument 1 of '__readb' discards qualifiers from pointer target type

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
18 years ago[ARM] 3933/1: Source drivers/ata/Kconfig
Martin Michlmayr [Thu, 16 Nov 2006 23:14:35 +0000 (00:14 +0100)]
[ARM] 3933/1: Source drivers/ata/Kconfig

ARM doesn't source drivers/Kconfig like most architectures do, so the
newly added drivers/ata is currently not made available on ARM.  SATA
is used on some ARM machines, like the Thecus N2100, so we need to
source drivers/ata/Kconfig.

Signed-off-by: Martin Michlmayr <tbm@cyrius.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
18 years ago[CRYPTO] api: Remove one too many semicolon
Yoichi Yuasa [Fri, 17 Nov 2006 00:51:41 +0000 (11:51 +1100)]
[CRYPTO] api: Remove one too many semicolon

This patch has removed one too many semicolon in crypto.h.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
18 years agoMerge branch 'fixes4linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbglaw...
Linus Torvalds [Sat, 18 Nov 2006 03:55:11 +0000 (19:55 -0800)]
Merge branch 'fixes4linus' of git://git./linux/kernel/git/jbglaw/vax-linux

* 'fixes4linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbglaw/vax-linux:
  lkkbd: Remove my old snail-mail address

18 years ago[PATCH] Update my CREDITS entry
David Weinehall [Sat, 18 Nov 2006 02:58:58 +0000 (03:58 +0100)]
[PATCH] Update my CREDITS entry

I moved from Sweden to Finland 2.5 years ago, thought it might be time
to update my CREDITS entry (simply removing the address completely
seemed the sanest option).

Signed-off-by: David Weinehall <tao@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agoRevert "ACPI: created a dedicated workqueue for notify() execution"
Linus Torvalds [Sat, 18 Nov 2006 03:31:09 +0000 (19:31 -0800)]
Revert "ACPI: created a dedicated workqueue for notify() execution"

This reverts commit 37605a6900f6b4d886d995751fcfeef88c4e462c.

Again.

This same bug has now been introduced twice: it was done earlier by
commit b8d35192c55fb055792ff0641408eaaec7c88988, only to be reverted
last time in commit 72945b2b90a5554975b8f72673ab7139d232a121.

We must NOT try to queue up notify handlers to another thread than the
normal ACPI execution thread, because the notifications on some systems
seem to just keep on accumulating until we run out of memory and/or
threads.

Keeping events within the one deferred execution thread automatically
throttles the events properly.

At least the Compaq N620c will lock up completely on the first thermal
event without this patch reverted.

Cc: David Brownell <david-b@pacbell.net>
Cc: Len Brown <len.brown@intel.com>
Cc: Alexey Starikovskiy <alexey.y.starikovskiy@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agox86: be more careful when walking back the frame pointer chain
Linus Torvalds [Fri, 17 Nov 2006 19:14:56 +0000 (11:14 -0800)]
x86: be more careful when walking back the frame pointer chain

When showing the stack backtrace, make sure that we never accept not
only an unchanging frame pointer, but also a frame pointer that moves
back down the stack frame.  It must always grow up (toward older stack
frames).

I doubt this has triggered, but a subtly corrupt stack with extremely
unlucky contents could cause us to loop forever on a bogus endless frame
pointer chain.

This review was triggered by much worse problems happening in some of
the other stack unwinding code.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] lockdep: fix static keys in module-allocated percpu areas
Ingo Molnar [Fri, 17 Nov 2006 18:57:22 +0000 (19:57 +0100)]
[PATCH] lockdep: fix static keys in module-allocated percpu areas

lockdep got confused by certain locks in modules:

 INFO: trying to register non-static key.
 the code is fine but needs lockdep annotation.
 turning off the locking correctness validator.

 Call Trace:
  [<ffffffff8026f40d>] dump_trace+0xaa/0x3f2
  [<ffffffff8026f78f>] show_trace+0x3a/0x60
  [<ffffffff8026f9d1>] dump_stack+0x15/0x17
  [<ffffffff802abfe8>] __lock_acquire+0x724/0x9bb
  [<ffffffff802ac52b>] lock_acquire+0x4d/0x67
  [<ffffffff80267139>] rt_spin_lock+0x3d/0x41
  [<ffffffff8839ed3f>] :ip_conntrack:__ip_ct_refresh_acct+0x131/0x174
  [<ffffffff883a1334>] :ip_conntrack:udp_packet+0xbf/0xcf
  [<ffffffff8839f9af>] :ip_conntrack:ip_conntrack_in+0x394/0x4a7
  [<ffffffff8023551f>] nf_iterate+0x41/0x7f
  [<ffffffff8025946a>] nf_hook_slow+0x64/0xd5
  [<ffffffff802369a2>] ip_rcv+0x24e/0x506
  [...]

Steven Rostedt found the bug: static_obj() check did not take
PERCPU_ENOUGH_ROOM into account, so in-module DEFINE_PER_CPU-area locks
were triggering this message.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Steven Rostedt <srostedt@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] i386/x86_64: ACPI cpu_idle_wait() fix
Ingo Molnar [Fri, 17 Nov 2006 13:26:18 +0000 (14:26 +0100)]
[PATCH] i386/x86_64: ACPI cpu_idle_wait() fix

The scheduler on Andreas Friedrich's hyperthreading system stopped
working properly: the scheduler would never move tasks to another CPU!
The lask known working kernel was 2.6.8.

After a couple of attempts to corner the bug, the following smoking gun
was found:

  BIOS reported wrong ACPI idfor the processor
  CPU#1: set_cpus_allowed(), swapper:1, 3 -> 2
   [<c0103bbe>] show_trace_log_lvl+0x34/0x4a
   [<c0103ceb>] show_trace+0x2c/0x2e
   [<c01045f8>] dump_stack+0x2b/0x2d
   [<c0116a77>] set_cpus_allowed+0x52/0xec
   [<c0101d86>] cpu_idle_wait+0x2e/0x100
   [<c0259c57>] acpi_processor_power_exit+0x45/0x58
   [<c0259752>] acpi_processor_remove+0x46/0xea
   [<c025c6fb>] acpi_start_single_object+0x47/0x54
   [<c025cee5>] acpi_bus_register_driver+0xa4/0xd3
   [<c04ab2d7>] acpi_processor_init+0x57/0x77
   [<c01004d7>] init+0x146/0x2fd
   [<c0103a87>] kernel_thread_helper+0x7/0x10

a quick look at cpu_idle_wait() shows how broken that code is
on i386: it changes the init task's affinity map but never
restores it ...

and because all userspace tasks get forked by init, they all
inherited that single-CPU affinity mask. x86_64 cloned this
bug too.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Andreas Friedrich <andreas.friedrich@fujitsu-siemens.com>
Cc: Wolfgang Erig <Wolfgang.Erig@fujitsu-siemens.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years ago[PATCH] x86_64: stack unwinder crash fix
Ingo Molnar [Fri, 17 Nov 2006 04:57:49 +0000 (05:57 +0100)]
[PATCH] x86_64: stack unwinder crash fix

the new dwarf2 unwinder crashes while trying to dump the stack:

  Leftover inexact backtrace:

  Unable to handle kernel paging request at ffffffff82800000 RIP:
   [<ffffffff8026cf26>] dump_trace+0x35b/0x3d2
  PGD 203027 PUD 205027 PMD 0
  Oops: 0000 [2] PREEMPT SMP
  CPU 0
  Modules linked in:
  Pid: 30, comm: khelper Not tainted 2.6.19-rc6-rt1 #11
  RIP: 0010:[<ffffffff8026cf26>]  [<ffffffff8026cf26>] dump_trace+0x35b/0x3d2
  RSP: 0000:ffff81003fb9d848  EFLAGS: 00010006
  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: ffffffff805b3520 RDI: 0000000000000000
  RBP: ffffffff827ffff9 R08: ffffffff80aad000 R09: 0000000000000005
  R10: ffffffff80aae000 R11: ffffffff8037961b R12: ffff81003fb9d858
  R13: 0000000000000000 R14: ffffffff80598460 R15: ffffffff80ab1fc0
  FS:  0000000000000000(0000) GS:ffffffff806c4200(0000) knlGS:0000000000000000
  CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
  CR2: ffffffff82800000 CR3: 0000000000201000 CR4: 00000000000006e0

this crash happened because it did not sanitize the dwarf2 data it
got, and got an unaligned stack pointer - which happily walked past
the process stack (and eventually reached the end of kernel memory
and pagefaulted there) due to this naive iteration condition:

        HANDLE_STACK (((long) stack & (THREAD_SIZE-1)) != 0);

note that i386 is alot more conservative when it comes to trusting
stack pointers:

  static inline int valid_stack_ptr(struct thread_info *tinfo, void *p)
  {
         return  p > (void *)tinfo &&
                 p < (void *)tinfo + THREAD_SIZE - 3;
  }

but the x86_64 code did not take this bit of i386 code.

The fix is to align the stack pointer.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Andi Kleen <ak@suse.de>
Cc: Jan Beulich <jbeulich@novell.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 years agolkkbd: Remove my old snail-mail address
Jan-Benedict Glaw [Fri, 17 Nov 2006 09:32:04 +0000 (10:32 +0100)]
lkkbd: Remove my old snail-mail address

I moved to a different town and my old snail-mail address is invalid
now.  Also, there's no need at all to have any address like that in
the sources, so remove it completely.

Signed-off-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
18 years agoFix generic fb_ddc i2c edid probe msg
Linus Torvalds [Fri, 17 Nov 2006 06:18:28 +0000 (22:18 -0800)]
Fix generic fb_ddc i2c edid probe msg

Benh points out that the msgs[0].flags entry never got initialized, and
since it's an automatic stack allocation, it could have any random
value, which is bad.

Rewrite the initializer to explicitly initialize all fields of the small
i2c_msg structure array we generate.  Just to keep it all obvious, let's
handle msgs[1].buf in the same initializer while we're at it, instead of
initializing that one separately later.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>