Functions compat_nfs_svc_trans, compat_nfs_clnt_trans,
compat_nfs_exp_trans, compat_nfs_getfd_trans and compat_nfs_getfs_trans,
which are called by compat_sys_nfsservctl(fs/compat.c), don't handle the
return value of access_ok properly. access_ok return 1 when the addr is
valid, and 0 when it's not, but these functions have the reversed
understanding. When the address is valid, they always return -EFAULT to
compat_sys_nfsservctl.
An example is to run /usr/sbin/rpc.nfsd(32bit program on Power5). It
doesn't function as expected. strace showes that nfsservctl returns
-EFAULT.
The patch fixes this by correcting the error handling on the return value
of access_ok in the five functions.
Signed-off-by: Lin Feng Shen <shenlinf@cn.ibm.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Acked-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
With Manfred Spraul <manfred@colorfullife.com> and
Andrew Morton <akpm@osdl.org>
Bring back this recently-reverted patch, only fixed.
Original changelog:
From: Ayaz Abdulla <aabdulla@nvidia.com>
This patch fixes the issues with multiple irqs.
I am resending based on feedback. I decoupled the dma mask for
consistent memory and fixed leak with multiple irq in error path.
Thanks to Manfred for catching the spin lock problem.
Fix it:
From: Manfred Spraul <manfred@colorfullife.com>
Fix bug introduced by ebf34c9b6f, covered in
http://bugzilla.kernel.org/show_bug.cgi?id=6568.
Remove second instance of the request_irq() calls: they were moved
from nv_open into nv_request_irq.
Thanks to Alistair Strachan <alistair@devzero.co.uk> for reporting and
persisting.
Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This fixes a byte-swap issue on PPC, found by Zang Roy-r61911
on the powerpc platform. His original patch also had some other
platform-specific changes in #ifdef's, but I'm not sure yet how to
incorporate them. Look for another patch for those (soon).
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The driver currently keeps local copies of the hardware request/response queue indexes.
But it expends significant effort ensuring consistency between the two views,
and still gets it wrong after an error or reset occurs.
This patch removes the local copies, in favour of just accessing the hardware
whenever we need them. Eventually this may need to be tweaked again for NCQ,
but for now this works and solves problems some users were seeing.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The 60xx chips, and possibly others, incorrectly assert DEV_IRQ interrupts
on a regular basis. The cause of this is under investigation (by me and
in theory by Marvell also), but regardless we do need to deal with these events.
This patch tidies up some interrupt handler code, and ensures that we ignore
DEV_IRQ interrupts when the drive still has ATA_BUSY asserted.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The interface control register of the 60xx (and later) Marvell chip
requires certain bits to always be set when writing to it. These bits
incorrectly read-back as zeros, so the pattern must be ORed in
with each write of the register. Also, bit 12 should NOT be set
(note that Marvell's own driver also had bit-12 wrong here).
While we're at it, we also now do pci_set_master() in the init code.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
In some systems, it is possible that the BIOS may have enabled interrupt coalescing
for the Marvell controllers which support it. This patch adds code to detect/ack
interrupts from the chip's coalescing (combing) logic.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The mv_err_intr() function is invoked from the driver's interrupt handler,
as well as from the timeout function. This patch prevents it from triggering
a one-after-the-other double reset of the controller when invoked
from the timeout function.
This also adds a check for a timeout race condition that has been observed
to occur with this driver in earlier kernels. This should not be needed,
in theory, but in practice it has caught bugs. Maybe nuke it at a later date.
Signed-off-by: Mark Lord <liml@rtr.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Call pci_map_single() with the actual size of the receive
buffers, not 0 (which skb->len is initialized to by dev_alloc_skb()).
Signed-off-by: Erling A. Jacobsen <linuxcub@email.dk>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The driver will get stuck (permanent transmit timeout), if the transmit
ring size is set too small. It needs to have enough ring elements to
hold one maximum size transmit.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Skge driver always causes bad checksums on big-endian.
The checksum in the receive control block was being swapped
when it doesn't need to be.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
If the status ring processing can't keep up with the incoming frames,
it is more efficient to have NAPI keep scheduling the poll routine
rather than causing another interrupt.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Logic error in the phy initialization code. Also, turn on wake on lan
bit in status control.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The Dlink DGE-560T uses Yukon2 chipset so it needs sky2 driver; and
the DGE-530T uses Yukon1 so it uses skge driver.
Bug: http://bugzilla.kernel.org/show_bug.cgi?id=6544
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
If both ports are receiving on the SysKonnect dual port cards,
then it appears the bus interface unit can give an interrupt status
for frame before DMA has completed. This leads to bogus frames
and general confusion. This is why receive checksumming is also
messed up on dual port cards.
A workaround for the out of order receive problem is to eliminating
split transactions on PCI-X.
This version is based of the current linux-2.6.git including earlier
patch to disable dual ports.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Revert previous patch with subject "change mdelay to msleep and remove
from ISR path". This patch seems to have caused bigger problems than
it solved, and it didn't solve much of a problem to begin with...
Discussion about backing-out this patch can be found here:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114321570402396&w=2
The git commit associated w/ the original patch is:
6ba98d311d
Signed-off-by: John W. Linville <linville@tuxdriver.com
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Revert ebf34c9b6f. Maybe. Due to crashes
at shutdown - see http://bugzilla.kernel.org/show_bug.cgi?id=6568.
Cc: Ayaz Abdulla <aabdulla@nvidia.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
IB/mthca: Fix posting lists of 256 receive requests for Tavor
IB/uverbs: Don't leak ref to mm on error path
IB/srp: Complete correct SCSI commands on device reset
IB/srp: Get rid of extra scsi_host_put()s if reconnection fails
IB/srp: Don't wait for disconnection if sending DREQ fails
IB/mthca: Make fw_cmd_doorbell default to 0
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[SCTP]: Allow linger to abort 1-N style sockets.
[SCTP]: Validate the parameter length in HB-ACK chunk.
[SCTP]: Respect the real chunk length when walking parameters.
[SCTP]: A better solution to fix the race between sctp_peeloff() and
[SCTP]: Set sk_err so that poll wakes up after a non-blocking connect failure.
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 3533/1: Implement the __raw_(read|write)_can_lock functions on ARM
[ARM] 3530/1: PXA Mainstone: prevent double enable_irq() in pcmcia
[ARM] 3529/1: s3c24xx: fix restoring control register with undefined instruction
Enable SO_LINGER functionality for 1-N style sockets. The socket API
draft will be clarfied to allow for this functionality. The linger
settings will apply to all associations on a given socket.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
If SCTP receives a badly formatted HB-ACK chunk, it is possible
that we may access invalid memory and potentially have a buffer
overflow. We should really make sure that the chunk format is
what we expect, before attempting to touch the data.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Patch from Catalin Marinas
Recent patches introduced the write_can_lock() call in the kernel/ptrace.c
file. Implement the __raw_* variants on ARM (SMP) as well.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Patch from Pavel Pisa
There has been problems that for some paths that clock are not stopped
during new command programming and initiation. Result is issuing
of incorrect command to the card. Some other problems are cleaned too.
Noisy report of known ERRATUM #4 has been suppressed.
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
When performing bound checks during the parameter processing, we
want to use the real chunk and paramter lengths for bounds instead
of the rounded ones. This prevents us from potentially walking of
the end if the chunk length was miscalculated. We still use rounded
lengths when advancing the pointer. This was found during a
conformance test that changed the chunk length without modifying
parameters.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
sctp_rcv().
The goal is to hold the ref on the association/endpoint throughout the
state-machine process. We accomplish like this:
/* ref on the assoc/ep is taken during lookup */
if owned_by_user(sk)
sctp_add_backlog(skb, sk);
else
inqueue_push(skb, sk);
/* drop the ref on the assoc/ep */
However, in sctp_add_backlog() we take the ref on assoc/ep and hold it
while the skb is on the backlog queue. This allows us to get rid of the
sock_hold/sock_put in the lookup routines.
Now sctp_backlog_rcv() needs to account for potential association move.
In the unlikely event that association moved, we need to retest if the
new socket is locked by user. If we don't this, we may have two packets
racing up the stack toward the same socket and we can't deal with it.
If the new socket is still locked, we'll just add the skb to its backlog
continuing to hold the ref on the association. This get's rid of the
need to move packets from one backlog to another and it also safe in
case new packets arrive on the same backlog queue.
The last step, is to lock the new socket when we are moving the
association to it. This is needed in case any new packets arrive on
the association when it moved. We want these to go to the backlog since
we would like to avoid the race between this new packet and a packet
that may be sitting on the backlog queue of the old socket toward the
same association.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
flags is a u16, so use htons instead of htonl. Also avoid double
conversion.
Noticed by Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Solar Designer found a race condition in do_add_counters(). The beginning
of paddc is supposed to be the same as tmp which was sanity-checked
above, but it might not be the same in reality. In case the integer
overflow and/or the race condition are triggered, paddc->num_counters
might not match the allocation size for paddc. If the check below
(t->private->number != paddc->num_counters) nevertheless passes (perhaps
this requires the race condition to be triggered), IPT_ENTRY_ITERATE()
would read kernel memory beyond the allocation size, potentially causing
an oops or leaking sensitive data (e.g., passwords from host system or
from another VPS) via counter increments. This requires CAP_NET_ADMIN.
Signed-off-by: Solar Designer <solar@openwall.com>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
GRE keys are 16 bit.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The prefix argument for nf_log_packet is a format specifier,
so don't pass the user defined string directly to it.
Signed-off-by: Philip Craig <philipc@snapgear.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Coverity checker spotted that we may leak 'hold' in
net/ipv4/netfilter/ipt_recent.c::checkentry() when the following
is true:
if (!curr_table->status_proc) {
...
if(!curr_table) {
...
return 0; <-- here we leak.
Simply moving an existing vfree(hold); up a bit avoids the possible leak.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
If we post a list of length 256 exactly, nreq in doorbell gets set to
256 which is wrong: it should be encoded by 0. This is because we
only zero it out on the next WR, which may not be there. The solution
is to ring the doorbell after posting a WQE, not before posting the
next one.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
In ib_umem_release_on_close(), if the kmalloc() fails, then a
reference to current->mm will be leaked. Fix this by adding a mmput()
instead of just returning on kmalloc() failure.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Re-enable posted writes for status FIFO.
Besides bringing back a very minor bandwidth tweak from Linux 2.6.15.x
and older, this also fixes an interoperability regression since 2.6.16:
http://bugzilla.kernel.org/show_bug.cgi?id=6356
(sbp2: scsi_add_device failed. IEEE1394 HD is not working anymore.)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Tested-by: Vanei Heidemann <linux@javanei.com.br>
Tested-by: Martin Putzlocher <mputzi@gmx.de> (chip type unconfirmed)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
In case the blacklist with workarounds for device bugs yields a false
positive, the module load parameter can now also be used as an override
instead of an addition to the blacklist.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Apple decided to copy some USB stupidity over to FireWire.
The sector number returned by iPods from read_capacity is one too many.
This may cause I/O errors, especially if the kernel is configured for EFI
partition support. We use the same workaround as usb-storage but have to
check for different model IDs.
http://marc.theaimsgroup.com/?t=114233262300001https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187409
Acknowledgements:
Diagnosis and therapy by Mathieu Chouquet-Stringer <ml2news@free.fr>,
additional data about affected and unaffected Apple hardware from
Vladimir Kotal, Sander De Graaf, Bryan Olmstead and Hugh Dixon.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Grand unification of the three types of workarounds we have so far.
The "skip mode page 8" workaround is now limited to devices which
pretend to be of TYPE_DISK instead of TYPE_RBC. This workaround is no
longer enabled for Initio bridges.
Patch update in anticipation of more workarounds:
- Add module parameter "workarounds".
- Deprecate parameter "force_inquiry_hack".
- Compose the blacklist of a compound type for better readability and
extensibility.
- Remove a now unused #define.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/netdev-2.6:
sky2: prevent dual port receiver problems
x86_64: Check for bad dma address in b44 1GB DMA workaround
The ixp2000 driver for the enp2611 was developed on a board with
* 'upstream-linus' of git://oss.oracle.com/home/sourcebo/git/ocfs2:
configfs: Make sure configfs_init() is called before consumers.
configfs: configfs_mkdir() failed to cleanup linkage.
configfs: Fix a reference leak in configfs_mkdir().
ocfs2: fix gfp mask in some file system paths
ocfs2: Don't populate uptodate cache in ocfs2_force_read_journal()
ocfs2: take meta data lock in ocfs2_file_aio_read()
ocfs2: take data locks around extend
configfs_init() needs to be called first to register configfs before anyconsumers try to access it. Move up configfs in fs/Makefile to make
sure it is initialized early.
Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>