Running a probe on s390 with a probe address that is not 4 byte aligned
results in a Kernel BUG. The problem is that the stura instruction used
by swap_instruction requires the destination address to be 4 byte aligned.
As stura only writes 4 bytes, aligning to the next 4 byte aligned address
results in the breakpoint instruction being stored past the probe address.
The fix is to align the address backward (to the previous 4 byte aligned
address) and writing the two byte breakpoint instruction in the appropriate
bytes.
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
git commit f994aae1bd changed the
function declaration of csum_tcpudp_nofold. Argument types were
changed from unsigned long to __be32 (unsigned int). Therefore we
lost the implicit type conversion that zeroed the upper half of the
registers that are used to pass parameters. Since the inline assembly
relied on this we ended up adding random values and wrong checksums
were created.
Showed only up on machines with more than 4GB since gcc produced code
where the registers that are used to pass 'saddr' and 'daddr' previously
contained addresses before calling this function.
Fix this by using 32 bit arithmetics and convert code to C, since gcc
produces better code than these hand-optimized versions.
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
gcc incorrectly removes initialization of register 0 in dasd diag
inline assembly. Use different register to work around this compiler
bug.
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
This patch makes te needlessly global struct v9fs_cached_file_operations
static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Ingress queueing uses a seperate lock for serializing enqueue operations,
but fails to properly protect itself against concurrent changes to the
qdisc tree. Use queue_lock for now since the real fix it quite intrusive.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
cls_basic doesn't allocate tp->root before it is linked into the
active classifier list, resulting in a NULL pointer dereference
when packets hit the classifier before its ->change function is
called.
Reported by Chris Madden <chris@reflexsecurity.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
On most tg3 chips, the memory enable bit in the PCI command register
gets cleared during chip reset and must be restored before accessing
PCI registers using memory cycles. The chip does not generate
interrupt during chip reset, but the irq handler can still be called
because of irq sharing or irqpoll. Reading a register in the irq
handler can cause a master abort in this scenario and may result in a
crash on some architectures.
Use the TG3_FLAG_CHIP_RESETTING flag to tell the irq handler to exit
without touching any registers. The checking of the flag is in the
"slow" path of the irq handler and will not affect normal performance.
The msi handler is not shared and therefore does not require checking
the flag.
Thanks to Bernhard Walle <bwalle@suse.de> for reporting the problem.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This flag to support multiple PCIX split completions was never used
because of hardware bugs. This will make room for a new flag.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
As per RFC2461, section 6.3.6, item #2, when no routers on the
matching list are known to be reachable or probably reachable we
do round robin on those available routes so that we make sure
to probe as many of them as possible to detect when one becomes
reachable faster.
Each routing table has a rwlock protecting the tree and the linked
list of routes at each leaf. The round robin code executes during
lookup and thus with the rwlock taken as a reader. A small local
spinlock tries to provide protection but this does not work at all
for two reasons:
1) The round-robin list manipulation, as coded, goes like this (with
read lock held):
walk routes finding head and tail
spin_lock();
rotate list using head and tail
spin_unlock();
While one thread is rotating the list, another thread can
end up with stale values of head and tail and then proceed
to corrupt the list when it gets the lock. This ends up causing
the OOPS in fib6_add() later onthat many people have been hitting.
2) All the other code paths that run with the rwlock held as
a reader do not expect the list to change on them, they
expect it to remain completely fixed while they hold the
lock in that way.
So, simply stated, it is impossible to implement this correctly using
a manipulation of the list without violating the rwlock locking
semantics.
Reimplement using a per-fib6_node round-robin pointer. This way we
don't need to manipulate the list at all, and since the round-robin
pointer can only ever point to real existing entries we don't need
to perform any locking on the changing of the round-robin pointer
itself. We only need to reset the round-robin pointer to NULL when
the entry it is pointing to is removed.
The idea is from Thomas Graf and it is very similar to how this
was implemented before the advanced router selection code when in.
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
o The AX.25 Howto is unmaintained since several years. I've replaced it
with a wiki at http://www.linux-ax25.org which provides more uptodate
information.
o Change default for AX25_DAMA_SLAVE to Y. AX25_DAMA_SLAVE only compiles
in support for DAMA but doesn't activate it. I hope this gets Linux
distributions to ship their AX.25 kernels with AX25_DAMA_SLAVE enabled.
The price for this would be very small.
o Delete historic changelog from comments, that's what SCM systems are
meant to do.
o ---help--- in Kconfig looks so yellingly eye insulting. Use just help.
o Rewrite the commented out piece of old Linux 2.4 configuration language
to Kconfig for consistency.
o Fixup dependencies.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
->neigh_destructor() is killed (not used), replaced with
->neigh_cleanup(), which is called when neighbor entry goes to dead
state. At this point everything is still valid: neigh->dev,
neigh->parms etc.
The device should guarantee that dead neighbor entries (neigh->dead !=
0) do not get private part initialized, otherwise nobody will cleanup
it.
I think this is enough for ipoib which is the only user of this thing.
Initialization private part of neighbor entries happens in ipib
start_xmit routine, which is not reached when device is down. But it
would be better to add explicit test for neigh->dead in any case.
Signed-off-by: David S. Miller <davem@davemloft.net>
Based upon a patch from Patrick McHardy.
The fib_rules netlink attribute policy introduced in 2.6.19 broke
userspace compatibilty. When specifying a rule with "from all"
or "to all", iproute adds a zero byte long netlink attribute,
but the policy requires all addresses to have a size equal to
sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
validation error.
Check attribute length of FRA_SRC/FRA_DST in the generic framework
by letting the family specific rules implementation provide the
length of an address. Report an error if address length is non
zero but no address attribute is provided. Fix actual bug by
checking address length for non-zero instead of relying on
availability of attribute.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add Vlad Yasevich as the primary maintainer of SCTP and add a
link to the project website.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Robert P. J. Day <rpjday@mindspring.com>
Cc: Krzysztof Halasa <khc@pm.waw.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The watchdog implementation excludes low res / non continuous
clocksources from being selected as a watchdog reference
unintentionally.
Allow using jiffies/PIT as a watchdog reference as long as no better
clocksource is available. This is necessary to detect TSC breakage on
systems, which have no pmtimer/hpet.
The main goal of the initial patch (preventing to switch to highres/nohz
when no reliable fallback clocksource is available) is still guaranteed
by the checks in clocksource_watchdog().
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The rework of next_timer_interrupt() fixed the timer wheel bugs, but
invented a rounding error versus the next hrtimer event. This is caused
by the conversion of the hrtimer internal representation to relative
jiffies.
This causes bug #8100:
http://bugzilla.kernel.org/show_bug.cgi?id=8100
next_timer_interrupt() returns "now" in such a case and causes the code
in tick_nohz_stop_sched_tick() to trigger the timer softirq, which is
bogus as no timer is due for expiry. This results in an endless context
switching between idle and ksoftirqd until a timer is due for expiry.
Modify the hrtimer evaluation so that, it returns now + 1, when the
conversion results in a delta < 1 jiffie.
It's confirmed to resolve bug #8100
Reported-by: Emil Karlson <jkarlson@cc.hut.fi>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
After dvb tuner refactoring, the pllbuff has been altered such that the pll
address is now stored in buf[0]. Instead of sending buf to set_pll_input,
we should send buf+1.
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Ivan Andrewjeski <ivan@fiero-gt.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It has been reported by Julian Deng that configuring the pxa27x i2c SCL line as output generates a short negative pulse on it during the call to pxa_gpio_mode(GPIO117_I2CSCL_MD); as it first switches it to output and then configures it for the alternate function. The SCL line is in fact bidirectional and can also be configured as 117 | GPIO_ALT_FN_1_IN, in which case the pulse is not generated. This is exactly what this patch does.
Author: Julian Deng <dengtj@sitek.cn>
Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
commit f9690982b8 removed the check for
cpu_khz from sched_clock(), which prevented early access to the TSC by
non obvious magic.
This is harmless as long as the CPU has a TSC. On TSCless systems this
results in an illegal instruction trap.
Replace tsc_disabled and tsc_unstable by tsc_enabled, which is only set
when the tsc is available and not unstable.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
CC arch/mips/mm/cerr-sb1.o
arch/mips/mm/cerr-sb1.c: In function 'sb1_cache_error':
arch/mips/mm/cerr-sb1.c:235: warning: format '%010llx' expects type 'long long unsigned int', but argument 2 has type 'uint64_t'
arch/mips/mm/cerr-sb1.c: In function 'extract_ic':
arch/mips/mm/cerr-sb1.c:385: warning: format '%016llx' expects type 'long long unsigned int', but argument 3 has type 'uint64_t'
arch/mips/mm/cerr-sb1.c:385: warning: format '%016llX' expects type 'long long unsigned int', but argument 6 has type 'uint64_t'
arch/mips/mm/cerr-sb1.c: In function 'extract_dc':
arch/mips/mm/cerr-sb1.c:523: warning: format '%010llx' expects type 'long long unsigned int', but argument 3 has type 'uint64_t'
arch/mips/mm/cerr-sb1.c:523: warning: format '%016llX' expects type 'long long unsigned int', but argument 7 has type 'uint64_t'
arch/mips/mm/cerr-sb1.c:570: warning: format '%016llX' expects type 'long long unsigned int', but argument 3 has type 'uint64_t'
LD arch/mips/mm/built-in.o
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The missing cast did result a warning when calling an 32-bit ARC firmware
function that takes 5 arguments where the 5th argument is a pointer from a
64-bit kernel.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
In the the sequence:
ei
..
mfc0 $x, $status
the mfc0 may not see the SR_IE bit set. This was a deliberate bug in the
kernel code because we knew this was a safe thing to do on all R2 silicon
so far but new silicon is changing this.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This patch fixes two places where we used plain 'x - PAGE_OFFSET' to
achieve virtual to physical address convertions. This type of convertion
is no more allowed since commit 6f284a2ce7.
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Franck Bui-Huu <fbuihuu@gmail.com>
[Build fixes for machines that don't use the generic dma-coherence.h]
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Ray Lee reported, that on an UP kernel with "noapic" command line option
set, the box locks hard during boot.
Adding some debug printks revealed, that the last action on the box
before stalling was "Send IPI" - a debug printk which was put into
smp_send_timer_broadcast_ipi().
It seems that send_IPI_mask(mask, LOCAL_TIMER_VECTOR) fails when
"noapic" is set on the command line on an UP kernel.
Aside of that it does not make much sense to trigger an interrupt
instead of calling the function directly on the CPU which gets the
PIT/HPET interrupt in case of broadcasting.
Reported-by: Ray Lee <ray-lk@madrabbit.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ray Lee <ray-lk@madrabbit.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The segment register slots in struct pt_regs are padded to 32 bits.
Some of these are stored with instructions like "pushl %es", which
leaves the high 16 bits as they were. So the high bits of these
fields in struct pt_regs contain kernel stack garbage. These bits are
ignored by everything and never leak to user space, except in core
dumps. The user struct pt_regs is always at the base of the thread's
kernel stack and so it seems unlikely the information that leaks from
here is ever worthwhile so as to be a security concern, but I'm not
sure about that. It has been this way for ages; userland consumers of
core dumps all mask off these high bits themselves. So it is not urgent.
This change masks off the padding bits of the segment register slots
in core dumps. ptrace already masks off these high bits, so this
makes the values in core dumps consistent with what ptrace would
report just before the process died.
As I read the processor manuals, the cs and ss values will always be
padded with zero bits rather than stack garbage. But unlike "pushl %es",
this is not simple to test with a userland program. So I added the two
instructions rather than wonder if they are really never necessary.
I think that x86_64 does not have this problem (for either 32-bit or
64-bit processes). It only uses "mov" instructions from segment
registers, which zero-extend.
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Needed for any architecture that claims ARCH_APICTIMER_STOPS_ON_C3,
not just i386.
I'm hoping Thomas will clean this up a bit later..
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
ieee1394: fix oops on "modprobe -r ohci1394" after network class_device conversion
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
[netdrvr] ewrk3: correct card detection bug
cxgb3 - fix white spaces in drivers/net/Kconfig
myri10ge: update driver version to 1.3.0-1.226
myri10ge: fix management of >4kB allocated pages
myri10ge: update wcfifo and intr_coal_delay default values
myri10ge: Serverworks HT2100 provides aligned PCIe completion
mv643xx_eth: add mv643xx_eth_shutdown function
SAA9730: Fix large pile of warnings
Revert "ucc_geth: returns NETDEV_TX_BUSY when BD ring is full"
cxgb3 - T3B2 pcie config space
cxgb3 - Fix potential MAC hang
cxgb3 - Auto-load FW if mismatch detected
cxgb3 - fix ethtool cmd on multiple queues port
Fix return code in pci-skeleton.c
skge: use per-port phy locking
skge: mask irqs when device down
skge: deadlock on tx timeout
[PATCH] airo: Fix an error path memory leak
[PATCH] bcm43xx: MANUALWLAN fixes
A little mistake in 8a2bfdcbfa is making all
transactions synchronous, which reduces ext3 performance to comical levels.
Cc: Mingming Cao <cmm@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is the rivafb equivalent of 238576e12f.
It fixes rivafb having a default backlight brightness of 0 (no picture at
all) on a PBook 6,1.
Signed-off-by: Guido Guenther <agx@sigxcpu.org>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Acked-by: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adds device ids of two Fujitsu Siemens Tablet PCs to pnp_dev_table
Signed-off-by: Danny Kukawka <dkukawka@suse.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix the /proc/pid/stat representation of executable boundaries. It should
show the bounds of the executable, but instead shows the bounds of the
loader.
Before the patch is applied, the bug can be seen by examining, say, inetd:
# ps | grep inetd
610 root 0 S /usr/sbin/inetd -i
# cat /proc/610/maps
c0bb0000-c0bba788 r-xs 00000000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
c3180000-c31dede4 r-xs 00000000 00:0b 14582179 /lib/libuClibc-0.9.28.so
c328c000-c328ea00 rw-p 00008000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
c3290000-c329b6c0 rw-p 00000000 00:00 0
c32a0000-c32c0000 rwxp 00000000 00:00 0
c32d4000-c32d8000 rw-p 00000000 00:00 0
c3394000-c3398000 rw-p 00000000 00:00 0
c3458000-c345f464 r-xs 00000000 00:0b 16384612 /usr/sbin/inetd
c3470000-c34748f8 rw-p 00004000 00:0b 16384612 /usr/sbin/inetd
c34cc000-c34d0000 rw-p 00000000 00:00 0
c34d4000-c34d8000 rw-p 00000000 00:00 0
c34d8000-c34dc000 rw-p 00000000 00:00 0
# cat /proc/610/stat
610 (inetd) S 1 610 610 0 -1 256 0 0 0 0 0 8 0 0 19 0 1 0 94392000718
950272 0 4294967295 3233480704 3233523592 3274440352 3274439976
3273467584 0 0 4096 90115 3221712796 0 0 17 0 0 0 0
The code boundaries are 3233480704 to 3233523592, which are:
(gdb) p/x 3233480704
$1 = 0xc0bb0000
(gdb) p/x 3233523592
$2 = 0xc0bba788
Which corresponds to this line in the maps file:
c0bb0000-c0bba788 r-xs 00000000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
Which is wrong. After the patch is applied, the maps file is pretty much
identical (there's some minor shuffling of the location of some of the
anonymous VMAs), but the stat file is now:
# cat /proc/610/stat
610 (inetd) S 1 610 610 0 -1 256 0 0 0 0 0 7 0 0 18 0 1 0 94392000722
950272 0 4294967295 3276111872 3276141668 3274440352 3274439976
3273467584 0 0 4096 90115 3221712796 0 0 17 0 0 0 0
The code boundaries are then 3276111872 to 3276141668, which are:
(gdb) p/x 3276111872
$1 = 0xc3458000
(gdb) p/x 3276141668
$2 = 0xc345f464
And these correspond to this line in the maps file instead:
c3458000-c345f464 r-xs 00000000 00:0b 16384612 /usr/sbin/inetd
Which is now correct.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix the print formatting of three unsigned long fields in /proc/timer_list,
which are currently being formatted as signed long.
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It turned out that it is almost impossible to trust ACPI, BIOS & Co.
regarding the C states. This was the reason to switch the local apic
timer off in C2 state already. OTOH there are sane and well behaving
systems, which get punished by that decision.
Allow the user to confirm that the local apic timer is trustworthy in C2
state. This keeps the default behaviour on the safe side.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This reverts commit 25496caec1, which
broke bootup on at least Ingo's ThinkPad T60. Need to figure out
exactly what is wrong before we can re-do the logic.
Requested-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Renninger <trenn@suse.de>
Cc: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The networking subsystem has been converted from class_device to device
but ieee1394 hasn't. This results in a 100% reproducible NULL pointer
dereference if the ohci1394 driver module is unloaded while the eth1394
module is still loaded.
http://lkml.org/lkml/2006/11/16/147http://lkml.org/lkml/2007/3/14/4
This is a regression in 2.6.21-rc1.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Tested-by: Ismail Dönmez <ismail@pardus.org.tr>