summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ocfs2: Allow smaller allocations during large writesMark Fasheh2007-09-215-14/+36
| | | | | | | | | | | | | | | | | | | | | | | | The ocfs2 write code loops through a page much like the block code, except that ocfs2 allocation units can be any size, including larger than page size. Typically it's equal to or larger than page size - most kernels run 4k pages, the minimum ocfs2 allocation (cluster) size. Some changes introduced during 2.6.23 changed the way writes to pages are handled, and inadvertantly broke support for > 4k page size. Instead of just writing one cluster at a time, we now handle the whole page in one pass. This means that multiple (small) seperate allocations might happen in the same pass. The allocation code howver typically optimizes by getting the maximum which was reserved. This triggered a BUG_ON in the extend code where it'd ask for a single bit (for one part of a > 4k page) and get back more than it asked for. Fix this by providing a variant of the high level allocation function which allows the caller to specify a maximum. The traditional function remains and just calls the new one with a maximum determined from the initial reservation. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
* Fix CRLF line endings in Documentation/input/iforce-protocol.txtLinus Torvalds2007-09-201-254/+254
| | | | | | | | | | | | | | | | | | Emil Medve points out that this documentation file uses CRLF line endings, which means that if you use [core] autocrlf=input (which makes sense if you ever develop under Windows, for example, or if you use other broken tools) in your git config, git will always complain about the file being dirty. This removes the bogus DOS line endings, and removes whitespace at the end of line. Cc: Emil Medve <Emilian.Medve@Freescale.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [x86 setup] Fix typo in arch/i386/boot/header.SPaul Bolle2007-09-201-1/+1
| | | | | | | | There's an obvious typo in arch/i386/boot/header.S (in your linux-2.6-x86setup.git) that I noticed by just studying the code. Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* [acpi] Correct the decoding of video mode numbers in wakeup.SH. Peter Anvin2007-09-202-65/+23
| | | | | | | | | | | | | | | wakeup.S looks at the video mode number from the setup header and looks to see if it is a VESA mode. Unfortunately, the decoding is done incorrectly and it will attempt to frob the VESA BIOS for any mode number 0x0200 or larger. Correct this, and remove a bunch of #if 0'd code. Massive thanks to Jeff Chua for reporting the bug, and suffering though a large number of experiments in order to track this problem down. Cc: Pavel Machek <pavel@ucw.cz> Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* [x86 setup] Present the canonical video mode number to the kernelH. Peter Anvin2007-09-201-4/+10
| | | | | | | | | Canonicalize the video mode number as presented to the kernel. The video mode number may be user-entered (e.g. ASK_VGA), an alias (e.g. NORMAL_VGA), or a size specification, and that confuses the suspend wakeup code. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* Linux 2.6.23-rc7v2.6.23-rc7Linus Torvalds2007-09-201-2/+2
|
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds2007-09-204-10/+72
|\ | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: sched: fix invalid sched_class use sched: add /proc/sys/kernel/sched_compat_yield
| * sched: fix invalid sched_class useHiroshi Shimamoto2007-09-191-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using rt_mutex, a NULL pointer dereference is occurred at enqueue_task_rt. Here is a scenario; 1) there are two threads, the thread A is fair_sched_class and thread B is rt_sched_class. 2) Thread A is boosted up to rt_sched_class, because the thread A has a rt_mutex lock and the thread B is waiting the lock. 3) At this time, when thread A create a new thread C, the thread C has a rt_sched_class. 4) When doing wake_up_new_task() for the thread C, the priority of the thread C is out of the RT priority range, because the normal priority of thread A is not the RT priority. It makes data corruption by overflowing the rt_prio_array. The new thread C should be fair_sched_class. The new thread should be valid scheduler class before queuing. This patch fixes to set the suitable scheduler class. Signed-off-by: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
| * sched: add /proc/sys/kernel/sched_compat_yieldIngo Molnar2007-09-194-10/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add /proc/sys/kernel/sched_compat_yield to make sys_sched_yield() more agressive, by moving the yielding task to the last position in the rbtree. with sched_compat_yield=0: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2539 mingo 20 0 1576 252 204 R 50 0.0 0:02.03 loop_yield 2541 mingo 20 0 1576 244 196 R 50 0.0 0:02.05 loop with sched_compat_yield=1: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2584 mingo 20 0 1576 248 196 R 99 0.0 0:52.45 loop 2582 mingo 20 0 1576 256 204 R 0 0.0 0:00.00 loop_yield Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
* | SELinux: fix array out of bounds when mounting with selinux optionsEric Paris2007-09-201-0/+2
|/ | | | | | | | | | | | Given an illegal selinux option it was possible for match_token to work in random memory at the end of the match_table_t array. Note that privilege is required to perform a context mount, so this issue is effectively limited to root only. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds2007-09-193-4/+6
|\ | | | | | | | | | | * 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] cpu-bugs64.c: GCC 3.3 constraint workaround [MIPS] DEC: Initialise ioasic_ssr_lock
| * [MIPS] cpu-bugs64.c: GCC 3.3 constraint workaroundMaciej W. Rozycki2007-09-192-3/+5
| | | | | | | | | | | | | | | | Add a workaround to address warnings generated on the "n" constraint by GCC 3.3 and below. Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * [MIPS] DEC: Initialise ioasic_ssr_lockMaciej W. Rozycki2007-09-191-1/+1
| | | | | | | | | | | | | | | | Fix the definition of the ioasic_ssr_lock spinlock to include a proper initialisation. Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/mchehab/v4l-dvbLinus Torvalds2007-09-191-10/+10
|\ \ | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/mchehab/v4l-dvb: V4L/DVB (6173a): Documentation: Remove reference to dead "cpia_pp=" boot-time option Revert "V4L/DVB (6173a): Documentation: Remove reference to dead "cpia_pp=" boot-time option"
| * | V4L/DVB (6173a): Documentation: Remove reference to dead "cpia_pp=" ↵Robert P. J. Day2007-09-181-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | boot-time option Since this boot-time option was removed in commit 9ab7e323af9f9efad3e20a14faa4d947adfac381, delete the reference to it. Signed-off-by: Robert P. J. Day <rpjday@mindspring.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
| * | Revert "V4L/DVB (6173a): Documentation: Remove reference to dead "cpia_pp=" ↵Mauro Carvalho Chehab2007-09-181-10/+13
| |/ | | | | | | | | | | | | | | | | | | boot-time option" This reverts commit 4730d3af625b532e3df5f091b5c8edb08f512fbf. Unfortunately, patch got mangled by a whitespace removal script. Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
* | Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6Linus Torvalds2007-09-199-62/+101
|\ \ | | | | | | | | | | | | | | | | | | * 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6: [XFS] Avoid replaying inode buffer initialisation log items if on-disk version is newer. [XFS] Ensure file size updates have been completed before writing inode to disk. [XFS] On-demand reaping of the MRU cache
| * | [XFS] Avoid replaying inode buffer initialisation log items if on-disk ↵Lachlan McIlroy2007-09-183-3/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | version is newer. SGI-PV: 969656 SGI-Modid: xfs-linux-melb:xfs-kern:29676a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Tim Shimmin <tes@sgi.com>
| * | [XFS] Ensure file size updates have been completed before writing inode to disk.Lachlan McIlroy2007-09-183-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | SGI-PV: 968767 SGI-Modid: xfs-linux-melb:xfs-kern:29675a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Tim Shimmin <tes@sgi.com>
| * | [XFS] On-demand reaping of the MRU cacheDavid Chinner2007-09-173-50/+31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of running the mru cache reaper all the time based on a timeout, we should only run it when the cache has active objects. This allows CPUs to sleep when there is no activity rather than be woken repeatedly just to check if there is anything to do. SGI-PV: 968554 SGI-Modid: xfs-linux-melb:xfs-kern:29305a Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Donald Douwsma <donaldd@sgi.com> Signed-off-by: Tim Shimmin <tes@sgi.com>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds2007-09-191-65/+42
|\ \ | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SUNSAB]: Fix several bugs.
| * | [SUNSAB]: Fix several bugs.Al Viro2007-09-181-65/+42
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * don't register irq until ->startup() (and release in ->shutdown()). That avoids oopsen with the current tree when interrupt comes before we'd set up the data structures for ttyb. * handle console=ttyS... even when OBP talks to screen/keyboard * register irq handler for each port, let kernel/irq/handle.c call it for both if needed. Kills code duplication in sunsab_interrupt(). BTW, there'd been bitrot in it - ttya handling had stopped calling check_status() on BRK (correctly), ttyb copy of that code had kept the bogus call in that case. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6Linus Torvalds2007-09-192-2/+1
|\ \ | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6: ide: remove unused variables from drivers/ide/ppc/pmac.c ide: ST320413A has the same problem as ST340823A
| * | ide: remove unused variables from drivers/ide/ppc/pmac.cStephen Rothwell2007-09-171-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes these warnings: /home/sfr/kernels/linus/drivers/ide/ppc/pmac.c: In function 'pmac_ide_dma_check': /home/sfr/kernels/linus/drivers/ide/ppc/pmac.c:1807: warning: unused variable 'map' /home/sfr/kernels/linus/drivers/ide/ppc/pmac.c:1805: warning: unused variable 'pmif' Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Cc: paulus@samba.org Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
| * | ide: ST320413A has the same problem as ST340823AJorge Juan Chico2007-09-171-0/+1
| |/ | | | | | | | | | | | | | | ST320413A has the same problem as ST340823A. Please see https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/26119 From: "Jorge Juan Chico" <jjchico@gmail.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* | Merge branch 'merge' of ↵Linus Torvalds2007-09-194-5/+24
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: [POWERPC] Fix timekeeping on PowerPC 601 [POWERPC] Don't expose clock vDSO functions when CPU has no timebase [POWERPC] spusched: Fix null pointer dereference in find_victim
| * | [POWERPC] Fix timekeeping on PowerPC 601Benjamin Herrenschmidt2007-09-192-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recent changes to the timekeeping code broke support for the PowerPC 601 processor which doesn't have the usual timebase facility but a slightly different thing called (yuck) the RTC. This fixes it, boot tested on an old 601 based PowerMac 7200. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
| * | [POWERPC] Don't expose clock vDSO functions when CPU has no timebaseBenjamin Herrenschmidt2007-09-191-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We forgot to remove the clock_gettime, clock_getres and get_tbfreq vDSO calls on CPUs that have no timebase such as 601 or 403 (old CPUs that have different mechanisms and for which the vDSO code will not work properly). This fixes it. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
| * | [POWERPC] spusched: Fix null pointer dereference in find_victimChristoph Hellwig2007-09-191-2/+2
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | find_victim can dereference a NULL pointer when iterating over the list of victim spus because list_mutex only guarantees spu->ct to be stable, but of course not to be non-NULL. Also fix find_victim to not call spu_unbind_context without list_mutex because that violates the above guarantee. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
* | x86-64: page faults from user mode are always user faultsLinus Torvalds2007-09-191-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Randy Dunlap noticed an interesting "crashme" behaviour on his dual Prescott Xeon setup, where he gets page faults with the error code having a zero "user" bit, but the register state points back to user mode. This may be a CPU microcode buglet triggered by some strange instruction pattern that crashme generates, and loading a microcode update seems to possibly have fixed it. Regardless, we really should trust the register state more than the error code, since it's really the register state that determines whether we can actually send a signal, or whether we're in kernel mode and need to oops/kill the process in the case of a page fault. Cc: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Driver core: fix deprectated sysfs structure for nested class devicesDmitry Torokhov2007-09-191-6/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Nested class devices used to have 'device' symlink point to a real (physical) device instead of a parent class device. When converting subsystems to struct device we need to keep doing what class devices did if CONFIG_SYSFS_DEPRECATED is Y, otherwise parts of udev break. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Kay Sievers <kay.sievers@vrfy.org> Acked-by: Greg KH <greg@kroah.com> Tested-by: Anssi Hannula <anssi.hannula@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | uml: fix irqstack crashJeff Dike2007-09-193-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a crash caused by an interrupt coming in when an IRQ stack is being torn down. When this happens, handle_signal will loop, setting up the IRQ stack again because the tearing down had finished, and handling whatever signals had come in. However, to_irq_stack returns a mask of pending signals to be handled, plus bit zero is set if the IRQ stack was already active, and thus shouldn't be torn down. This causes a problem because when handle_signal goes around the loop, sig will be zero, and to_irq_stack will duly set bit zero in the returned mask, faking handle_signal into believing that it shouldn't tear down the IRQ stack and return thread_info pointers back to their original values. This will eventually cause a crash, as the IRQ stack thread_info will continue pointing to the original task_struct and an interrupt will look into it after it has been freed. The fix is to stop passing a signal number into to_irq_stack. Rather, the pending signals mask is initialized beforehand with the bit for sig already set. References to sig in to_irq_stack can be replaced with references to the mask. [akpm@linux-foundation.org: use UL] Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Fix NUMA Memory Policy Reference CountingLee Schermerhorn2007-09-193-12/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch proposes fixes to the reference counting of memory policy in the page allocation paths and in show_numa_map(). Extracted from my "Memory Policy Cleanups and Enhancements" series as stand-alone. Shared policy lookup [shmem] has always added a reference to the policy, but this was never unrefed after page allocation or after formatting the numa map data. Default system policy should not require additional ref counting, nor should the current task's task policy. However, show_numa_map() calls get_vma_policy() to examine what may be [likely is] another task's policy. The latter case needs protection against freeing of the policy. This patch adds a reference count to a mempolicy returned by get_vma_policy() when the policy is a vma policy or another task's mempolicy. Again, shared policy is already reference counted on lookup. A matching "unref" [__mpol_free()] is performed in alloc_page_vma() for shared and vma policies, and in show_numa_map() for shared and another task's mempolicy. We can call __mpol_free() directly, saving an admittedly inexpensive inline NULL test, because we know we have a non-NULL policy. Handling policy ref counts for hugepages is a bit trickier. huge_zonelist() returns a zone list that might come from a shared or vma 'BIND policy. In this case, we should hold the reference until after the huge page allocation in dequeue_hugepage(). The patch modifies huge_zonelist() to return a pointer to the mempolicy if it needs to be unref'd after allocation. Kernel Build [16cpu, 32GB, ia64] - average of 10 runs: w/o patch w/ refcount patch Avg Std Devn Avg Std Devn Real: 100.59 0.38 100.63 0.43 User: 1209.60 0.37 1209.91 0.31 System: 81.52 0.42 81.64 0.34 Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com> Acked-by: Andi Kleen <ak@suse.de> Cc: Christoph Lameter <clameter@sgi.com> Acked-by: Mel Gorman <mel@csn.ul.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Fix user namespace exiting OOPsPavel Emelyanov2007-09-193-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turned out, that the user namespace is released during the do_exit() in exit_task_namespaces(), but the struct user_struct is released only during the put_task_struct(), i.e. MUCH later. On debug kernels with poisoned slabs this will cause the oops in uid_hash_remove() because the head of the chain, which resides inside the struct user_namespace, will be already freed and poisoned. Since the uid hash itself is required only when someone can search it, i.e. when the namespace is alive, we can safely unhash all the user_struct-s from it during the namespace exiting. The subsequent free_uid() will complete the user_struct destruction. For example simple program #include <sched.h> char stack[2 * 1024 * 1024]; int f(void *foo) { return 0; } int main(void) { clone(f, stack + 1 * 1024 * 1024, 0x10000000, 0); return 0; } run on kernel with CONFIG_USER_NS turned on will oops the kernel immediately. This was spotted during OpenVZ kernel testing. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Acked-by: "Serge E. Hallyn" <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Convert uid hash to hlistPavel Emelyanov2007-09-194-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | Surprisingly, but (spotted by Alexey Dobriyan) the uid hash still uses list_heads, thus occupying twice as much place as it could. Convert it to hlist_heads. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | kernel/user.c: Use list_for_each_entry instead of list_for_eachMatthias Kaehlcke2007-09-191-6/+2
| | | | | | | | | | | | | | | | | | kernel/user.c: Convert list_for_each to list_for_each_entry in uid_hash_find() Signed-off-by: Matthias Kaehlcke <matthias.kaehlcke@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | ext34: ensure do_split leaves enough free space in both blocksEric Sandeen2007-09-192-8/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The do_split() function for htree dir blocks is intended to split a leaf block to make room for a new entry. It sorts the entries in the original block by hash value, then moves the last half of the entries to the new block - without accounting for how much space this actually moves. (IOW, it moves half of the entry *count* not half of the entry *space*). If by chance we have both large & small entries, and we move only the smallest entries, and we have a large new entry to insert, we may not have created enough space for it. The patch below stores each record size when calculating the dx_map, and then walks the hash-sorted dx_map, calculating how many entries must be moved to more evenly split the existing entries between the old block and the new block, guaranteeing enough space for the new entry. The dx_map "offs" member is reduced to u16 so that the overall map size does not change - it is temporarily stored at the end of the new block, and if it grows too large it may be overwritten. By making offs and size both u16, we won't grow the map size. Also add a few comments to the functions involved. This fixes the testcase reported by hooanon05@yahoo.co.jp on the linux-ext4 list, "ext3 dir_index causes an error" Thanks to Andreas Dilger for discussing the problem & solution with me. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Andreas Dilger <adilger@clusterfs.com> Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp> Cc: Theodore Ts'o <tytso@mit.edu> Cc: <linux-ext4@vger.kernel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | disable sys_timerfd() for 2.6.23Andrew Morton2007-09-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is still some confusion and disagreement over what this interface should actually do. So it is best that we disable it in 2.6.23 until we get that fully sorted out. (sys_timerfd() was present in 2.6.22 but it was apparently broken, so here we assume that nobody is using it yet). Cc: Michael Kerrisk <mtk-manpages@gmx.net> Cc: Davide Libenzi <davidel@xmailserver.org> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | nfs: fix oops re sysctls and V4 supportAlexey Dobriyan2007-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NFS unregisters sysctls only if V4 support is compiled in. However, sysctl table is not V4 specific, so unregister it always. Steps to reproduce: [build nfs.ko with CONFIG_NFS_V4=n] modrobe nfs rmmod nfs ls /proc/sys Unable to handle kernel paging request at ffffffff880661c0 RIP: [<ffffffff802af8e3>] proc_sys_readdir+0xd3/0x350 PGD 203067 PUD 207063 PMD 7e216067 PTE 0 Oops: 0000 [1] SMP CPU 1 Modules linked in: lockd nfs_acl sunrpc Pid: 3335, comm: ls Not tainted 2.6.23-rc3-bloat #2 RIP: 0010:[<ffffffff802af8e3>] [<ffffffff802af8e3>] proc_sys_readdir+0xd3/0x350 RSP: 0018:ffff81007fd93e78 EFLAGS: 00010286 RAX: ffffffff880661c0 RBX: ffffffff80466370 RCX: ffffffff880661c0 RDX: 00000000000014c0 RSI: ffff81007f3ad020 RDI: ffff81007efd8b40 RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff802a8570 R12: ffffffff880661c0 R13: ffff81007e219640 R14: ffff81007efd8b40 R15: ffff81007ded7280 FS: 00002ba25ef03060(0000) GS:ffff81007ff81258(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffffffff880661c0 CR3: 000000007dfaf000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process ls (pid: 3335, threadinfo ffff81007fd92000, task ffff81007d8a0000) Stack: ffff81007f3ad150 ffffffff80283f30 ffff81007fd93f48 ffff81007efd8b40 ffff81007ee00440 0000000422222222 0000000200035593 ffffffff88037e9a 2222222222222222 ffffffff80466500 ffff81007e416400 ffff81007e219640 Call Trace: [<ffffffff80283f30>] filldir+0x0/0xf0 [<ffffffff80283f30>] filldir+0x0/0xf0 [<ffffffff802840c7>] vfs_readdir+0xa7/0xc0 [<ffffffff80284376>] sys_getdents+0x96/0xe0 [<ffffffff8020bb3e>] system_call+0x7e/0x83 Code: 41 8b 14 24 85 d2 74 dc 49 8b 44 24 08 48 85 c0 74 e7 49 3b RIP [<ffffffff802af8e3>] proc_sys_readdir+0xd3/0x350 RSP <ffff81007fd93e78> CR2: ffffffff880661c0 Kernel panic - not syncing: Fatal exception Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | dir_index: error out instead of BUG on corrupt dx dirsEric Sandeen2007-09-192-8/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | Convert asserts (BUGs) in dx_probe from bad on-disk data to recoverable errors with helpful warnings. With help catching other asserts from Duane Griffin <duaneg@dghda.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Acked-by: Duane Griffin <duaneg@dghda.com> Acked-by: Theodore Ts'o <tytso@mit.edu> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | intel-agp: Fix i830 mask variable that changed with G33 supportDave Airlie2007-09-192-2/+3
| | | | | | | | | | | | | | | | | | | | The mask on i830 should be 0x70 always, later chips 0xF0 should be okay. Signed-off-by: Dave Airlie <airlied@linux.ie> Acked-by: Zhenyu Wang <zhenyu.z.wang@intel.com> Cc: Michael Haas <laga@laga.ath.cx> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | intelfb: Fix bug in DPLL disableAntonino A. Daplas2007-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | Reported in Kernel Bugzilla 9006 Fix an obvious bug in DPLL disable. Signed-off-by: Antonino Daplas <adaplas@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | xen: don't bother trying to set cr4Jeremy Fitzhardinge2007-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | Xen ignores all updates to cr4, and some versions will kill the domain if you try to change its value. Just ignore all changes. Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | pci: fix unterminated pci_device_id listsKees Cook2007-09-193-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a couple drivers that do not correctly terminate their pci_device_id lists. This results in garbage being spewed into modules.pcimap when the module happens to not have 28 NULL bytes following the table, and/or the last PCI ID is actually truncated from the table when calculating the modules.alias PCI aliases, cause those unfortunate device IDs to not auto-load. Signed-off-by: Kees Cook <kees@ubuntu.com> Acked-by: Corey Minyard <minyard@acm.org> Cc: David Woodhouse <dwmw2@infradead.org> Acked-by: Jeff Garzik <jeff@garzik.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | mspec: handle shrinking virtual memory areasCliff Wickman2007-09-191-21/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The shrinking of a virtual memory area that is mmap(2)'d to a memory special file (device drivers/char/mspec.c) can cause a panic. If the mapped size of the vma (vm_area_struct) is very large, mspec allocates a large vma_data structure with vmalloc(). But such a vma can be shrunk by an munmap(2). The current driver uses the current size of each vma to deduce whether its vma_data structure was allocated by kmalloc() or vmalloc(). So if the vma was shrunk it appears to have been allocated by kmalloc(), and mspec attempts to free it with kfree(). This results in a panic. This patch avoids the panic (by preserving the type of the allocation) and also makes mspec work correctly as the vma is split into pieces by the munmap(2)'s. All vma's derived from such a split vma share the same vma_data structure that represents all the pages mapped into this set of vma's. The mpec driver must be made capable of using the right portion of the structure for each member vma. In other words, it must index into the array of page addresses using the portion of the array that represents the current vma. This is enabled by storing the vma group's vm_start in the vma_data structure. The shared vma_data's are not protected by mm->mmap_sem in the fork() case so the reference count is left as atomic_t. Signed-off-by: Cliff Wickman <cpw@sgi.com> Acked-by: Jes Sorensen <jes@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | rtc: rtc-ds1553.c should use resource_size_t for base addressAtsushi Nemoto2007-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Currently the rtc driver, rtc-ds1552.c uses an unsigned long to store the base mmio address of the NVRAM/RTC. This breaks on 32-bit systems with larger physical addresses. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: David Brownell <david-b@pacbell.net> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | rtc-ds1742.c should use resource_size_t for base addressDavid Gibson2007-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the rtc driver, rtc-ds1742.c uses an unsigned long to store the base mmio address of the NVRAM/RTC. This breaks on systems like PowerPC 440, which is a 32-bit core with 36-bit physical addresses: IO on the system, including the RTC, is typically above the 4GB point, and cannot fit into an unsigned long. This patch fixes the problem by replacing the unsigned long with a resource_size_t. Tested on Ebony (PPC440) (with additional patches to instantiate the ds1742 platform device appropriately). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: Alessandro Zummo <a.zummo@towertech.it> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Fix UTS corruption during clone(CLONE_NEWUTS)Alexey Dobriyan2007-09-191-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | struct utsname is copied from master one without any exclusion. Here is sample output from one proggie doing sethostname("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); sethostname("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"); and another clone(,, CLONE_NEWUTS, ...) uname() hostname = 'aaaaaaaaaaaaaaaaaaaaaaaaabbbbb' hostname = 'bbbaaaaaaaaaaaaaaaaaaaaaaaaaaa' hostname = 'aaaaaaaabbbbbbbbbbbbbbbbbbbbbb' hostname = 'aaaaaaaaaaaaaaaaaaaaaaaaaabbbb' hostname = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaabb' hostname = 'aaabbbbbbbbbbbbbbbbbbbbbbbbbbb' hostname = 'bbbbbbbbbbbbbbbbaaaaaaaaaaaaaa' Hostname is sometimes corrupted. Yes, even _the_ simplest namespace activity had bug in it. :-( Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Fix failure to resume from initrdsNigel Cunningham2007-09-191-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 831441862956fffa17b9801db37e6ea1650b0f69 (Freezer: make kernel threads nonfreezable by default) breaks freezing when attempting to resume from an initrd, because the init (which is freezeable) spins while waiting for another thread to run /linuxrc, but doesn't check whether it has been told to enter the refrigerator. The original patch replaced a call to try_to_freeze() with a call to yield(). I believe a simple reversion is wrong because if !CONFIG_PM_SLEEP, try_to_freeze() is a noop. It should still yield. Signed-off-by: Nigel Cunningham <nigel@nigel.suspend2.net> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | uml: use correct type in BLKGETSIZE ioctlNicolas George2007-09-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I found a type mismatch in UML that makes host block devices unusable as ubd devices on x86_64 and other 64 bits systems (segfault of the mm subsystem): In block/ioctl.c, the following lines show that the BLKGETSIZE ioctl expects a pointer to a long: case BLKGETSIZE: if ((bdev->bd_inode->i_size >> 9) > ~0UL) return -EFBIG; return put_ulong(arg, bdev->bd_inode->i_size >> 9); In arch/um/os-Linux/file.c, os_file_size calls it with an int. The ioctl_list man page should be fixed as well. Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>