This is the start of the stable review cycle for the 2.6.22.17 release.
There are 27 patches in this series, all will be posted as a response to
this one. If anyone has any issues with these being applied, please let
us know. If anyone is a maintainer of the proper subsystem, and wants
to add a Signed-off-by: line to the patch, please respond with it.
These patches are sent out with a number of different people on the
Cc: line. If you wish to be a reviewer, please email [email protected]
to add your name to the list. If you want to be off the reviewer list,
also email us.
Responses should be made by Feb 5 2008, 00:00:00 UTC. Anything received
after that time might be too late.
Note, I think this is going to be the last .22 release, unless people
send me some patches they think really needs to go in, and then, it will
probably only be one more release. It's time to move on :)
thanks,
the -stable release team
2.6.22-stable review patch. If anyone has any objections, please let us know.
------------------
From: Julia Lawall <[email protected]>
[X25]: Add missing x25_neigh_put
[ Upstream commit: 76975f8a3186dae501584d0155ea410464f62815 ]
The function x25_get_neigh increments a reference count. At the point of
the second goto out, the result of calling x25_get_neigh is only stored in
a local variable, and thus no one outside the function will be able to
decrease the reference count. Thus, x25_neigh_put should be called before
the return in this case.
The problem was found using the following semantic match.
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
type T,T1,T2;
identifier E;
statement S;
expression x1,x2,x3;
int ret;
@@
T E;
...
* if ((E = x25_get_neigh(...)) == NULL)
S
... when != x25_neigh_put(...,(T1)E,...)
when != if (E != NULL) { ... x25_neigh_put(...,(T1)E,...); ...}
when != x1 = (T1)E
when != E = x3;
when any
if (...) {
... when != x25_neigh_put(...,(T2)E,...)
when != if (E != NULL) { ... x25_neigh_put(...,(T2)E,...); ...}
when != x2 = (T2)E
(
* return;
|
* return ret;
)
}
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/x25/x25_forward.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/x25/x25_forward.c
+++ b/net/x25/x25_forward.c
@@ -118,13 +118,14 @@ int x25_forward_data(int lci, struct x25
goto out;
if ( (skbn = pskb_copy(skb, GFP_ATOMIC)) == NULL){
- goto out;
+ goto output;
}
x25_transmit_link(skbn, nb);
- x25_neigh_put(nb);
rc = 1;
+output:
+ x25_neigh_put(nb);
out:
return rc;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Miller <[email protected]>
[SPARC64]: Fix two kernel linear mapping setup bugs.
[ Upstream commit: 8f361453d8e9a67c85b2cf9b93c642c2d8fe0462 ]
This was caught and identified by Greg Onufer.
Since we setup the 256M/4M bitmap table after taking over the trap
table, it's possible for some 4M mapping to get loaded in the TLB
beforhand which later will be 256M mappings.
This can cause illegal TLB multiple-match conditions. Fix this by
setting up the bitmap before we take over the trap table.
Next, __flush_tlb_all() was not doing anything on hypervisor
platforms. Fix by adding sun4v_mmu_demap_all() and calling it.
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/sparc64/kernel/entry.S | 12 ++++++++++++
arch/sparc64/mm/init.c | 29 ++++++++++++++++++++---------
include/asm-sparc64/hypervisor.h | 4 ++++
3 files changed, 36 insertions(+), 9 deletions(-)
--- a/arch/sparc64/kernel/entry.S
+++ b/arch/sparc64/kernel/entry.S
@@ -2593,3 +2593,15 @@ sun4v_mmustat_info:
retl
nop
.size sun4v_mmustat_info, .-sun4v_mmustat_info
+
+ .globl sun4v_mmu_demap_all
+ .type sun4v_mmu_demap_all,#function
+sun4v_mmu_demap_all:
+ clr %o0
+ clr %o1
+ mov HV_MMU_ALL, %o2
+ mov HV_FAST_MMU_DEMAP_ALL, %o5
+ ta HV_FAST_TRAP
+ retl
+ nop
+ .size sun4v_mmu_demap_all, .-sun4v_mmu_demap_all
--- a/arch/sparc64/mm/init.c
+++ b/arch/sparc64/mm/init.c
@@ -1135,14 +1135,9 @@ static void __init mark_kpte_bitmap(unsi
}
}
-static void __init kernel_physical_mapping_init(void)
+static void __init init_kpte_bitmap(void)
{
unsigned long i;
-#ifdef CONFIG_DEBUG_PAGEALLOC
- unsigned long mem_alloced = 0UL;
-#endif
-
- read_obp_memory("reg", &pall[0], &pall_ents);
for (i = 0; i < pall_ents; i++) {
unsigned long phys_start, phys_end;
@@ -1151,14 +1146,24 @@ static void __init kernel_physical_mappi
phys_end = phys_start + pall[i].reg_size;
mark_kpte_bitmap(phys_start, phys_end);
+ }
+}
+static void __init kernel_physical_mapping_init(void)
+{
#ifdef CONFIG_DEBUG_PAGEALLOC
+ unsigned long i, mem_alloced = 0UL;
+
+ for (i = 0; i < pall_ents; i++) {
+ unsigned long phys_start, phys_end;
+
+ phys_start = pall[i].phys_addr;
+ phys_end = phys_start + pall[i].reg_size;
+
mem_alloced += kernel_map_range(phys_start, phys_end,
PAGE_KERNEL);
-#endif
}
-#ifdef CONFIG_DEBUG_PAGEALLOC
printk("Allocated %ld bytes for kernel page tables.\n",
mem_alloced);
@@ -1400,6 +1405,10 @@ void __init paging_init(void)
inherit_prom_mappings();
+ read_obp_memory("reg", &pall[0], &pall_ents);
+
+ init_kpte_bitmap();
+
/* Ok, we can use our TLB miss and window trap handlers safely. */
setup_tba();
@@ -1854,7 +1863,9 @@ void __flush_tlb_all(void)
"wrpr %0, %1, %%pstate"
: "=r" (pstate)
: "i" (PSTATE_IE));
- if (tlb_type == spitfire) {
+ if (tlb_type == hypervisor) {
+ sun4v_mmu_demap_all();
+ } else if (tlb_type == spitfire) {
for (i = 0; i < 64; i++) {
/* Spitfire Errata #32 workaround */
/* NOTE: Always runs on spitfire, so no
--- a/include/asm-sparc64/hypervisor.h
+++ b/include/asm-sparc64/hypervisor.h
@@ -709,6 +709,10 @@ extern unsigned long sun4v_mmu_tsb_ctx0(
*/
#define HV_FAST_MMU_DEMAP_ALL 0x24
+#ifndef __ASSEMBLY__
+extern void sun4v_mmu_demap_all(void);
+#endif
+
/* mmu_map_perm_addr()
* TRAP: HV_FAST_TRAP
* FUNCTION: HV_FAST_MMU_MAP_PERM_ADDR
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Miller <[email protected]>
[SPARC64]: Fix memory controller register access when non-SMP.
[ Upstream commit: b332b8bc9c67165eabdfc7d10b4a2e4cc9f937d0 ]
get_cpu() always returns zero on non-SMP builds, but we
really want the physical cpu number in this code in order
to do the right thing.
Based upon a non-SMP kernel boot failure report from Bernd Zeimetz.
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/sparc64/kernel/chmc.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/arch/sparc64/kernel/chmc.c
+++ b/arch/sparc64/kernel/chmc.c
@@ -1,7 +1,6 @@
-/* $Id: chmc.c,v 1.4 2002/01/08 16:00:14 davem Exp $
- * memctrlr.c: Driver for UltraSPARC-III memory controller.
+/* memctrlr.c: Driver for UltraSPARC-III memory controller.
*
- * Copyright (C) 2001 David S. Miller ([email protected])
+ * Copyright (C) 2001, 2007 David S. Miller ([email protected])
*/
#include <linux/module.h>
@@ -16,6 +15,7 @@
#include <linux/init.h>
#include <asm/spitfire.h>
#include <asm/chmctrl.h>
+#include <asm/cpudata.h>
#include <asm/oplib.h>
#include <asm/prom.h>
#include <asm/io.h>
@@ -242,8 +242,11 @@ int chmc_getunumber(int syndrome_code,
*/
static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
{
- unsigned long ret;
- int this_cpu = get_cpu();
+ unsigned long ret, this_cpu;
+
+ preempt_disable();
+
+ this_cpu = real_hard_smp_processor_id();
if (mp->portid == this_cpu) {
__asm__ __volatile__("ldxa [%1] %2, %0"
@@ -255,7 +258,8 @@ static u64 read_mcreg(struct mctrl_info
: "r" (mp->regs + offset),
"i" (ASI_PHYS_BYPASS_EC_E));
}
- put_cpu();
+
+ preempt_enable();
return ret;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Russ Dill <[email protected]>
[NET]: mcs7830 passes msecs instead of jiffies to usb_control_msg
[ Upstream commit 1d39da3dcaad4231f0fa75024b1d6d710a2ced74 ]
usb_control_msg was changed long ago (2.6.12-pre) to take milliseconds
instead of jiffies. Oddly, mcs7830 wasn't added until 2.6.19-rc3.
Signed-off-by: Russ Dill <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/usb/mcs7830.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/usb/mcs7830.c
+++ b/drivers/net/usb/mcs7830.c
@@ -94,7 +94,7 @@ static int mcs7830_get_reg(struct usbnet
ret = usb_control_msg(xdev, usb_rcvctrlpipe(xdev, 0), MCS7830_RD_BREQ,
MCS7830_RD_BMREQ, 0x0000, index, data,
- size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
+ size, MCS7830_CTRL_TIMEOUT);
return ret;
}
@@ -105,7 +105,7 @@ static int mcs7830_set_reg(struct usbnet
ret = usb_control_msg(xdev, usb_sndctrlpipe(xdev, 0), MCS7830_WR_BREQ,
MCS7830_WR_BMREQ, 0x0000, index, data,
- size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
+ size, MCS7830_CTRL_TIMEOUT);
return ret;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Russ Dill <[email protected]>
[NET]: kaweth was forgotten in msec switchover of usb_start_wait_urb
[ Upstream commit: 2b2b2e35b71e5be8bc06cc0ff38df15dfedda19b ]
Back in 2.6.12-pre, usb_start_wait_urb was switched over to take
milliseconds instead of jiffies. kaweth.c was never updated to match.
Signed-off-by: Russ Dill <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/usb/kaweth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/usb/kaweth.c
+++ b/drivers/net/usb/kaweth.c
@@ -70,7 +70,7 @@
#define KAWETH_TX_TIMEOUT (5 * HZ)
#define KAWETH_SCRATCH_SIZE 32
#define KAWETH_FIRMWARE_BUF_SIZE 4096
-#define KAWETH_CONTROL_TIMEOUT (30 * HZ)
+#define KAWETH_CONTROL_TIMEOUT (30000)
#define KAWETH_STATUS_BROKEN 0x0000001
#define KAWETH_STATUS_CLOSING 0x0000002
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Miller <[email protected]>
[NET]: Correct two mistaken skb_reset_mac_header() conversions.
[ Upstream commit: c6e6ca712b5cc06a662f900c0484d49d7334af64 ]
This operation helper abstracts:
skb->mac_header = skb->data;
but it was done in two more places which were actually:
skb->mac_header = skb->network_header;
and those are corrected here.
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ax25/ax25_in.c | 2 +-
net/netrom/nr_dev.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/net/ax25/ax25_in.c
+++ b/net/ax25/ax25_in.c
@@ -124,7 +124,7 @@ int ax25_rx_iframe(ax25_cb *ax25, struct
}
skb_pull(skb, 1); /* Remove PID */
- skb_reset_mac_header(skb);
+ skb->mac_header = skb->network_header;
skb_reset_network_header(skb);
skb->dev = ax25->ax25_dev->dev;
skb->pkt_type = PACKET_HOST;
--- a/net/netrom/nr_dev.c
+++ b/net/netrom/nr_dev.c
@@ -56,7 +56,7 @@ int nr_rx_ip(struct sk_buff *skb, struct
/* Spoof incoming device */
skb->dev = dev;
- skb_reset_mac_header(skb);
+ skb->mac_header = skb->network_header;
skb_reset_network_header(skb);
skb->pkt_type = PACKET_HOST;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: maximilian attems <[email protected]>
[IRDA]: irda_create() nuke user triggable printk
[ Upstream commit: 9e8d6f8959c356d8294d45f11231331c3e1bcae6 ]
easy to trigger as user with sfuzz.
irda_create() is quiet on unknown sock->type,
match this behaviour for SOCK_DGRAM unknown protocol
Signed-off-by: maximilian attems <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/irda/af_irda.c | 2 --
1 file changed, 2 deletions(-)
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1115,8 +1115,6 @@ static int irda_create(struct socket *so
self->max_sdu_size_rx = TTP_SAR_UNBOUND;
break;
default:
- IRDA_ERROR("%s: protocol not supported!\n",
- __FUNCTION__);
return -ESOCKTNOSUPPORT;
}
break;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Eric Dumazet <[email protected]>
[IPV4] ROUTE: ip_rt_dump() is unecessary slow
[ Upstream commit: d8c9283089287341c85a0a69de32c2287a990e71 ]
I noticed "ip route list cache x.y.z.t" can be *very* slow.
While strace-ing -T it I also noticed that first part of route cache
is fetched quite fast :
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202
GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3772 <0.000047>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\
202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3736 <0.000042>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\
202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3740 <0.000055>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\
202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3712 <0.000043>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\
202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3732 <0.000053>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202
GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3708 <0.000052>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202
GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3680 <0.000041>
while the part at the end of the table is more expensive:
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3656 <0.003857>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3772 <0.003891>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3712 <0.003765>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3700 <0.003879>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3676 <0.003797>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3724 <0.003856>
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 3736 <0.003848>
The following patch corrects this performance/latency problem,
removing quadratic behavior.
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/route.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2885,11 +2885,10 @@ int ip_rt_dump(struct sk_buff *skb, str
int idx, s_idx;
s_h = cb->args[0];
+ if (s_h < 0)
+ s_h = 0;
s_idx = idx = cb->args[1];
- for (h = 0; h <= rt_hash_mask; h++) {
- if (h < s_h) continue;
- if (h > s_h)
- s_idx = 0;
+ for (h = s_h; h <= rt_hash_mask; h++) {
rcu_read_lock_bh();
for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
@@ -2906,6 +2905,7 @@ int ip_rt_dump(struct sk_buff *skb, str
dst_release(xchg(&skb->dst, NULL));
}
rcu_read_unlock_bh();
+ s_idx = 0;
}
done:
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Timo Teras <[email protected]>
[IPV4] ip_gre: set mac_header correctly in receive path
[ Upstream commit: 1d0691674764098304ae4c63c715f5883b4d3784 ]
mac_header update in ipgre_recv() was incorrectly changed to
skb_reset_mac_header() when it was introduced.
Signed-off-by: Timo Teras <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/ip_gre.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -613,7 +613,7 @@ static int ipgre_rcv(struct sk_buff *skb
offset += 4;
}
- skb_reset_mac_header(skb);
+ skb->mac_header = skb->network_header;
__pskb_pull(skb, offset);
skb_reset_network_header(skb);
skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <[email protected]>
[IPSEC]: Fix potential dst leak in xfrm_lookup
[ Upstream commit: 75b8c133267053c9986a7c8db5131f0e7349e806 ]
If we get an error during the actual policy lookup we don't free the
original dst while the caller expects us to always free the original
dst in case of error.
This patch fixes that.
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/xfrm/xfrm_policy.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1479,8 +1479,9 @@ restart:
if (sk && sk->sk_policy[1]) {
policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
+ err = PTR_ERR(policy);
if (IS_ERR(policy))
- return PTR_ERR(policy);
+ goto dropdst;
}
if (!policy) {
@@ -1491,8 +1492,9 @@ restart:
policy = flow_cache_lookup(fl, dst_orig->ops->family,
dir, xfrm_policy_lookup);
+ err = PTR_ERR(policy);
if (IS_ERR(policy))
- return PTR_ERR(policy);
+ goto dropdst;
}
if (!policy)
@@ -1661,8 +1663,9 @@ restart:
return 0;
error:
- dst_release(dst_orig);
xfrm_pols_put(pols, npols);
+dropdst:
+ dst_release(dst_orig);
*dst_p = NULL;
return err;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <[email protected]>
[IPSEC]: Avoid undefined shift operation when testing algorithm ID
[ Upstream commit: f398035f2dec0a6150833b0bc105057953594edb ]
The aalgos/ealgos fields are only 32 bits wide. However, af_key tries
to test them with the expression 1 << id where id can be as large as
253. This produces different behaviour on different architectures.
The following patch explicitly checks whether ID is greater than 31
and fails the check if that's the case.
We cannot easily extend the mask to be longer than 32 bits due to
exposure to user-space. Besides, this whole interface is obsolete
anyway in favour of the xfrm_user interface which doesn't use this
bit mask in templates (well not within the kernel anyway).
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/key/af_key.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2777,12 +2777,22 @@ static struct sadb_msg *pfkey_get_base_m
static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
{
- return t->aalgos & (1 << d->desc.sadb_alg_id);
+ unsigned int id = d->desc.sadb_alg_id;
+
+ if (id >= sizeof(t->aalgos) * 8)
+ return 0;
+
+ return (t->aalgos >> id) & 1;
}
static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
{
- return t->ealgos & (1 << d->desc.sadb_alg_id);
+ unsigned int id = d->desc.sadb_alg_id;
+
+ if (id >= sizeof(t->ealgos) * 8)
+ return 0;
+
+ return (t->ealgos >> id) & 1;
}
static int count_ah_combs(struct xfrm_tmpl *t)
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Mark McLoughlin <[email protected]>
[INET]: Fix netdev renaming and inet address labels
[ Upstream commit: 44344b2a85f03326c7047a8c861b0c625c674839 ]
When re-naming an interface, the previous secondary address
labels get lost e.g.
$> brctl addbr foo
$> ip addr add 192.168.0.1 dev foo
$> ip addr add 192.168.0.2 dev foo label foo:00
$> ip addr show dev foo | grep inet
inet 192.168.0.1/32 scope global foo
inet 192.168.0.2/32 scope global foo:00
$> ip link set foo name bar
$> ip addr show dev bar | grep inet
inet 192.168.0.1/32 scope global bar
inet 192.168.0.2/32 scope global bar:2
Turns out to be a simple thinko in inetdev_changename() - clearly we
want to look at the address label, rather than the device name, for
a suffix to retain.
Signed-off-by: Mark McLoughlin <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/devinet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1030,7 +1030,7 @@ static void inetdev_changename(struct ne
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
if (named++ == 0)
continue;
- dot = strchr(ifa->ifa_label, ':');
+ dot = strchr(old, ':');
if (dot == NULL) {
sprintf(old, ":%d", named);
dot = old;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: "David S. Miller" <[email protected]>
[SPARC64]: Fix endless loop in cheetah_xcall_deliver().
[ Upsteam commit: 0de56d1ab83323d604d95ca193dcbd28388dbabb ]
We need to mask out the proper bits when testing the dispatch status
register else we can see unrelated NACK bits from previous cross call
sends.
Signed-off-by: David S. Miller <[email protected]>
---
arch/sparc64/kernel/smp.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
--- a/arch/sparc64/kernel/smp.c
+++ b/arch/sparc64/kernel/smp.c
@@ -403,7 +403,7 @@ static __inline__ void spitfire_xcall_de
*/
static void cheetah_xcall_deliver(u64 data0, u64 data1, u64 data2, cpumask_t mask)
{
- u64 pstate, ver;
+ u64 pstate, ver, busy_mask;
int nack_busy_id, is_jbus, need_more;
if (cpus_empty(mask))
@@ -435,14 +435,20 @@ retry:
"i" (ASI_INTR_W));
nack_busy_id = 0;
+ busy_mask = 0;
{
int i;
for_each_cpu_mask(i, mask) {
u64 target = (i << 14) | 0x70;
- if (!is_jbus)
+ if (is_jbus) {
+ busy_mask |= (0x1UL << (i * 2));
+ } else {
target |= (nack_busy_id << 24);
+ busy_mask |= (0x1UL <<
+ (nack_busy_id * 2));
+ }
__asm__ __volatile__(
"stxa %%g0, [%0] %1\n\t"
"membar #Sync\n\t"
@@ -458,15 +464,16 @@ retry:
/* Now, poll for completion. */
{
- u64 dispatch_stat;
+ u64 dispatch_stat, nack_mask;
long stuck;
stuck = 100000 * nack_busy_id;
+ nack_mask = busy_mask << 1;
do {
__asm__ __volatile__("ldxa [%%g0] %1, %0"
: "=r" (dispatch_stat)
: "i" (ASI_INTR_DISPATCH_STAT));
- if (dispatch_stat == 0UL) {
+ if (!(dispatch_stat & (busy_mask | nack_mask))) {
__asm__ __volatile__("wrpr %0, 0x0, %%pstate"
: : "r" (pstate));
if (unlikely(need_more)) {
@@ -483,12 +490,12 @@ retry:
}
if (!--stuck)
break;
- } while (dispatch_stat & 0x5555555555555555UL);
+ } while (dispatch_stat & busy_mask);
__asm__ __volatile__("wrpr %0, 0x0, %%pstate"
: : "r" (pstate));
- if ((dispatch_stat & ~(0x5555555555555555UL)) == 0) {
+ if (dispatch_stat & busy_mask) {
/* Busy bits will not clear, continue instead
* of freezing up on this cpu.
*/
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Li Zefan <[email protected]>
[CONNECTOR]: Don't touch queue dev after decrement of ref count.
[ Upstream commit: cf585ae8ae9ac7287a6d078425ea32f22bf7f1f7 ]
cn_queue_free_callback() will touch 'dev'(i.e. cbq->pdev), so it
should be called before atomic_dec(&dev->refcnt).
Signed-off-by: Li Zefan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/connector/cn_queue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/connector/cn_queue.c
+++ b/drivers/connector/cn_queue.c
@@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queu
spin_unlock_bh(&dev->queue_lock);
if (found) {
- atomic_dec(&dev->refcnt);
cn_queue_free_callback(cbq);
+ atomic_dec(&dev->refcnt);
return -EINVAL;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Chas Williams <[email protected]>
[ATM]: [nicstar] delay irq setup until card is configured
[ Upstream commit: 52961955aa180959158faeb9fd6b4f8a591450f5 ]
Signed-off-by: Chas Williams <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/atm/nicstar.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -625,14 +625,6 @@ static int __devinit ns_init_card(int i,
if (mac[i] == NULL)
nicstar_init_eprom(card->membase);
- if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
- {
- printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
- error = 9;
- ns_init_card_error(card, error);
- return error;
- }
-
/* Set the VPI/VCI MSb mask to zero so we can receive OAM cells */
writel(0x00000000, card->membase + VPM);
@@ -858,8 +850,6 @@ static int __devinit ns_init_card(int i,
card->iovpool.count++;
}
- card->intcnt = 0;
-
/* Configure NICStAR */
if (card->rct_size == 4096)
ns_cfg_rctsize = NS_CFG_RCTSIZE_4096_ENTRIES;
@@ -868,6 +858,15 @@ static int __devinit ns_init_card(int i,
card->efbie = 1;
+ card->intcnt = 0;
+ if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
+ {
+ printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
+ error = 9;
+ ns_init_card_error(card, error);
+ return error;
+ }
+
/* Register device */
card->atmdev = atm_dev_register("nicstar", &atm_ops, -1, NULL);
if (card->atmdev == NULL)
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <[email protected]>
[ATM]: Check IP header validity in mpc_send_packet
[ Upstream commit: 1c9b7aa1eb40ab708ef3242f74b9a61487623168 ]
Al went through the ip_fast_csum callers and found this piece of code
that did not validate the IP header. While root crashing the machine
by sending bogus packets through raw or AF_PACKET sockets isn't that
serious, it is still nice to react gracefully.
This patch ensures that the skb has enough data for an IP header and
that the header length field is valid.
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/atm/mpc.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/atm/mpc.c
+++ b/net/atm/mpc.c
@@ -542,6 +542,13 @@ static int mpc_send_packet(struct sk_buf
if (eth->h_proto != htons(ETH_P_IP))
goto non_ip; /* Multi-Protocol Over ATM :-) */
+ /* Weed out funny packets (e.g., AF_PACKET or raw). */
+ if (skb->len < ETH_HLEN + sizeof(struct iphdr))
+ goto non_ip;
+ skb_set_network_header(skb, ETH_HLEN);
+ if (skb->len < ETH_HLEN + ip_hdr(skb)->ihl * 4 || ip_hdr(skb)->ihl < 5)
+ goto non_ip;
+
while (i < mpc->number_of_mps_macs) {
if (!compare_ether_addr(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN)))
if ( send_via_shortcut(skb, mpc) == 0 ) /* try shortcut */
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Al Viro <[email protected]>
[ Upstream commit: e5e025401f6e926c1d9dc3f3f2813cf98a2d8708 ]
Here's proposed fix for RX checksum handling in cassini; it affects
little-endian working with half-duplex gigabit, but obviously needs
testing on big-endian too.
The problem is, we need to convert checksum to fixed-endian *before*
correcting for (unstripped) FCS. On big-endian it won't matter
(conversion is no-op), on little-endian it will, but only if FCS is
not stripped by hardware; i.e. in half-duplex gigabit mode when
->crc_size is set.
cassini.c part is that fix, cassini.h one consists of trivial
endianness annotations. With that applied the sucker is endian-clean,
according to sparse.
Signed-off-by: Al Viro <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/cassini.c | 8 +++++---
drivers/net/cassini.h | 18 +++++++++---------
2 files changed, 14 insertions(+), 12 deletions(-)
--- a/drivers/net/cassini.c
+++ b/drivers/net/cassini.c
@@ -1979,6 +1979,7 @@ static int cas_rx_process_pkt(struct cas
struct cas_page *page;
struct sk_buff *skb;
void *addr, *crcaddr;
+ __sum16 csum;
char *p;
hlen = CAS_VAL(RX_COMP2_HDR_SIZE, words[1]);
@@ -2158,14 +2159,15 @@ end_copy_pkt:
skb_put(skb, alloclen);
}
- i = CAS_VAL(RX_COMP4_TCP_CSUM, words[3]);
+ csum = (__force __sum16)htons(CAS_VAL(RX_COMP4_TCP_CSUM, words[3]));
if (cp->crc_size) {
/* checksum includes FCS. strip it out. */
- i = csum_fold(csum_partial(crcaddr, cp->crc_size, i));
+ csum = csum_fold(csum_partial(crcaddr, cp->crc_size,
+ csum_unfold(csum)));
if (addr)
cas_page_unmap(addr);
}
- skb->csum = ntohs(i ^ 0xffff);
+ skb->csum = csum_unfold(~csum);
skb->ip_summed = CHECKSUM_COMPLETE;
skb->protocol = eth_type_trans(skb, cp->dev);
return len;
--- a/drivers/net/cassini.h
+++ b/drivers/net/cassini.h
@@ -4122,8 +4122,8 @@ cas_saturn_patch_t cas_saturn_patch[] =
inserted into
outgoing frame. */
struct cas_tx_desc {
- u64 control;
- u64 buffer;
+ __le64 control;
+ __le64 buffer;
};
/* descriptor ring for free buffers contains page-sized buffers. the index
@@ -4131,8 +4131,8 @@ struct cas_tx_desc {
* the completion ring.
*/
struct cas_rx_desc {
- u64 index;
- u64 buffer;
+ __le64 index;
+ __le64 buffer;
};
/* received packets are put on the completion ring. */
@@ -4210,10 +4210,10 @@ struct cas_rx_desc {
#define RX_INDEX_RELEASE 0x0000000000002000ULL
struct cas_rx_comp {
- u64 word1;
- u64 word2;
- u64 word3;
- u64 word4;
+ __le64 word1;
+ __le64 word2;
+ __le64 word3;
+ __le64 word4;
};
enum link_state {
@@ -4252,7 +4252,7 @@ struct cas_init_block {
struct cas_rx_comp rxcs[N_RX_COMP_RINGS][INIT_BLOCK_RX_COMP];
struct cas_rx_desc rxds[N_RX_DESC_RINGS][INIT_BLOCK_RX_DESC];
struct cas_tx_desc txds[N_TX_RINGS][INIT_BLOCK_TX];
- u64 tx_compwb;
+ __le64 tx_compwb;
};
/* tiny buffers to deal with target abort issue. we allocate a bit
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Miller <[email protected]>
[ Upstream commit: 9de4dfb4c7176e5bb232a21cdd8df78da2b15cac ]
This reverts changeset fa4f0774d7c6cccb4d1fda76b91dd8eddcb2dd6a
([CASSINI]: dont touch page_count) because it breaks the driver.
The local page counting added by this changeset did not account
for the asynchronous page count changes done by kfree_skb()
and friends.
The change adds extra atomics and on top of it all appears to be
totally unnecessary as well.
Signed-off-by: David S. Miller <[email protected]>
Acked-by: Nick Piggin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/cassini.c | 36 ++++--------------------------------
1 file changed, 4 insertions(+), 32 deletions(-)
--- a/drivers/net/cassini.c
+++ b/drivers/net/cassini.c
@@ -336,30 +336,6 @@ static inline void cas_mask_intr(struct
cas_disable_irq(cp, i);
}
-static inline void cas_buffer_init(cas_page_t *cp)
-{
- struct page *page = cp->buffer;
- atomic_set((atomic_t *)&page->lru.next, 1);
-}
-
-static inline int cas_buffer_count(cas_page_t *cp)
-{
- struct page *page = cp->buffer;
- return atomic_read((atomic_t *)&page->lru.next);
-}
-
-static inline void cas_buffer_inc(cas_page_t *cp)
-{
- struct page *page = cp->buffer;
- atomic_inc((atomic_t *)&page->lru.next);
-}
-
-static inline void cas_buffer_dec(cas_page_t *cp)
-{
- struct page *page = cp->buffer;
- atomic_dec((atomic_t *)&page->lru.next);
-}
-
static void cas_enable_irq(struct cas *cp, const int ring)
{
if (ring == 0) { /* all but TX_DONE */
@@ -497,7 +473,6 @@ static int cas_page_free(struct cas *cp,
{
pci_unmap_page(cp->pdev, page->dma_addr, cp->page_size,
PCI_DMA_FROMDEVICE);
- cas_buffer_dec(page);
__free_pages(page->buffer, cp->page_order);
kfree(page);
return 0;
@@ -527,7 +502,6 @@ static cas_page_t *cas_page_alloc(struct
page->buffer = alloc_pages(flags, cp->page_order);
if (!page->buffer)
goto page_err;
- cas_buffer_init(page);
page->dma_addr = pci_map_page(cp->pdev, page->buffer, 0,
cp->page_size, PCI_DMA_FROMDEVICE);
return page;
@@ -606,7 +580,7 @@ static void cas_spare_recover(struct cas
list_for_each_safe(elem, tmp, &list) {
cas_page_t *page = list_entry(elem, cas_page_t, list);
- if (cas_buffer_count(page) > 1)
+ if (page_count(page->buffer) > 1)
continue;
list_del(elem);
@@ -1374,7 +1348,7 @@ static inline cas_page_t *cas_page_spare
cas_page_t *page = cp->rx_pages[1][index];
cas_page_t *new;
- if (cas_buffer_count(page) == 1)
+ if (page_count(page->buffer) == 1)
return page;
new = cas_page_dequeue(cp);
@@ -1394,7 +1368,7 @@ static cas_page_t *cas_page_swap(struct
cas_page_t **page1 = cp->rx_pages[1];
/* swap if buffer is in use */
- if (cas_buffer_count(page0[index]) > 1) {
+ if (page_count(page0[index]->buffer) > 1) {
cas_page_t *new = cas_page_spare(cp, index);
if (new) {
page1[index] = page0[index];
@@ -2066,7 +2040,6 @@ static int cas_rx_process_pkt(struct cas
skb->len += hlen - swivel;
get_page(page->buffer);
- cas_buffer_inc(page);
frag->page = page->buffer;
frag->page_offset = off;
frag->size = hlen - swivel;
@@ -2091,7 +2064,6 @@ static int cas_rx_process_pkt(struct cas
frag++;
get_page(page->buffer);
- cas_buffer_inc(page);
frag->page = page->buffer;
frag->page_offset = 0;
frag->size = hlen;
@@ -2255,7 +2227,7 @@ static int cas_post_rxds_ringN(struct ca
released = 0;
while (entry != last) {
/* make a new buffer if it's still in use */
- if (cas_buffer_count(page[entry]) > 1) {
+ if (page_count(page[entry]->buffer) > 1) {
cas_page_t *new = cas_page_dequeue(cp);
if (!new) {
/* let the timer know that we need to
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Miller <[email protected]>
[ Upstream commit: d011a231675b240157a3c335dd53e9b849d7d30d ]
skb->truesize was not being incremented at all to
reflect the page based data added to RX SKBs.
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/cassini.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/cassini.c
+++ b/drivers/net/cassini.c
@@ -2037,6 +2037,7 @@ static int cas_rx_process_pkt(struct cas
skb_shinfo(skb)->nr_frags++;
skb->data_len += hlen - swivel;
+ skb->truesize += hlen - swivel;
skb->len += hlen - swivel;
get_page(page->buffer);
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Bob Moore <[email protected]>
patch 152c300d007c70c4a1847dad39ecdaba22e7d457 in mainline.
Changed resolution of named references in packages
Fixed a problem with the Package operator where all named
references were created as object references and left otherwise
unresolved. According to the ACPI specification, a Package can
only contain Data Objects or references to control methods. The
implication is that named references to Data Objects (Integer,
Buffer, String, Package, BufferField, Field) should be resolved
immediately upon package creation. This is the approach taken
with this change. References to all other named objects (Methods,
Devices, Scopes, etc.) are all now properly created as reference objects.
http://bugzilla.kernel.org/show_bug.cgi?id=5328
http://bugzilla.kernel.org/show_bug.cgi?id=9429
Signed-off-by: Bob Moore <[email protected]>
Signed-off-by: Len Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/acpi/dispatcher/dsobject.c | 91 ++++++++++++++++++++++++++++++++++---
1 file changed, 85 insertions(+), 6 deletions(-)
--- a/drivers/acpi/dispatcher/dsobject.c
+++ b/drivers/acpi/dispatcher/dsobject.c
@@ -137,6 +137,71 @@ acpi_ds_build_internal_object(struct acp
return_ACPI_STATUS(status);
}
}
+
+ /* Special object resolution for elements of a package */
+
+ if ((op->common.parent->common.aml_opcode == AML_PACKAGE_OP) ||
+ (op->common.parent->common.aml_opcode ==
+ AML_VAR_PACKAGE_OP)) {
+ /*
+ * Attempt to resolve the node to a value before we insert it into
+ * the package. If this is a reference to a common data type,
+ * resolve it immediately. According to the ACPI spec, package
+ * elements can only be "data objects" or method references.
+ * Attempt to resolve to an Integer, Buffer, String or Package.
+ * If cannot, return the named reference (for things like Devices,
+ * Methods, etc.) Buffer Fields and Fields will resolve to simple
+ * objects (int/buf/str/pkg).
+ *
+ * NOTE: References to things like Devices, Methods, Mutexes, etc.
+ * will remain as named references. This behavior is not described
+ * in the ACPI spec, but it appears to be an oversight.
+ */
+ obj_desc = (union acpi_operand_object *)op->common.node;
+
+ status =
+ acpi_ex_resolve_node_to_value(ACPI_CAST_INDIRECT_PTR
+ (struct
+ acpi_namespace_node,
+ &obj_desc),
+ walk_state);
+ if (ACPI_FAILURE(status)) {
+ return_ACPI_STATUS(status);
+ }
+
+ switch (op->common.node->type) {
+ /*
+ * For these types, we need the actual node, not the subobject.
+ * However, the subobject got an extra reference count above.
+ */
+ case ACPI_TYPE_MUTEX:
+ case ACPI_TYPE_METHOD:
+ case ACPI_TYPE_POWER:
+ case ACPI_TYPE_PROCESSOR:
+ case ACPI_TYPE_EVENT:
+ case ACPI_TYPE_REGION:
+ case ACPI_TYPE_DEVICE:
+ case ACPI_TYPE_THERMAL:
+
+ obj_desc =
+ (union acpi_operand_object *)op->common.
+ node;
+ break;
+
+ default:
+ break;
+ }
+
+ /*
+ * If above resolved to an operand object, we are done. Otherwise,
+ * we have a NS node, we must create the package entry as a named
+ * reference.
+ */
+ if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) !=
+ ACPI_DESC_TYPE_NAMED) {
+ goto exit;
+ }
+ }
}
/* Create and init a new internal ACPI object */
@@ -156,6 +221,7 @@ acpi_ds_build_internal_object(struct acp
return_ACPI_STATUS(status);
}
+ exit:
*obj_desc_ptr = obj_desc;
return_ACPI_STATUS(AE_OK);
}
@@ -356,12 +422,25 @@ acpi_ds_build_internal_package_obj(struc
arg = arg->common.next;
for (i = 0; arg && (i < element_count); i++) {
if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
-
- /* This package element is already built, just get it */
-
- obj_desc->package.elements[i] =
- ACPI_CAST_PTR(union acpi_operand_object,
- arg->common.node);
+ if (arg->common.node->type == ACPI_TYPE_METHOD) {
+ /*
+ * A method reference "looks" to the parser to be a method
+ * invocation, so we special case it here
+ */
+ arg->common.aml_opcode = AML_INT_NAMEPATH_OP;
+ status =
+ acpi_ds_build_internal_object(walk_state,
+ arg,
+ &obj_desc->
+ package.
+ elements[i]);
+ } else {
+ /* This package element is already built, just get it */
+
+ obj_desc->package.elements[i] =
+ ACPI_CAST_PTR(union acpi_operand_object,
+ arg->common.node);
+ }
} else {
status = acpi_ds_build_internal_object(walk_state, arg,
&obj_desc->
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Ingo Molnar <[email protected]>
vfs: coredumping fix
patch c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in mainline
fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
only allow coredumping to the same uid that the coredumping
task runs under.
Signed-off-by: Ingo Molnar <[email protected]>
Acked-by: Alan Cox <[email protected]>
Acked-by: Christoph Hellwig <[email protected]>
Acked-by: Al Viro <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Cc: maximilian attems <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/exec.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_cod
but keep the previous behaviour for now. */
if (!ispipe && !S_ISREG(inode->i_mode))
goto close_fail;
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
+ */
+ if (inode->i_uid != current->fsuid)
+ goto close_fail;
if (!file->f_op)
goto close_fail;
if (!file->f_op->write)
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Christoph Lameter <[email protected]>
patch 421d99193537a6522aac2148286f08792167d5fd in mainline.
This ensures that the quicklists are drained. Otherwise draining may only
occur when the processor reaches an idle state.
Fixes fatal leakage of pgd_t's on 2.6.22 and later.
Signed-off-by: Christoph Lameter <[email protected]>
Reported-by: Dhaval Giani <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/asm-generic/tlb.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/include/asm-generic/tlb.h
+++ b/include/asm-generic/tlb.h
@@ -14,6 +14,7 @@
#define _ASM_GENERIC__TLB_H
#include <linux/swap.h>
+#include <linux/quicklist.h>
#include <asm/pgalloc.h>
#include <asm/tlbflush.h>
@@ -85,6 +86,9 @@ tlb_flush_mmu(struct mmu_gather *tlb, un
static inline void
tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long end)
{
+#ifdef CONFIG_QUICKLIST
+ tlb->need_flush += &__get_cpu_var(quicklist)[0].nr_pages != 0;
+#endif
tlb_flush_mmu(tlb, start, end);
/* keep the page table cache within bounds */
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Divy Le Ray <[email protected]>
patch 7832ee034b6ef78aab020c9ec1348544cd65ccbd in mainline.
The patch ensures that a GSO skb has enough headroom
to push an encapsulating cpl_tx_pkt_lso header.
Signed-off-by: Divy Le Ray <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/chelsio/cxgb2.c | 3 ++-
drivers/net/chelsio/sge.c | 34 +++++++++++++++-------------------
drivers/net/chelsio/sge.h | 1 +
3 files changed, 18 insertions(+), 20 deletions(-)
--- a/drivers/net/chelsio/cxgb2.c
+++ b/drivers/net/chelsio/cxgb2.c
@@ -397,7 +397,8 @@ static char stats_strings[][ETH_GSTRING_
"TxTso",
"RxVlan",
"TxVlan",
-
+ "TxNeedHeadroom",
+
/* Interrupt stats */
"rx drops",
"pure_rsps",
--- a/drivers/net/chelsio/sge.c
+++ b/drivers/net/chelsio/sge.c
@@ -991,6 +991,7 @@ void t1_sge_get_port_stats(const struct
ss->tx_packets += st->tx_packets;
ss->tx_cso += st->tx_cso;
ss->tx_tso += st->tx_tso;
+ ss->tx_need_hdrroom += st->tx_need_hdrroom;
ss->vlan_xtract += st->vlan_xtract;
ss->vlan_insert += st->vlan_insert;
}
@@ -1851,7 +1852,8 @@ int t1_start_xmit(struct sk_buff *skb, s
{
struct adapter *adapter = dev->priv;
struct sge *sge = adapter->sge;
- struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port], smp_processor_id());
+ struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port],
+ smp_processor_id());
struct cpl_tx_pkt *cpl;
struct sk_buff *orig_skb = skb;
int ret;
@@ -1859,6 +1861,18 @@ int t1_start_xmit(struct sk_buff *skb, s
if (skb->protocol == htons(ETH_P_CPL5))
goto send;
+ /*
+ * We are using a non-standard hard_header_len.
+ * Allocate more header room in the rare cases it is not big enough.
+ */
+ if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
+ skb = skb_realloc_headroom(skb, sizeof(struct cpl_tx_pkt_lso));
+ ++st->tx_need_hdrroom;
+ dev_kfree_skb_any(orig_skb);
+ if (!skb)
+ return NETDEV_TX_OK;
+ }
+
if (skb_shinfo(skb)->gso_size) {
int eth_type;
struct cpl_tx_pkt_lso *hdr;
@@ -1892,24 +1906,6 @@ int t1_start_xmit(struct sk_buff *skb, s
return NETDEV_TX_OK;
}
- /*
- * We are using a non-standard hard_header_len and some kernel
- * components, such as pktgen, do not handle it right.
- * Complain when this happens but try to fix things up.
- */
- if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
- pr_debug("%s: headroom %d header_len %d\n", dev->name,
- skb_headroom(skb), dev->hard_header_len);
-
- if (net_ratelimit())
- printk(KERN_ERR "%s: inadequate headroom in "
- "Tx packet\n", dev->name);
- skb = skb_realloc_headroom(skb, sizeof(*cpl));
- dev_kfree_skb_any(orig_skb);
- if (!skb)
- return NETDEV_TX_OK;
- }
-
if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
skb->ip_summed == CHECKSUM_PARTIAL &&
ip_hdr(skb)->protocol == IPPROTO_UDP) {
--- a/drivers/net/chelsio/sge.h
+++ b/drivers/net/chelsio/sge.h
@@ -64,6 +64,7 @@ struct sge_port_stats {
u64 tx_tso; /* # of TSO requests */
u64 vlan_xtract; /* # of VLAN tag extractions */
u64 vlan_insert; /* # of VLAN tag insertions */
+ u64 tx_need_hdrroom; /* # of TX skbs in need of more header room */
};
struct sk_buff;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Divy Le Ray <[email protected]>
patch e0348b9ae5374f9a24424ae680bcd80724415f60 in mainline.
Fix MAC stats accounting.
Fix get_stats.
Signed-off-by: Divy Le Ray <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/chelsio/cxgb2.c | 67 +++++++++++++++++++------
drivers/net/chelsio/pm3393.c | 112 +++++++++++++++++--------------------------
drivers/net/chelsio/sge.c | 4 -
drivers/net/chelsio/sge.h | 2
4 files changed, 96 insertions(+), 89 deletions(-)
--- a/drivers/net/chelsio/cxgb2.c
+++ b/drivers/net/chelsio/cxgb2.c
@@ -370,7 +370,9 @@ static char stats_strings[][ETH_GSTRING_
"TxInternalMACXmitError",
"TxFramesWithExcessiveDeferral",
"TxFCSErrors",
-
+ "TxJumboFramesOk",
+ "TxJumboOctetsOk",
+
"RxOctetsOK",
"RxOctetsBad",
"RxUnicastFramesOK",
@@ -388,11 +390,11 @@ static char stats_strings[][ETH_GSTRING_
"RxInRangeLengthErrors",
"RxOutOfRangeLengthField",
"RxFrameTooLongErrors",
+ "RxJumboFramesOk",
+ "RxJumboOctetsOk",
/* Port stats */
- "RxPackets",
"RxCsumGood",
- "TxPackets",
"TxCsumOffload",
"TxTso",
"RxVlan",
@@ -455,23 +457,56 @@ static void get_stats(struct net_device
const struct cmac_statistics *s;
const struct sge_intr_counts *t;
struct sge_port_stats ss;
- unsigned int len;
s = mac->ops->statistics_update(mac, MAC_STATS_UPDATE_FULL);
-
- len = sizeof(u64)*(&s->TxFCSErrors + 1 - &s->TxOctetsOK);
- memcpy(data, &s->TxOctetsOK, len);
- data += len;
-
- len = sizeof(u64)*(&s->RxFrameTooLongErrors + 1 - &s->RxOctetsOK);
- memcpy(data, &s->RxOctetsOK, len);
- data += len;
-
+ t = t1_sge_get_intr_counts(adapter->sge);
t1_sge_get_port_stats(adapter->sge, dev->if_port, &ss);
- memcpy(data, &ss, sizeof(ss));
- data += sizeof(ss);
- t = t1_sge_get_intr_counts(adapter->sge);
+ *data++ = s->TxOctetsOK;
+ *data++ = s->TxOctetsBad;
+ *data++ = s->TxUnicastFramesOK;
+ *data++ = s->TxMulticastFramesOK;
+ *data++ = s->TxBroadcastFramesOK;
+ *data++ = s->TxPauseFrames;
+ *data++ = s->TxFramesWithDeferredXmissions;
+ *data++ = s->TxLateCollisions;
+ *data++ = s->TxTotalCollisions;
+ *data++ = s->TxFramesAbortedDueToXSCollisions;
+ *data++ = s->TxUnderrun;
+ *data++ = s->TxLengthErrors;
+ *data++ = s->TxInternalMACXmitError;
+ *data++ = s->TxFramesWithExcessiveDeferral;
+ *data++ = s->TxFCSErrors;
+ *data++ = s->TxJumboFramesOK;
+ *data++ = s->TxJumboOctetsOK;
+
+ *data++ = s->RxOctetsOK;
+ *data++ = s->RxOctetsBad;
+ *data++ = s->RxUnicastFramesOK;
+ *data++ = s->RxMulticastFramesOK;
+ *data++ = s->RxBroadcastFramesOK;
+ *data++ = s->RxPauseFrames;
+ *data++ = s->RxFCSErrors;
+ *data++ = s->RxAlignErrors;
+ *data++ = s->RxSymbolErrors;
+ *data++ = s->RxDataErrors;
+ *data++ = s->RxSequenceErrors;
+ *data++ = s->RxRuntErrors;
+ *data++ = s->RxJabberErrors;
+ *data++ = s->RxInternalMACRcvError;
+ *data++ = s->RxInRangeLengthErrors;
+ *data++ = s->RxOutOfRangeLengthField;
+ *data++ = s->RxFrameTooLongErrors;
+ *data++ = s->RxJumboFramesOK;
+ *data++ = s->RxJumboOctetsOK;
+
+ *data++ = ss.rx_cso_good;
+ *data++ = ss.tx_cso;
+ *data++ = ss.tx_tso;
+ *data++ = ss.vlan_xtract;
+ *data++ = ss.vlan_insert;
+ *data++ = ss.tx_need_hdrroom;
+
*data++ = t->rx_drops;
*data++ = t->pure_rsps;
*data++ = t->unhandled_irqs;
--- a/drivers/net/chelsio/pm3393.c
+++ b/drivers/net/chelsio/pm3393.c
@@ -45,7 +45,7 @@
#include <linux/crc32.h>
-#define OFFSET(REG_ADDR) (REG_ADDR << 2)
+#define OFFSET(REG_ADDR) ((REG_ADDR) << 2)
/* Max frame size PM3393 can handle. Includes Ethernet header and CRC. */
#define MAX_FRAME_SIZE 9600
@@ -428,69 +428,26 @@ static int pm3393_set_speed_duplex_fc(st
return 0;
}
-static void pm3393_rmon_update(struct adapter *adapter, u32 offs, u64 *val,
- int over)
-{
- u32 val0, val1, val2;
-
- t1_tpi_read(adapter, offs, &val0);
- t1_tpi_read(adapter, offs + 4, &val1);
- t1_tpi_read(adapter, offs + 8, &val2);
-
- *val &= ~0ull << 40;
- *val |= val0 & 0xffff;
- *val |= (val1 & 0xffff) << 16;
- *val |= (u64)(val2 & 0xff) << 32;
-
- if (over)
- *val += 1ull << 40;
+#define RMON_UPDATE(mac, name, stat_name) \
+{ \
+ t1_tpi_read((mac)->adapter, OFFSET(name), &val0); \
+ t1_tpi_read((mac)->adapter, OFFSET((name)+1), &val1); \
+ t1_tpi_read((mac)->adapter, OFFSET((name)+2), &val2); \
+ (mac)->stats.stat_name = (u64)(val0 & 0xffff) | \
+ ((u64)(val1 & 0xffff) << 16) | \
+ ((u64)(val2 & 0xff) << 32) | \
+ ((mac)->stats.stat_name & \
+ 0xffffff0000000000ULL); \
+ if (ro & \
+ (1ULL << ((name - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW) >> 2))) \
+ (mac)->stats.stat_name += 1ULL << 40; \
}
static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
int flag)
{
- static struct {
- unsigned int reg;
- unsigned int offset;
- } hw_stats [] = {
-
-#define HW_STAT(name, stat_name) \
- { name, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
-
- /* Rx stats */
- HW_STAT(RxOctetsReceivedOK, RxOctetsOK),
- HW_STAT(RxUnicastFramesReceivedOK, RxUnicastFramesOK),
- HW_STAT(RxMulticastFramesReceivedOK, RxMulticastFramesOK),
- HW_STAT(RxBroadcastFramesReceivedOK, RxBroadcastFramesOK),
- HW_STAT(RxPAUSEMACCtrlFramesReceived, RxPauseFrames),
- HW_STAT(RxFrameCheckSequenceErrors, RxFCSErrors),
- HW_STAT(RxFramesLostDueToInternalMACErrors,
- RxInternalMACRcvError),
- HW_STAT(RxSymbolErrors, RxSymbolErrors),
- HW_STAT(RxInRangeLengthErrors, RxInRangeLengthErrors),
- HW_STAT(RxFramesTooLongErrors , RxFrameTooLongErrors),
- HW_STAT(RxJabbers, RxJabberErrors),
- HW_STAT(RxFragments, RxRuntErrors),
- HW_STAT(RxUndersizedFrames, RxRuntErrors),
- HW_STAT(RxJumboFramesReceivedOK, RxJumboFramesOK),
- HW_STAT(RxJumboOctetsReceivedOK, RxJumboOctetsOK),
-
- /* Tx stats */
- HW_STAT(TxOctetsTransmittedOK, TxOctetsOK),
- HW_STAT(TxFramesLostDueToInternalMACTransmissionError,
- TxInternalMACXmitError),
- HW_STAT(TxTransmitSystemError, TxFCSErrors),
- HW_STAT(TxUnicastFramesTransmittedOK, TxUnicastFramesOK),
- HW_STAT(TxMulticastFramesTransmittedOK, TxMulticastFramesOK),
- HW_STAT(TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK),
- HW_STAT(TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames),
- HW_STAT(TxJumboFramesReceivedOK, TxJumboFramesOK),
- HW_STAT(TxJumboOctetsReceivedOK, TxJumboOctetsOK)
- }, *p = hw_stats;
- u64 ro;
- u32 val0, val1, val2, val3;
- u64 *stats = (u64 *) &mac->stats;
- unsigned int i;
+ u64 ro;
+ u32 val0, val1, val2, val3;
/* Snap the counters */
pmwrite(mac, SUNI1x10GEXP_REG_MSTAT_CONTROL,
@@ -504,14 +461,35 @@ static const struct cmac_statistics *pm3
ro = ((u64)val0 & 0xffff) | (((u64)val1 & 0xffff) << 16) |
(((u64)val2 & 0xffff) << 32) | (((u64)val3 & 0xffff) << 48);
- for (i = 0; i < ARRAY_SIZE(hw_stats); i++) {
- unsigned reg = p->reg - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW;
-
- pm3393_rmon_update((mac)->adapter, OFFSET(p->reg),
- stats + p->offset, ro & (reg >> 2));
- }
-
-
+ /* Rx stats */
+ RMON_UPDATE(mac, RxOctetsReceivedOK, RxOctetsOK);
+ RMON_UPDATE(mac, RxUnicastFramesReceivedOK, RxUnicastFramesOK);
+ RMON_UPDATE(mac, RxMulticastFramesReceivedOK, RxMulticastFramesOK);
+ RMON_UPDATE(mac, RxBroadcastFramesReceivedOK, RxBroadcastFramesOK);
+ RMON_UPDATE(mac, RxPAUSEMACCtrlFramesReceived, RxPauseFrames);
+ RMON_UPDATE(mac, RxFrameCheckSequenceErrors, RxFCSErrors);
+ RMON_UPDATE(mac, RxFramesLostDueToInternalMACErrors,
+ RxInternalMACRcvError);
+ RMON_UPDATE(mac, RxSymbolErrors, RxSymbolErrors);
+ RMON_UPDATE(mac, RxInRangeLengthErrors, RxInRangeLengthErrors);
+ RMON_UPDATE(mac, RxFramesTooLongErrors , RxFrameTooLongErrors);
+ RMON_UPDATE(mac, RxJabbers, RxJabberErrors);
+ RMON_UPDATE(mac, RxFragments, RxRuntErrors);
+ RMON_UPDATE(mac, RxUndersizedFrames, RxRuntErrors);
+ RMON_UPDATE(mac, RxJumboFramesReceivedOK, RxJumboFramesOK);
+ RMON_UPDATE(mac, RxJumboOctetsReceivedOK, RxJumboOctetsOK);
+
+ /* Tx stats */
+ RMON_UPDATE(mac, TxOctetsTransmittedOK, TxOctetsOK);
+ RMON_UPDATE(mac, TxFramesLostDueToInternalMACTransmissionError,
+ TxInternalMACXmitError);
+ RMON_UPDATE(mac, TxTransmitSystemError, TxFCSErrors);
+ RMON_UPDATE(mac, TxUnicastFramesTransmittedOK, TxUnicastFramesOK);
+ RMON_UPDATE(mac, TxMulticastFramesTransmittedOK, TxMulticastFramesOK);
+ RMON_UPDATE(mac, TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK);
+ RMON_UPDATE(mac, TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames);
+ RMON_UPDATE(mac, TxJumboFramesReceivedOK, TxJumboFramesOK);
+ RMON_UPDATE(mac, TxJumboOctetsReceivedOK, TxJumboOctetsOK);
return &mac->stats;
}
--- a/drivers/net/chelsio/sge.c
+++ b/drivers/net/chelsio/sge.c
@@ -986,9 +986,7 @@ void t1_sge_get_port_stats(const struct
for_each_possible_cpu(cpu) {
struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[port], cpu);
- ss->rx_packets += st->rx_packets;
ss->rx_cso_good += st->rx_cso_good;
- ss->tx_packets += st->tx_packets;
ss->tx_cso += st->tx_cso;
ss->tx_tso += st->tx_tso;
ss->tx_need_hdrroom += st->tx_need_hdrroom;
@@ -1382,7 +1380,6 @@ static void sge_rx(struct sge *sge, stru
skb->dev->last_rx = jiffies;
st = per_cpu_ptr(sge->port_stats[p->iff], smp_processor_id());
- st->rx_packets++;
skb->protocol = eth_type_trans(skb, adapter->port[p->iff].dev);
if ((adapter->flags & RX_CSUM_ENABLED) && p->csum == 0xffff &&
@@ -1951,7 +1948,6 @@ int t1_start_xmit(struct sk_buff *skb, s
cpl->vlan_valid = 0;
send:
- st->tx_packets++;
dev->trans_start = jiffies;
ret = t1_sge_tx(skb, adapter, 0, dev);
--- a/drivers/net/chelsio/sge.h
+++ b/drivers/net/chelsio/sge.h
@@ -57,9 +57,7 @@ struct sge_intr_counts {
};
struct sge_port_stats {
- u64 rx_packets; /* # of Ethernet packets received */
u64 rx_cso_good; /* # of successful RX csum offloads */
- u64 tx_packets; /* # of TX packets */
u64 tx_cso; /* # of TX checksum offloads */
u64 tx_tso; /* # of TSO requests */
u64 vlan_xtract; /* # of VLAN tag extractions */
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Divy Le Ray <[email protected]>
patch 7de6af0f23b25df8da9719ecae1916b669d0b03d in mainline.
eth_type_trans() now sets skb->dev.
Access skb->def after it gets set.
Signed-off-by: Divy Le Ray <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/chelsio/sge.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/chelsio/sge.c
+++ b/drivers/net/chelsio/sge.c
@@ -1378,10 +1378,10 @@ static void sge_rx(struct sge *sge, stru
}
__skb_pull(skb, sizeof(*p));
- skb->dev->last_rx = jiffies;
st = per_cpu_ptr(sge->port_stats[p->iff], smp_processor_id());
skb->protocol = eth_type_trans(skb, adapter->port[p->iff].dev);
+ skb->dev->last_rx = jiffies;
if ((adapter->flags & RX_CSUM_ENABLED) && p->csum == 0xffff &&
skb->protocol == htons(ETH_P_IP) &&
(skb->data[9] == IPPROTO_TCP || skb->data[9] == IPPROTO_UDP)) {
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Ilpo Järvinen <[email protected]>
Patch 2b02d13996fe28478e45605de9bd8bdca25718de in mainline
[POWERPC] Fix invalid semicolon after if statement
A similar fix to netfilter from Eric Dumazet inspired me to
look around a bit by using some grep/sed stuff as looking for
this kind of bugs seemed easy to automate. This is one of them
I found where it looks like this semicolon is not valid.
Signed-off-by: Ilpo Järvinen <[email protected]>
Acked-by: Benjamin Herrenschmidt <[email protected]>
Signed-off-by: Paul Mackerras <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/powerpc/mm/hash_utils_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/mm/hash_utils_64.c
+++ b/arch/powerpc/mm/hash_utils_64.c
@@ -795,7 +795,7 @@ void hash_preload(struct mm_struct *mm,
#ifdef CONFIG_PPC_MM_SLICES
/* We only prefault standard pages for now */
- if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize));
+ if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize))
return;
#endif
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Zhao Yakui <[email protected]>
patch d1ec7298fcefd7e4d1ca612da402ce9e5d5e2c13 in mainline.
It is important that these resources be reserved
to avoid conflicts with well known ACPI registers.
Signed-off-by: Zhao Yakui <[email protected]>
Signed-off-by: Len Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/pci/quirks.c | 6 ++++++
include/linux/pci_ids.h | 2 ++
2 files changed, 8 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -465,6 +465,12 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_0, quirk_ich6_lpc_acpi );
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_2, quirk_ich6_lpc_acpi );
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_3, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_1, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_4, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_2, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_4, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_7, quirk_ich6_lpc_acpi );
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_8, quirk_ich6_lpc_acpi );
/*
* VIA ACPI: One IO region pointed to by longword at
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2285,6 +2285,8 @@
#define PCI_DEVICE_ID_INTEL_ICH9_4 0x2914
#define PCI_DEVICE_ID_INTEL_ICH9_5 0x2919
#define PCI_DEVICE_ID_INTEL_ICH9_6 0x2930
+#define PCI_DEVICE_ID_INTEL_ICH9_7 0x2916
+#define PCI_DEVICE_ID_INTEL_ICH9_8 0x2918
#define PCI_DEVICE_ID_INTEL_82855PM_HB 0x3340
#define PCI_DEVICE_ID_INTEL_82830_HB 0x3575
#define PCI_DEVICE_ID_INTEL_82830_CGC 0x3577
--
NO! Wrong fix. Was dropped from mainline.
On Fri, Feb 01, 2008 at 04:39:08PM -0800, Christoph Lameter wrote:
> NO! Wrong fix. Was dropped from mainline.
Thanks for letting us know, now dropped.
greg k-h
On Fri, 1 Feb 2008, Justin M. Forbes wrote:
>
> On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> > NO! Wrong fix. Was dropped from mainline.
>
> What is the right fix for the OOM issues with 2.6.22? Perhaps
> http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
> the queue in its place? The OOM issue in 2.6.22 is real, and should be
> addressed.
Indeed that is the right fix.
On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> NO! Wrong fix. Was dropped from mainline.
What is the right fix for the OOM issues with 2.6.22? Perhaps
http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
the queue in its place? The OOM issue in 2.6.22 is real, and should be
addressed.
Justin
On Fri, 2008-02-01 at 17:30 -0800, Christoph Lameter wrote:
> On Fri, 1 Feb 2008, Justin M. Forbes wrote:
>
> >
> > On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> > > NO! Wrong fix. Was dropped from mainline.
> >
> > What is the right fix for the OOM issues with 2.6.22? Perhaps
> > http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
> > the queue in its place? The OOM issue in 2.6.22 is real, and should be
> > addressed.
>
> Indeed that is the right fix.
Greg, could we get that one added? We are already shipping it as our
users have run into the OOM problem with 2.6.22.16 without this patch.
Justin
On Saturday 02 of February 2008, you wrote:
> This is the start of the stable review cycle for the 2.6.22.17 release.
> There are 27 patches in this series, all will be posted as a response to
> this one. If anyone has any issues with these being applied, please let
> us know. If anyone is a maintainer of the proper subsystem, and wants
> to add a Signed-off-by: line to the patch, please respond with it.
btw. does this program hang for anyone on 2.6.22 (process in D state) ?
#include <stdio.h>
#include <sched.h>
int main( void )
{
cpu_set_t cpu;
int cpus = 0;
int ret;
ret = sched_getaffinity(getpid(), sizeof(cpu), &cpu);
printf( "cpus = %d, ret = %d\n", cpu, ret );
sched_setaffinity(getpid(), sizeof(cpu), &cpu);
printf( "ret = %d\n" );
return ret;
}
--
Arkadiusz Mi?kiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
On 2/2/08, Greg KH <[email protected]> wrote:
> This is the start of the stable review cycle for the 2.6.22.17 release.
> There are 27 patches in this series, all will be posted as a response to
> this one. If anyone has any issues with these being applied, please let
> us know. If anyone is a maintainer of the proper subsystem, and wants
> to add a Signed-off-by: line to the patch, please respond with it.
>
> These patches are sent out with a number of different people on the
> Cc: line. If you wish to be a reviewer, please email [email protected]
> to add your name to the list. If you want to be off the reviewer list,
> also email us.
>
> Responses should be made by Feb 5 2008, 00:00:00 UTC. Anything received
> after that time might be too late.
>
> Note, I think this is going to be the last .22 release, unless people
> send me some patches they think really needs to go in, and then, it will
> probably only be one more release. It's time to move on :)
hmm it is not a long time supperted kernel, like 2.6.16.y ? ;)
>
> thanks,
>
> the -stable release team
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
Thanks,
Oliver
On Mon, Feb 04, 2008 at 06:30:28PM +0100, Oliver Pinter (Pint?r Oliv?r) wrote:
> On 2/2/08, Greg KH <[email protected]> wrote:
> > This is the start of the stable review cycle for the 2.6.22.17 release.
> > There are 27 patches in this series, all will be posted as a response to
> > this one. If anyone has any issues with these being applied, please let
> > us know. If anyone is a maintainer of the proper subsystem, and wants
> > to add a Signed-off-by: line to the patch, please respond with it.
> >
> > These patches are sent out with a number of different people on the
> > Cc: line. If you wish to be a reviewer, please email [email protected]
> > to add your name to the list. If you want to be off the reviewer list,
> > also email us.
> >
> > Responses should be made by Feb 5 2008, 00:00:00 UTC. Anything received
> > after that time might be too late.
> >
> > Note, I think this is going to be the last .22 release, unless people
> > send me some patches they think really needs to go in, and then, it will
> > probably only be one more release. It's time to move on :)
>
> hmm it is not a long time supperted kernel, like 2.6.16.y ? ;)
No, it was because I wanted to keep it going for a while to make my life
easier at work. But now I've moved on to another kernel to base things
off of, and don't care so much about .22 :)
thanks,
greg k-h
On Fri, Feb 01, 2008 at 05:30:14PM -0800, Christoph Lameter wrote:
> On Fri, 1 Feb 2008, Justin M. Forbes wrote:
>
> >
> > On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> > > NO! Wrong fix. Was dropped from mainline.
> >
> > What is the right fix for the OOM issues with 2.6.22? Perhaps
> > http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
> > the queue in its place? The OOM issue in 2.6.22 is real, and should be
> > addressed.
>
> Indeed that is the right fix.
Can someone send it to me, in patch form so that I can apply it? Along
with the git id of the same patch in mainline please, I can't seem to
find it.
thanks,
greg k-h
Greg, the patch in queue-2.6.23 is good for it
but the git id.: 96990a4ae979df9e235d01097d6175759331e88c
-------
>From [email protected] Tue Jan 15 10:52:21 2008
From: Christoph Lameter <[email protected]>
Date: Wed, 16 Jan 2008 00:21:19 +0530
Subject: quicklists: Only consider memory that can be used with GFP_KERNEL
To: [email protected]
Cc: Andrew Morton <[email protected]>, [email protected],
[email protected]
Message-ID: <[email protected]>
Content-Disposition: inline
From: Christoph Lameter <[email protected]>
patch 96990a4ae979df9e235d01097d6175759331e88c in mainline.
Quicklists calculates the size of the quicklists based on the number of
free pages. This must be the number of free pages that can be allocated
with GFP_KERNEL. node_page_state() includes the pages in ZONE_HIGHMEM and
ZONE_MOVABLE which may lead the quicklists to become too large causing OOM.
Signed-off-by: Christoph Lameter <[email protected]>
Tested-by: Dhaval Giani <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/quicklist.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/mm/quicklist.c
+++ b/mm/quicklist.c
@@ -26,9 +26,17 @@ DEFINE_PER_CPU(struct quicklist, quickli
static unsigned long max_pages(unsigned long min_pages)
{
unsigned long node_free_pages, max;
+ struct zone *zones = NODE_DATA(numa_node_id())->node_zones;
+
+ node_free_pages =
+#ifdef CONFIG_ZONE_DMA
+ zone_page_state(&zones[ZONE_DMA], NR_FREE_PAGES) +
+#endif
+#ifdef CONFIG_ZONE_DMA32
+ zone_page_state(&zones[ZONE_DMA32], NR_FREE_PAGES) +
+#endif
+ zone_page_state(&zones[ZONE_NORMAL], NR_FREE_PAGES);
- node_free_pages = node_page_state(numa_node_id(),
- NR_FREE_PAGES);
max = node_free_pages / FRACTION_OF_NODE_MEM;
return max(max, min_pages);
}
On 2/6/08, Greg KH <[email protected]> wrote:
> On Fri, Feb 01, 2008 at 05:30:14PM -0800, Christoph Lameter wrote:
> > On Fri, 1 Feb 2008, Justin M. Forbes wrote:
> >
> > >
> > > On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> > > > NO! Wrong fix. Was dropped from mainline.
> > >
> > > What is the right fix for the OOM issues with 2.6.22? Perhaps
> > > http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
> > > the queue in its place? The OOM issue in 2.6.22 is real, and should be
> > > addressed.
> >
> > Indeed that is the right fix.
>
> Can someone send it to me, in patch form so that I can apply it? Along
> with the git id of the same patch in mainline please, I can't seem to
> find it.
>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
Thanks,
Oliver
for 2.6.22
---------- Forwarded message ----------
From: Oliver Pinter <[email protected]>
Date: Thu, 7 Feb 2008 00:11:58 +0100
Subject: Re: [patch 22/27] quicklist: Set tlb->need_flush if pages are
remaining in quicklist 0
To: Greg KH <[email protected]>
Cc: Christoph Lameter <[email protected]>, "Justin M. Forbes"
<[email protected]>, Greg KH <[email protected]>,
[email protected], [email protected],
[email protected], Zwane Mwaikambo
<[email protected]>, Theodore Ts'o <[email protected]>, Randy Dunlap
<[email protected]>, Dave Jones <[email protected]>, Chuck Wolber
<[email protected]>, Chris Wedgwood <[email protected]>,
Michael Krufky <[email protected]>, Chuck Ebbert
<[email protected]>, Domenico Andreoli <[email protected]>,
[email protected], [email protected],
[email protected]
Greg, the patch in queue-2.6.23 is good for it
but the git id.: 96990a4ae979df9e235d01097d6175759331e88c
-------
>From [email protected] Tue Jan 15 10:52:21 2008
From: Christoph Lameter <[email protected]>
Date: Wed, 16 Jan 2008 00:21:19 +0530
Subject: quicklists: Only consider memory that can be used with GFP_KERNEL
To: [email protected]
Cc: Andrew Morton <[email protected]>, [email protected],
[email protected]
Message-ID: <[email protected]>
Content-Disposition: inline
From: Christoph Lameter <[email protected]>
patch 96990a4ae979df9e235d01097d6175759331e88c in mainline.
Quicklists calculates the size of the quicklists based on the number of
free pages. This must be the number of free pages that can be allocated
with GFP_KERNEL. node_page_state() includes the pages in ZONE_HIGHMEM and
ZONE_MOVABLE which may lead the quicklists to become too large causing OOM.
Signed-off-by: Christoph Lameter <[email protected]>
Tested-by: Dhaval Giani <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/quicklist.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/mm/quicklist.c
+++ b/mm/quicklist.c
@@ -26,9 +26,17 @@ DEFINE_PER_CPU(struct quicklist, quickli
static unsigned long max_pages(unsigned long min_pages)
{
unsigned long node_free_pages, max;
+ struct zone *zones = NODE_DATA(numa_node_id())->node_zones;
+
+ node_free_pages =
+#ifdef CONFIG_ZONE_DMA
+ zone_page_state(&zones[ZONE_DMA], NR_FREE_PAGES) +
+#endif
+#ifdef CONFIG_ZONE_DMA32
+ zone_page_state(&zones[ZONE_DMA32], NR_FREE_PAGES) +
+#endif
+ zone_page_state(&zones[ZONE_NORMAL], NR_FREE_PAGES);
- node_free_pages = node_page_state(numa_node_id(),
- NR_FREE_PAGES);
max = node_free_pages / FRACTION_OF_NODE_MEM;
return max(max, min_pages);
}
On 2/6/08, Greg KH <[email protected]> wrote:
> On Fri, Feb 01, 2008 at 05:30:14PM -0800, Christoph Lameter wrote:
> > On Fri, 1 Feb 2008, Justin M. Forbes wrote:
> >
> > >
> > > On Fri, 2008-02-01 at 16:39 -0800, Christoph Lameter wrote:
> > > > NO! Wrong fix. Was dropped from mainline.
> > >
> > > What is the right fix for the OOM issues with 2.6.22? Perhaps
> > > http://marc.info/?l=linux-mm&m=119973653803451&w=2 should be added to
> > > the queue in its place? The OOM issue in 2.6.22 is real, and should be
> > > addressed.
> >
> > Indeed that is the right fix.
>
> Can someone send it to me, in patch form so that I can apply it? Along
> with the git id of the same patch in mainline please, I can't seem to
> find it.
>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
Thanks,
Oliver
--
Thanks,
Oliver