Commit Graph

85430 Commits

Author SHA1 Message Date
Urs Thuermann
fee54fa517 [NET]: Fix comment for skb_pull_rcsum
Fix comment for skb_pull_rcsum

Signed-off-by: Urs Thuermann <urs@isnogud.escape.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 22:03:25 -08:00
Herbert Xu
28a89453b1 [IPV6]: Fix IPsec datagram fragmentation
This is a long-standing bug in the IPsec IPv6 code that breaks
when we emit a IPsec tunnel-mode datagram packet.  The problem
is that the code the emits the packet assumes the IPv6 stack
will fragment it later, but the IPv6 stack assumes that whoever
is emitting the packet is going to pre-fragment the packet.

In the long term we need to fix both sides, e.g., to get the
datagram code to pre-fragment as well as to get the IPv6 stack
to fragment locally generated tunnel-mode packet.

For now this patch does the second part which should make it
work for the IPsec host case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 18:07:27 -08:00
David S. Miller
69cc64d8d9 [NDISC]: Fix race in generic address resolution
Frank Blaschka provided the bug report and the initial suggested fix
for this bug.  He also validated this version of this fix.

The problem is that the access to neigh->arp_queue is inconsistent, we
grab references when dropping the lock lock to call
neigh->ops->solicit() but this does not prevent other threads of
control from trying to send out that packet at the same time causing
corruptions because both code paths believe they have exclusive access
to the skb.

The best option seems to be to hold the write lock on neigh->lock
during the ->solicit() call.  I looked at all of the ndisc_ops
implementations and this seems workable.  The only case that needs
special care is the IPV4 ARP implementation of arp_solicit().  It
wants to take neigh->lock as a reader to protect the header entry in
neigh->ha during the emission of the soliciation.  We can simply
remove the read lock calls to take care of that since holding the lock
as a writer at the caller providers a superset of the protection
afforded by the existing read locking.

The rest of the ->solicit() implementations don't care whether the
neigh is locked or not.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:54:17 -08:00
David Newall
3611f4d2a5 hci_ldisc: fix null pointer deref
Arjan:

  With the help of kerneloops.org I've spotted a nice little interaction
  between the TTY layer and the bluetooth code, however the tty layer is not
  something I'm all too familiar with so I rather ask than brute-force fix the
  code incorrectly.

  The raw details are at:
  http://www.kerneloops.org/search.php?search=uart_flush_buffer

  What happens is that, on closing the bluetooth tty, the tty layer goes
  into the release_dev() function, which first does a bunch of stuff, then
  sets the file->private_data to NULL, does some more stuff and then calls the
  ldisc close function.  Which in this case, is hci_uart_tty_close().

  Now, hci_uart_tty_close() calls hci_uart_close() which clears some
  internal bit, and then calls hci_uart_flush()...  which calls back to the
  tty layers' uart_flush_buffer() function.  (in drivers/bluetooth/hci_tty.c
  around line 194) Which then WARN_ON()'s because that's not allowed/supposed
  to be called this late in the shutdown of the port....

  Should the bluetooth driver even call this flush function at all??

David:

  This seems to be what happens: Hci_uart_close() flushes using
  hci_uart_flush().  Subsequently, in hci_dev_do_close(), (one step in
  hci_unregister_dev()), hci_uart_flush() is called again.  The comment in
  uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush
  after the port is closed; which sounds reasonable.  I think hci_uart_close()
  should set hdev->flush to NULL before returning.  Hci_dev_do_close() does
  check for this.  The code path is rather involved and I'm not entirely clear
  of all steps, but I think that's what should be done.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:54:16 -08:00
Jarek Poplawski
e848b583e0 [AX25] ax25_ds_timer: use mod_timer instead of add_timer
This patch changes current use of: init_timer(), add_timer()
and del_timer() to setup_timer() with mod_timer(), which
should be safer anyway.

Reported-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:34 -08:00
Jarek Poplawski
21fab4a86a [AX25] ax25_timer: use mod_timer instead of add_timer
According to one of Jann's OOPS reports it looks like
BUG_ON(timer_pending(timer)) triggers during add_timer()
in ax25_start_t1timer(). This patch changes current use
of: init_timer(), add_timer() and del_timer() to
setup_timer() with mod_timer(), which should be safer
anyway.

Reported-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:33 -08:00
Jarek Poplawski
4de211f1a2 [AX25] ax25_route: make ax25_route_lock BH safe
> =================================
> [ INFO: inconsistent lock state ]
> 2.6.24-dg8ngn-p02 #1
> ---------------------------------
> inconsistent {softirq-on-W} -> {in-softirq-R} usage.
> linuxnet/3046 [HC0[0]:SC1[2]:HE1:SE0] takes:
>  (ax25_route_lock){--.+}, at: [<f8a0cfb7>] ax25_get_route+0x18/0xb7 [ax25]
> {softirq-on-W} state was registered at:
...

This lockdep report shows that ax25_route_lock is taken for reading in
softirq context, and for writing in process context with BHs enabled.
So, to make this safe, all write_locks in ax25_route.c are changed to
_bh versions.

Reported-by: Jann Traschewski <jann@gmx.de>,
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:32 -08:00
Jarek Poplawski
1105b5d1d4 [AX25] af_ax25: remove sock lock in ax25_info_show()
This lockdep warning:

> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.24 #3
> -------------------------------------------------------
> swapper/0 is trying to acquire lock:
>  (ax25_list_lock){-+..}, at: [<f91dd3b1>] ax25_destroy_socket+0x171/0x1f0 [ax25]
>
> but task is already holding lock:
>  (slock-AF_AX25){-+..}, at: [<f91dbabc>] ax25_std_heartbeat_expiry+0x1c/0xe0 [ax25]
>
> which lock already depends on the new lock.
...

shows that ax25_list_lock and slock-AF_AX25 are taken in different
order: ax25_info_show() takes slock (bh_lock_sock(ax25->sk)) while
ax25_list_lock is held, so reversely to other functions. To fix this
the sock lock should be moved to ax25_info_start(), and there would
be still problem with breaking ax25_list_lock (it seems this "proper"
order isn't optimal yet). But, since it's only for reading proc info
it seems this is not necessary (e.g.  ax25_send_to_raw() does similar
reading without this lock too).

So, this patch removes sock lock to avoid deadlock possibility; there
is also used sock_i_ino() function, which reads sk_socket under proper
read lock. Additionally printf format of this i_ino is changed to %lu.

Reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:31 -08:00
Stephen Hemminger
8315f5d80a fib_trie: /proc/net/route performance improvement
Use key/offset caching to change /proc/net/route (use by iputils route)
from O(n^2) to O(n). This improves performance from 30sec with 160,000
routes to 1sec.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:31 -08:00
Stephen Hemminger
ec28cf738d fib_trie: handle empty tree
This fixes possible problems when trie_firstleaf() returns NULL
to trie_leafindex().

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:30 -08:00
David S. Miller
e4f8b5d4ed [IPV4]: Remove IP_TOS setting privilege checks.
Various RFCs have all sorts of things to say about the CS field of the
DSCP value.  In particular they try to make the distinction between
values that should be used by "user applications" and things like
routing daemons.

This seems to have influenced the CAP_NET_ADMIN check which exists for
IP_TOS socket option settings, but in fact it has an off-by-one error
so it wasn't allowing CS5 which is meant for "user applications" as
well.

Further adding to the inconsistency and brokenness here, IPV6 does not
validate the DSCP values specified for the IPV6_TCLASS socket option.

The real actual uses of these TOS values are system specific in the
final analysis, and these RFC recommendations are just that, "a
recommendation".  In fact the standards very purposefully use
"SHOULD" and "SHOULD NOT" when describing how these values can be
used.

In the final analysis the only clean way to provide consistency here
is to remove the CAP_NET_ADMIN check.  The alternatives just don't
work out:

1) If we add the CAP_NET_ADMIN check to ipv6, this can break existing
   setups.

2) If we just fix the off-by-one error in the class comparison in
   IPV4, certain DSCP values can be used in IPV6 but not IPV4 by
   default.  So people will just ask for a sysctl asking to
   override that.

I checked several other freely available kernel trees and they
do not make any privilege checks in this area like we do.  For
the BSD stacks, this goes back all the way to Stevens Volume 2
and beyond.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:53:29 -08:00
David S. Miller
b791dd3ed7 Merge branch 'upstream-davem' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2008-02-12 17:51:26 -08:00
Linus Torvalds
96b5a46e2a WMI: initialize wmi_blocks.list even if ACPI is disabled
Even if we don't want to register the WMI driver, we should initialize
the wmi_blocks list to be empty, since we don't want the wmi helper
functions to oops just because that basic list has not even been set up.

With this, "find_guid()" will happily return "not found" rather than
oopsing all over the place, and the callers will then just automatically
return false or AE_NOT_FOUND as appropriate.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:52:01 -08:00
Roland McGrath
2c15826998 x86: vdso_install fix
The makefile magic for installing the 32-bit vdso images on disk had a
little error.  A single-line change would fix that bug, but this does a
little more to reduce the error-prone duplication of this bit of
makefile variable magic.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:50:09 -08:00
KOSAKI Motohiro
31f1de46b9 mempolicy: silently restrict nodemask to allowed nodes
Kosaki Motohito noted that "numactl --interleave=all ..." failed in the
presence of memoryless nodes.  This patch attempts to fix that problem.

Some background:

numactl --interleave=all calls set_mempolicy(2) with a fully populated
[out to MAXNUMNODES] nodemask.  set_mempolicy() [in do_set_mempolicy()]
calls contextualize_policy() which requires that the nodemask be a
subset of the current task's mems_allowed; else EINVAL will be returned.

A task's mems_allowed will always be a subset of node_states[N_HIGH_MEMORY]
i.e., nodes with memory.  So, a fully populated nodemask will be
declared invalid if it includes memoryless nodes.

  NOTE:  the same thing will occur when running in a cpuset
         with restricted mem_allowed--for the same reason:
         node mask contains dis-allowed nodes.

mbind(2), on the other hand, just masks off any nodes in the nodemask
that are not included in the caller's mems_allowed.

In each case [mbind() and set_mempolicy()], mpol_check_policy() will
complain [again, resulting in EINVAL] if the nodemask contains any
memoryless nodes.  This is somewhat redundant as mpol_new() will remove
memoryless nodes for interleave policy, as will bind_zonelist()--called
by mpol_new() for BIND policy.

Proposed fix:

1) modify contextualize_policy logic to:
   a) remember whether the incoming node mask is empty.
   b) if not, restrict the nodemask to allowed nodes, as is
      currently done in-line for mbind().  This guarantees
      that the resulting mask includes only nodes with memory.

      NOTE:  this is a [benign, IMO] change in behavior for
             set_mempolicy().  Dis-allowed nodes will be
             silently ignored, rather than returning an error.

   c) fold this code into mpol_check_policy(), replace 2 calls to
      contextualize_policy() to call mpol_check_policy() directly
      and remove contextualize_policy().

2) In existing mpol_check_policy() logic, after "contextualization":
   a) MPOL_DEFAULT:  require that in coming mask "was_empty"
   b) MPOL_{BIND|INTERLEAVE}:  require that contextualized nodemask
      contains at least one node.
   c) add a case for MPOL_PREFERRED:  if in coming was not empty
      and resulting mask IS empty, user specified invalid nodes.
      Return EINVAL.
   c) remove the now redundant check for memoryless nodes

3) remove the now redundant masking of policy nodes for interleave
   policy from mpol_new().

4) Now that mpol_check_policy() contextualizes the nodemask, remove
   the in-line nodes_and() from sys_mbind().  I believe that this
   restores mbind() to the behavior before the memoryless-nodes
   patch series.  E.g., we'll no longer treat an invalid nodemask
   with MPOL_PREFERRED as local allocation.

[ Patch history:

  v1 -> v2:
   - Communicate whether or not incoming node mask was empty to
     mpol_check_policy() for better error checking.
   - As suggested by David Rientjes, remove the now unused
     cpuset_nodes_subset_current_mems_allowed() from cpuset.h

  v2 -> v3:
   - As suggested by Kosaki Motohito, fold the "contextualization"
     of policy nodemask into mpol_check_policy().  Looks a little
     cleaner. ]

Signed-off-by:  Lee Schermerhorn <lee.schermerhorn@hp.com>
Signed-off-by:  KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by:      KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by:       David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:48:29 -08:00
Linus Torvalds
1a51008984 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] Fix build for sim_defconfig
2008-02-11 20:44:58 -08:00
Jonathan Corbet
900cf086fd Be more robust about bad arguments in get_user_pages()
So I spent a while pounding my head against my monitor trying to figure
out the vmsplice() vulnerability - how could a failure to check for
*read* access turn into a root exploit? It turns out that it's a buffer
overflow problem which is made easy by the way get_user_pages() is
coded.

In particular, "len" is a signed int, and it is only checked at the
*end* of a do {} while() loop.  So, if it is passed in as zero, the loop
will execute once and decrement len to -1.  At that point, the loop will
proceed until the next invalid address is found; in the process, it will
likely overflow the pages array passed in to get_user_pages().

I think that, if get_user_pages() has been asked to grab zero pages,
that's what it should do.  Thus this patch; it is, among other things,
enough to block the (already fixed) root exploit and any others which
might be lurking in similar code.  I also think that the number of pages
should be unsigned, but changing the prototype of this function probably
requires some more careful review.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:44:44 -08:00
Linus Torvalds
b1292b17dc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  mlx4_core: Fix build break (missing include)
2008-02-11 20:43:14 -08:00
Pekka Enberg
c76d118ecc Add Matt to MAINTAINERS as a SLAB allocator maintainer
Matt is already the maintainer of SLOB which is one of the "SLAB" allocators in
the kernel so add him to MAINTAINERS.

Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:42:49 -08:00
Linus Torvalds
a17b7a398d Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  sata_mv: platform driver allocs dma without create
  pata_ninja32: setup changes
  pata_legacy: typo fix
  pata_amd: Note in the module description it handles Nvidia
  sata_mv: fix loop with last port
  libata: ignore deverr on SETXFER if mode is configured
  pata_via: fix SATA cable detection on cx700
2008-02-11 20:42:11 -08:00
Andi Kleen
271cad6d7e Make topology fallback macros reference their arguments.
This avoids warnings with unreferenced variables in the !NUMA case.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 20:37:29 -08:00
Olof Johansson
29c271123d mlx4_core: Fix build break (missing include)
Commit 313abe55 ("mlx4_core: For 64-bit systems, vmap() kernel queue
buffers") caused this to pop up on powerpc allyesconfig, looks like a
missing include file:

    drivers/net/mlx4/alloc.c: In function 'mlx4_buf_alloc':
    drivers/net/mlx4/alloc.c:162: error: implicit declaration of function 'vmap'
    drivers/net/mlx4/alloc.c:162: error: 'VM_MAP' undeclared (first use in this function)
    drivers/net/mlx4/alloc.c:162: error: (Each undeclared identifier is reported only once
    drivers/net/mlx4/alloc.c:162: error: for each function it appears in.)
    drivers/net/mlx4/alloc.c:162: warning: assignment makes pointer from integer without a cast
    drivers/net/mlx4/alloc.c: In function 'mlx4_buf_free':
    drivers/net/mlx4/alloc.c:187: error: implicit declaration of function 'vunmap'

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-11 14:19:42 -08:00
Tony Luck
10d0aa3c0a [IA64] Fix build for sim_defconfig
Commit bdc807871d broke the build
for this config because the sim_defconfig selects CONFIG_HZ=250
but include/asm-ia64/param.h has an ifdef for the simulator to
force HZ to 32.  So we ended up with a kernel/timeconst.h set
for HZ=250 ... which then failed the check for the right HZ
value and died with:

Drop the #ifdef magic from param.h and make force CONFIG_HZ=32
directly for the simulator.

Signed-off-by: Tony Luck <tony.luck@intel.com>
2008-02-11 13:23:46 -08:00
Byron Bradley
fbf14e2f2d sata_mv: platform driver allocs dma without create
When the sata_mv driver is used as a platform driver,
mv_create_dma_pools() is never called so it fails when trying
to alloc in mv_pool_start().

Signed-off-by: Byron Bradley <byron.bbradley@gmail.com>
Acked-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:30:10 -05:00
Alan Cox
4194645079 pata_ninja32: setup changes
Forcibly set more of the configuration at init time. This seems to fix at
least one problem reported. We don't know what most of these bits do, but
we do know what windows stuffs there.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:30:07 -05:00
Alan Cox
8397248d46 pata_legacy: typo fix
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:30:06 -05:00
Alan Cox
c9544bcb4c pata_amd: Note in the module description it handles Nvidia
This has confused a few people so fix it

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:30:04 -05:00
Yinghai Lu
8f71efe25f sata_mv: fix loop with last port
commit f351b2d638
        sata_mv: Support SoC controllers

cause panic:

scsi 4:0:0:0: Direct-Access     ATA      HITACHI HDS7225S V44O PQ: 0 ANSI: 5
sd 4:0:0:0: [sde] 488390625 512-byte hardware sectors (250056 MB)
sd 4:0:0:0: [sde] Write Protect is off
sd 4:0:0:0: [sde] Mode Sense: 00 3a 00 00
sd 4:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 4:0:0:0: [sde] 488390625 512-byte hardware sectors (250056 MB)
sd 4:0:0:0: [sde] Write Protect is off
sd 4:0:0:0: [sde] Mode Sense: 00 3a 00 00
sd 4:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
 sde:<1>BUG: unable to handle kernel NULL pointer dereference at 000000000000001a
IP: [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc
PGD 0
Oops: 0000 [1] SMP
CPU 3
Modules linked in:
Pid: 0, comm: swapper Not tainted 2.6.24-smp-08636-g0afc2ed-dirty #26
RIP: 0010:[<ffffffff806262c7>]  [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc
RSP: 0000:ffff8102050bbec8  EFLAGS: 00010297
RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000003
RDX: 0000000000008000 RSI: 0000000000000286 RDI: ffff8102035180e0
RBP: 0000000000000001 R08: 0000000000000003 R09: ffff8102036613e0
R10: 0000000000000002 R11: ffffffff8061474c R12: ffff8102035bf828
R13: 0000000000000008 R14: ffff81020348ece8 R15: ffffc20002cb2000
FS:  0000000000000000(0000) GS:ffff810405025700(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 000000000000001a CR3: 0000000000201000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff810405094000, task ffff8102050b28c0)
Stack:  000000010000000c 0002040000220400 0000001100000002 ffff81020348eda8
 0000000000000001 ffff8102035f2cc0 0000000000000000 0000000000000000
 0000000000000018 0000000000000000 0000000000000000 ffffffff80269ee8
Call Trace:
 <IRQ>  [<ffffffff80269ee8>] ? handle_IRQ_event+0x25/0x53
 [<ffffffff8026b393>] ? handle_fasteoi_irq+0x90/0xc8
 [<ffffffff802218e2>] ? do_IRQ+0xf1/0x15f
 [<ffffffff8021df24>] ? default_idle+0x0/0x55
 [<ffffffff8021f361>] ? ret_from_intr+0x0/0xa
 <EOI>  [<ffffffff8023010c>] ? lapic_next_event+0x0/0xa
 [<ffffffff8021df55>] ? default_idle+0x31/0x55
 [<ffffffff8021df50>] ? default_idle+0x2c/0x55
 [<ffffffff8021df24>] ? default_idle+0x0/0x55
 [<ffffffff8021e00b>] ? cpu_idle+0x92/0xb8

Code: 41 14 85 c0 89 44 24 14 0f 84 9d 02 00 00 f7 d0 01 d6 41 89 d5 89 41 14 8b 41 14 89 34 24 e9 7e 02 00 00 49 63 c5 49 8b 5c c6 48 <f6> 43 1a 80 4c 8b a3 20 37 00 00 0f 85 62 02 00 00 31 c9 41 83
RIP  [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc
 RSP <ffff8102050bbec8>
CR2: 000000000000001a
---[ end trace 2583b5f7a5350584 ]---
Kernel panic - not syncing: Aiee, killing interrupt handler!

last_port already include port0 base.
this patch change use last_port directly, and move pp assignment later.

Signed-off-by: Yinghai Lu <yinghai.lu@sun.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:30:01 -05:00
Tejun Heo
4055dee7f5 libata: ignore deverr on SETXFER if mode is configured
Some controllers (VIA CX700) raise device error on SETXFER even after
mode configuration succeeded.  Update ata_dev_set_mode() such that
device error is ignored if transfer mode is configured correctly.  To
implement this, device is revalidated even after device error on
SETXFER.

This fixes kernel bugzilla bug 8563.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:29:47 -05:00
Tejun Heo
7585eb1b7c pata_via: fix SATA cable detection on cx700
The first port of cx700 is SATA.  Fix cable detection.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 14:29:42 -05:00
Thomas Gleixner
81772fea41 x86: remove over noisy debug printk
pageattr-test.c contains a noisy debug printk that people reported.
The condition under which it prints (randomly tapping into a mem_map[]
hole and not being able to c_p_a() there) is valid behavior and not
interesting to report.

Remove it.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 11:24:24 -08:00
Linus Torvalds
cc13e44295 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild:
  kbuild: fix make V=1
2008-02-11 09:22:23 -08:00
Linus Torvalds
0faa908803 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  selinux: support 64-bit capabilities
2008-02-11 09:21:26 -08:00
Andi Kleen
1f07e98829 Prevent IDE boot ops on NUMA system
Without this patch a Opteron test system here oopses at boot with
current git.

Calling to_pci_dev() on a NULL pointer gives a negative value so the
following NULL pointer check never triggers and then an illegal address
is referenced.  Check the unadjusted original device pointer for NULL
instead.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 09:20:50 -08:00
Linus Torvalds
0c0d61ca93 Merge branch 'for-linus' of git://linux-nfs.org/~bfields/linux
* 'for-linus' of git://linux-nfs.org/~bfields/linux:
  SUNPRC: Fix printk format warning
  nfsd: clean up svc_reserve_auth()
  NLM: don't requeue block if it was invalidated while GRANT_MSG was in flight
  NLM: don't reattempt GRANT_MSG when there is already an RPC in flight
  NLM: have server-side RPC clients default to soft RPC tasks
  NLM: set RPC_CLNT_CREATE_NOPING for NLM RPC clients
2008-02-11 09:19:47 -08:00
Linus Torvalds
eedcdefb1a Merge git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
  ide: remove stale comment from ide-lib.c
  ide: fix comment in init_irq()
  ide: ide_init_port() bugfix
  ide-disk: fix flush requests (take 2)
  ide: introduce CONFIG_BLK_DEV_IDEDMA_SFF option
  bast-ide: build fix
  ide-tape: remove never executed code
  ide: fix ide/legacy/gayle.c compilation
  ide-cd: replace ntohs with generic byteorder macro be16_to_cpu
  ide: remove stale version number
  pdc202xx_old: always enable burst mode
  palm_bk3710: use struct ide_port_info
  palm_bk3710: port initialization/probing bugfix
  palm_bk3710: fix ide_unregister() usage
  palm_bk3710: ide_register_hw() -> ide_device_add()
  ide: insert BUG_ON() into __ide_set_handler() (take 2)
  cs5520: remove stale comment
  ide: another possible ide panic fix for blk-end-request
2008-02-11 09:19:22 -08:00
Sam Ravnborg
fab1e310d3 kbuild: fix make V=1
When make -s support were added to filechk to
combination created with make V=1 were not
covered.
Fix it by explicitly cover this case too.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Mike Frysinger <vapier@gentoo.org>
2008-02-11 17:43:54 +01:00
Adrian Bunk
651be3a2ba net/phy/fixed.c: fix a use-after-free
This patch fixes a use-after-free introduced by
commit a79d8e93d3 and spotted by the
Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:15:36 -05:00
Sergio Luis
d785ad7464 drivers/net/sis190: fix section mismatch warning in sis190_get_mac_addr
Fix following warnings:
WARNING: drivers/net/sis190.o(.text+0x103): Section mismatch in reference from the function sis190_get_mac_addr() to the function .devinit.text:sis190_get_mac_addr_from_apc()
WARNING: drivers/net/sis190.o(.text+0x10e): Section mismatch in reference from the function sis190_get_mac_addr() to the function .devinit.text:sis190_get_mac_addr_from_eeprom()

Annotate sis190_get_mac_addr() with __devinit.

Signed-off-by: Sergio Luis <sergio@uece.br>

 sis190.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:15:35 -05:00
Matthew Wilcox
9585ca02f8 Use proper abstractions in quirk_intel_irqbalance
Since we may not have a pci_dev for the device we need to access, we can't
use pci_read_config_word.  But raw_pci_read is an internal implementation
detail; it's better to use the architected pci_bus_read_config_word
interface.  Using PCI_DEVFN instead of a mysterious constant helps
reassure everyone that we really do intend to access device 8.

[ Thanks to Grant Grundler for pointing out to me that this is exactly
  what the write immediately above this is doing -- enabling device 8 to
  respond to config space cycles.
					- Matthew

  Grant also says:

	"Can you also add a comment which points at the Intel
	 documentation?

	 The 'Intel E7320 Memory Controller Hub (MCH) Datasheet' at

	  http://download.intel.com/design/chipsets/datashts/30300702.pdf

	 Page 69 documents register F4h (DEVPRES1).

	 And I just doubled checked that the 0xf4 register value is
	 restored later in the quirk (obvious when you look at the code
	 but not from the patch"

  so here it is.
					 - Linus ]

Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
Acked-by: Grant Grundler <grundler@parisc-linux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-11 08:15:03 -08:00
Peter Tiedemann
f33780d33f claw/lcs/netiucv: check s390dbf level before sprints
additional check of s390dbf level results in better performance
if the default low debugging level is active.

Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:14:50 -05:00
Peter Tiedemann
164b0fb1f2 lcs: avoid/reduce unused s390dbf debug areas.
Since lcs makes use of 1 debug area only, the number of debug areas
is reduced, while the number of pages per area is increased.

Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:14:49 -05:00
Ursula Braun
21b26f2fee netiucv: change name of nop function
Dummy NOP actions for fsm-statemachines have to be defined
separately for every using module of fsm-statemachines.
Thus the generic name fsm_action_nop is replaced by
module specific name netiucv_action_nop.

Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:14:48 -05:00
Cornelia Huck
2219510f08 netiucv: Remember to set driver->owner.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:14:47 -05:00
Ursula Braun
2cde1f30b3 claw: removal of volatile variables
Volatile variables queme_switch and pk_delay are not used anyway.
They are just a left over from an unused timer based packing logic.

Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:14:46 -05:00
Ayaz Abdulla
5289b4c41f forcedeth: tx pause watermarks
New chipsets introduced variant Rx FIFO sizes that need to be taken into
account when setting up the tx pause watermarks. This patch introduces
the new device feature flags based on a version and implements the new
watermarks.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:13:47 -05:00
Ayaz Abdulla
fd9b558c62 forcedeth: tx collision fix
This patch supports a new fix in hardware regarding tx collisions. In
the cases where we are in autoneg mode and the link partner is in forced
mode, we need to setup the tx deferral register differently in order to
reduce collisions on the wire.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:13:43 -05:00
Steve Wise
4eb61e0231 cxgb3: Handle ARP completions that mark neighbors stale.
When ARP completes due to a request rather than a reply the neighbor is
marked NUD_STALE instead of reachable (see arp_process()).  The handler
for the resulting netevent needs to check also for NUD_STALE.

Failure to use the arp entry can cause RDMA connection failures.

Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Acked-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:09:17 -05:00
Jeff Garzik
6585b4a71f Merge branch 'r6040' of git://git.kernel.org/pub/scm/linux/kernel/git/romieu/netdev-2.6 into upstream-fixes 2008-02-11 11:07:34 -05:00
Ben Dooks
179c743ff1 DM9000: Show the MAC address source after printing MAC
Show whether the MAC address was read from the EEPROM or
the onboard PAR registers.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-02-11 11:06:37 -05:00