This is the start of the stable review cycle for the 2.6.22.15 release.
There are 36 patches in this series, all will be posted as a response to
this one. If anyone has any issues with these being applied, please let
us know. If anyone is a maintainer of the proper subsystem, and wants
to add a Signed-off-by: line to the patch, please respond with it.
These patches are sent out with a number of different people on the Cc:
line. If you wish to be a reviewer, please email [email protected] to
add your name to the list. If you want to be off the reviewer list,
also email us.
Responses should be made by Friday, Dec 14 20:00:00 UTC. Anything
received after that time might be too late.
thanks,
greg k-h
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Luca Tettamanti <[email protected]>
atl1: disable broken 64-bit DMA
[ Upstream commit: 5f08e46b621a769e52a9545a23ab1d5fb2aec1d4 ]
The L1 network chip can DMA to 64-bit addresses, but multiple descriptor
rings share a single register for the high 32 bits of their address, so
only a single, aligned, 4 GB physical address range can be used at a time.
As a result, we need to confine the driver to a 32-bit DMA mask, otherwise
we see occasional data corruption errors in systems containing 4 or more
gigabytes of RAM.
Signed-off-by: Luca Tettamanti <[email protected]>
Signed-off-by: Jay Cliburn <[email protected]>
Acked-by: Chris Snook <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/atl1/atl1_main.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
--- a/drivers/net/atl1/atl1_main.c
+++ b/drivers/net/atl1/atl1_main.c
@@ -2097,21 +2097,26 @@ static int __devinit atl1_probe(struct p
struct net_device *netdev;
struct atl1_adapter *adapter;
static int cards_found = 0;
- bool pci_using_64 = true;
int err;
err = pci_enable_device(pdev);
if (err)
return err;
- err = pci_set_dma_mask(pdev, DMA_64BIT_MASK);
+ /*
+ * The atl1 chip can DMA to 64-bit addresses, but it uses a single
+ * shared register for the high 32 bits, so only a single, aligned,
+ * 4 GB physical address range can be used at a time.
+ *
+ * Supporting 64-bit DMA on this hardware is more trouble than it's
+ * worth. It is far easier to limit to 32-bit DMA than update
+ * various kernel subsystems to support the mechanics required by a
+ * fixed-high-32-bit system.
+ */
+ err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
if (err) {
- err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
- if (err) {
- dev_err(&pdev->dev, "no usable DMA configuration\n");
- goto err_dma;
- }
- pci_using_64 = false;
+ dev_err(&pdev->dev, "no usable DMA configuration\n");
+ goto err_dma;
}
/* Mark all PCI regions associated with PCI device
* pdev as being reserved by owner atl1_driver_name
@@ -2176,7 +2181,6 @@ static int __devinit atl1_probe(struct p
netdev->ethtool_ops = &atl1_ethtool_ops;
adapter->bd_number = cards_found;
- adapter->pci_using_64 = pci_using_64;
/* setup the private structure */
err = atl1_sw_init(adapter);
@@ -2193,9 +2197,6 @@ static int __devinit atl1_probe(struct p
*/
/* netdev->features |= NETIF_F_TSO; */
- if (pci_using_64)
- netdev->features |= NETIF_F_HIGHDMA;
-
netdev->features |= NETIF_F_LLTX;
/*
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Christian Borntraeger <[email protected]>
commit 5d0360ee96a5ef953dbea45873c2a8c87e77d59b upstream.
We have seen ramdisk based install systems, where some pages of mapped
libraries and programs were suddendly zeroed under memory pressure. This
should not happen, as the ramdisk avoids freeing its pages by keeping
them dirty all the time.
It turns out that there is a case, where the VM makes a ramdisk page
clean, without telling the ramdisk driver. On memory pressure
shrink_zone runs and it starts to run shrink_active_list. There is a
check for buffer_heads_over_limit, and if true, pagevec_strip is called.
pagevec_strip calls try_to_release_page. If the mapping has no
releasepage callback, try_to_free_buffers is called. try_to_free_buffers
has now a special logic for some file systems to make a dirty page
clean, if all buffers are clean. Thats what happened in our test case.
The simplest solution is to provide a noop-releasepage callback for the
ramdisk driver. This avoids try_to_free_buffers for ramdisk pages.
Signed-off-by: Christian Borntraeger <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
Acked-by: Nick Piggin <[email protected]>
Cc: "Eric W. Biederman" <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/block/rd.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/block/rd.c
+++ b/drivers/block/rd.c
@@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct
return 0;
}
+/*
+ * releasepage is called by pagevec_strip/try_to_release_page if
+ * buffers_heads_over_limit is true. Without a releasepage function
+ * try_to_free_buffers is called instead. That can unset the dirty
+ * bit of our ram disk pages, which will be eventually freed, even
+ * if the page is still in use.
+ */
+static int ramdisk_releasepage(struct page *page, gfp_t dummy)
+{
+ return 0;
+}
+
static const struct address_space_operations ramdisk_aops = {
.readpage = ramdisk_readpage,
.prepare_write = ramdisk_prepare_write,
@@ -196,6 +208,7 @@ static const struct address_space_operat
.writepage = ramdisk_writepage,
.set_page_dirty = ramdisk_set_page_dirty,
.writepages = ramdisk_writepages,
+ .releasepage = ramdisk_releasepage,
};
static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector,
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Scott James Remnant <[email protected]>
patch e6ceb32aa25fc33f21af84cc7a32fe289b3e860c in mainline.
In wait_task_stopped() exit_code already contains the right value for the
si_status member of siginfo, and this is simply set in the non WNOWAIT
case.
If you call waitid() with a stopped or traced process, you'll get the signal
in siginfo.si_status as expected -- however if you call waitid(WNOWAIT) at the
same time, you'll get the signal << 8 | 0x7f
Pass it unchanged to wait_noreap_copyout(); we would only need to shift it
and add 0x7f if we were returning it in the user status field and that
isn't used for any function that permits WNOWAIT.
Signed-off-by: Scott James Remnant <[email protected]>
Signed-off-by: Oleg Nesterov <[email protected]>
Cc: Roland McGrath <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/exit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1339,7 +1339,7 @@ static int wait_task_stopped(struct task
if (unlikely(!exit_code) || unlikely(p->exit_state))
goto bail_ref;
return wait_noreap_copyout(p, pid, uid,
- why, (exit_code << 8) | 0x7f,
+ why, exit_code,
infop, ru);
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Oliver Neukum <[email protected]>
patch 5cf1973a44bd298e3cfce6f6af8faa8c9d0a6d55 in mainline
to make HAL like the microtek driver's devices the parent must be
correctly set.
Signed-off-by: Oliver Neukum <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/image/microtek.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/image/microtek.c
+++ b/drivers/usb/image/microtek.c
@@ -823,7 +823,7 @@ static int mts_usb_probe(struct usb_inte
goto out_kfree2;
new_desc->host->hostdata[0] = (unsigned long)new_desc;
- if (scsi_add_host(new_desc->host, NULL)) {
+ if (scsi_add_host(new_desc->host, &dev->dev)) {
err_retval = -EIO;
goto out_host_put;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Brownell <[email protected]>
patch 1cb52658b4f5b10a9e91f8e1c21ca2bcc1b9a3ca in mainline.
A recent patch added software synchronization during EHCI startup,
so ports aren't switched away from the companion controllers after
resets have started. This patch adds a short delay letting hardware
finish that port switching before any new resets begin ... so both
ends of that hardware race window are closed.
Signed-off-by: David Brownell <[email protected]>
Cc: Dave Miller <[email protected]>
Cc: Dely Sy <[email protected]>
Cc: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/host/ehci-hcd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/ehci-hcd.c
+++ b/drivers/usb/host/ehci-hcd.c
@@ -571,12 +571,15 @@ static int ehci_run (struct usb_hcd *hcd
* from the companions to the EHCI controller. If any of the
* companions are in the middle of a port reset at the time, it
* could cause trouble. Write-locking ehci_cf_port_reset_rwsem
- * guarantees that no resets are in progress.
+ * guarantees that no resets are in progress. After we set CF,
+ * a short delay lets the hardware catch up; new resets shouldn't
+ * be started before the port switching actions could complete.
*/
down_write(&ehci_cf_port_reset_rwsem);
hcd->state = HC_STATE_RUNNING;
ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
+ msleep(5);
up_write(&ehci_cf_port_reset_rwsem);
temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Hugh Dickins <[email protected]>
patch e84e2e132c9c66d8498e7710d4ea532d1feaaac5 in mainline
tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
which shmem_getpage receives the page from its caller instead of allocating.
We must cover this case by clear_highpage before SetPageUptodate, as before.
Signed-off-by: Hugh Dickins <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/shmem.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1066,7 +1066,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem
pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
pvma.vm_pgoff = idx;
pvma.vm_end = PAGE_SIZE;
- page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
+ page = alloc_page_vma(gfp, &pvma, 0);
mpol_free(pvma.vm_policy);
return page;
}
@@ -1086,7 +1086,7 @@ shmem_swapin(struct shmem_inode_info *in
static inline struct page *
shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
{
- return alloc_page(gfp | __GFP_ZERO);
+ return alloc_page(gfp);
}
#endif
@@ -1295,6 +1295,7 @@ repeat:
info->alloced++;
spin_unlock(&info->lock);
+ clear_highpage(filepage);
flush_dcache_page(filepage);
SetPageUptodate(filepage);
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Li Zefan <[email protected]>
This patch fixes an incorrect memset in the NAT code, causing
misbehaviour when unloading and reloading the NAT module.
Applies to stable-2.6.22 and stable-2.6.23.
Please apply, thanks.
[NETFILTER]: nf_nat: fix memset error
Upstream commit e0bf9cf15fc30d300b7fbd821c6bc975531fab44
The size passing to memset is the size of a pointer. Fixes
misbehaviour when unloading and reloading the NAT module.
Signed-off-by: Li Zefan <[email protected]>
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/netfilter/nf_nat_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -633,7 +633,7 @@ static int clean_nat(struct nf_conn *i,
if (!nat)
return 0;
- memset(nat, 0, sizeof(nat));
+ memset(nat, 0, sizeof(*nat));
i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
return 0;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <[email protected]>
It's upstream changeset ef19454bd437b2ba14c9cda1de85debd9f383484.
[LIB] crc32c: Keep intermediate crc state in cpu order
crypto/crc32.c:chksum_final() is computing the digest as
*(__le32 *)out = ~cpu_to_le32(mctx->crc);
so the low-level crc32c_le routines should just keep
the crc in cpu order, otherwise it is getting swabbed
one too many times on big-endian machines.
Signed-off-by: Benny Halevy <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
lib/libcrc32c.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/lib/libcrc32c.c
+++ b/lib/libcrc32c.c
@@ -33,7 +33,6 @@
#include <linux/crc32c.h>
#include <linux/compiler.h>
#include <linux/module.h>
-#include <asm/byteorder.h>
MODULE_AUTHOR("Clay Haapala <[email protected]>");
MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
@@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
*/
u32 __attribute_pure__
-crc32c_le(u32 seed, unsigned char const *data, size_t length)
+crc32c_le(u32 crc, unsigned char const *data, size_t length)
{
- u32 crc = __cpu_to_le32(seed);
-
while (length--)
crc =
crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
- return __le32_to_cpu(crc);
+ return crc;
}
#endif /* CRC_LE_BITS == 8 */
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Karsten Keil <[email protected]>
patch 0f13864e5b24d9cbe18d125d41bfa4b726a82e40 in mainline.
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
Signed-off-by: Karsten Keil <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/isdn/i4l/isdn_net.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/isdn/i4l/isdn_net.c
+++ b/drivers/isdn/i4l/isdn_net.c
@@ -2126,7 +2126,7 @@ isdn_net_find_icall(int di, int ch, int
u_long flags;
isdn_net_dev *p;
isdn_net_phone *n;
- char nr[32];
+ char nr[ISDN_MSNLEN];
char *my_eaz;
/* Search name in netdev-chain */
@@ -2135,7 +2135,7 @@ isdn_net_find_icall(int di, int ch, int
nr[1] = '\0';
printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
} else
- strcpy(nr, setup->phone);
+ strlcpy(nr, setup->phone, ISDN_MSNLEN);
si1 = (int) setup->si1;
si2 = (int) setup->si2;
if (!setup->eazmsn[0]) {
@@ -2802,7 +2802,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg
chidx = -1;
}
}
- strcpy(lp->msn, cfg->eaz);
+ strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
lp->pre_device = drvidx;
lp->pre_channel = chidx;
lp->onhtime = cfg->onhtime;
@@ -2951,7 +2951,7 @@ isdn_net_addphone(isdn_net_ioctl_phone *
if (p) {
if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
return -ENOMEM;
- strcpy(n->num, phone->phone);
+ strlcpy(n->num, phone->phone, sizeof(n->num));
n->next = p->local->phone[phone->outgoing & 1];
p->local->phone[phone->outgoing & 1] = n;
return 0;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Thomas Gleixner <[email protected]>
patch 62f0f61e6673e67151a7c8c0f9a09c7ea43fe2b5 in mainline
Relative hrtimers with a large timeout value might end up as negative
timer values, when the current time is added in hrtimer_start().
This in turn is causing the clockevents_set_next() function to set an
huge timeout and sleep for quite a long time when we have a clock
source which is capable of long sleeps like HPET. With PIT this almost
goes unnoticed as the maximum delta is ~27ms. The non-hrt/nohz code
sorts this out in the next timer interrupt, so we never noticed that
problem which has been there since the first day of hrtimers.
This bug became more apparent in 2.6.24 which activates HPET on more
hardware.
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/hrtimer.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -825,6 +825,14 @@ hrtimer_start(struct hrtimer *timer, kti
#ifdef CONFIG_TIME_LOW_RES
tim = ktime_add(tim, base->resolution);
#endif
+ /*
+ * Careful here: User space might have asked for a
+ * very long sleep, so the add above might result in a
+ * negative number, which enqueues the timer in front
+ * of the queue.
+ */
+ if (tim.tv64 < 0)
+ tim.tv64 = KTIME_MAX;
}
timer->expires = tim;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Karsten Keil <[email protected]>
patch eafe1aa37e6ec2d56f14732b5240c4dd09f0613a in mainline.
Fix possible memory overrun issue in the isdn ioctl code. Found by ADLAB
<[email protected]>
Signed-off-by: Karsten Keil <[email protected]>
Cc: ADLAB <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/isdn/i4l/isdn_common.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/isdn/i4l/isdn_common.c
+++ b/drivers/isdn/i4l/isdn_common.c
@@ -1514,6 +1514,7 @@ isdn_ioctl(struct inode *inode, struct f
if (copy_from_user(&iocts, argp,
sizeof(isdn_ioctl_struct)))
return -EFAULT;
+ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
if (strlen(iocts.drvid)) {
if ((p = strchr(iocts.drvid, ',')))
*p = 0;
@@ -1598,6 +1599,7 @@ isdn_ioctl(struct inode *inode, struct f
if (copy_from_user(&iocts, argp,
sizeof(isdn_ioctl_struct)))
return -EFAULT;
+ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
if (strlen(iocts.drvid)) {
drvidx = -1;
for (i = 0; i < ISDN_MAX_DRIVERS; i++)
@@ -1642,7 +1644,7 @@ isdn_ioctl(struct inode *inode, struct f
} else {
p = (char __user *) iocts.arg;
for (i = 0; i < 10; i++) {
- sprintf(bname, "%s%s",
+ snprintf(bname, sizeof(bname), "%s%s",
strlen(dev->drv[drvidx]->msn2eaz[i]) ?
dev->drv[drvidx]->msn2eaz[i] : "_",
(i < 9) ? "," : "\0");
@@ -1672,6 +1674,7 @@ isdn_ioctl(struct inode *inode, struct f
char *p;
if (copy_from_user(&iocts, argp, sizeof(isdn_ioctl_struct)))
return -EFAULT;
+ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
if (strlen(iocts.drvid)) {
if ((p = strchr(iocts.drvid, ',')))
*p = 0;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Steven Rostedt <[email protected]>
patch ce6bd420f43b28038a2c6e8fbb86ad24014727b6 in mainline.
David Holmes found a bug in the -rt tree with respect to
pthread_cond_timedwait. After trying his test program on the latest git
from mainline, I found the bug was there too. The bug he was seeing
that his test program showed, was that if one were to do a "Ctrl-Z" on a
process that was in the pthread_cond_timedwait, and then did a "bg" on
that process, it would return with a "-ETIMEDOUT" but early. That is,
the timer would go off early.
Looking into this, I found the source of the problem. And it is a rather
nasty bug at that.
Here's the relevant code from kernel/futex.c: (not in order in the file)
[...]
smlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
struct timespec __user *utime, u32 __user *uaddr2,
u32 val3)
{
struct timespec ts;
ktime_t t, *tp = NULL;
u32 val2 = 0;
int cmd = op & FUTEX_CMD_MASK;
if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI)) {
if (copy_from_user(&ts, utime, sizeof(ts)) != 0)
return -EFAULT;
if (!timespec_valid(&ts))
return -EINVAL;
t = timespec_to_ktime(ts);
if (cmd == FUTEX_WAIT)
t = ktime_add(ktime_get(), t);
tp = &t;
}
[...]
return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
}
[...]
long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout,
u32 __user *uaddr2, u32 val2, u32 val3)
{
int ret;
int cmd = op & FUTEX_CMD_MASK;
struct rw_semaphore *fshared = NULL;
if (!(op & FUTEX_PRIVATE_FLAG))
fshared = ¤t->mm->mmap_sem;
switch (cmd) {
case FUTEX_WAIT:
ret = futex_wait(uaddr, fshared, val, timeout);
[...]
static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
u32 val, ktime_t *abs_time)
{
[...]
struct restart_block *restart;
restart = ¤t_thread_info()->restart_block;
restart->fn = futex_wait_restart;
restart->arg0 = (unsigned long)uaddr;
restart->arg1 = (unsigned long)val;
restart->arg2 = (unsigned long)abs_time;
restart->arg3 = 0;
if (fshared)
restart->arg3 |= ARG3_SHARED;
return -ERESTART_RESTARTBLOCK;
[...]
static long futex_wait_restart(struct restart_block *restart)
{
u32 __user *uaddr = (u32 __user *)restart->arg0;
u32 val = (u32)restart->arg1;
ktime_t *abs_time = (ktime_t *)restart->arg2;
struct rw_semaphore *fshared = NULL;
restart->fn = do_no_restart_syscall;
if (restart->arg3 & ARG3_SHARED)
fshared = ¤t->mm->mmap_sem;
return (long)futex_wait(uaddr, fshared, val, abs_time);
}
So when the futex_wait is interrupt by a signal we break out of the
hrtimer code and set up or return from signal. This code does not return
back to userspace, so we set up a RESTARTBLOCK. The bug here is that we
save the "abs_time" which is a pointer to the stack variable "ktime_t t"
from sys_futex.
This returns and unwinds the stack before we get to call our signal. On
return from the signal we go to futex_wait_restart, where we update all
the parameters for futex_wait and call it. But here we have a problem
where abs_time is no longer valid.
I verified this with print statements, and sure enough, what abs_time
was set to ends up being garbage when we get to futex_wait_restart.
The solution I did to solve this (with input from Linus Torvalds)
was to add unions to the restart_block to allow system calls to
use the restart with specific parameters. This way the futex code now
saves the time in a 64bit value in the restart block instead of storing
it on the stack.
Note: I'm a bit nervious to add "linux/types.h" and use u32 and u64
in thread_info.h, when there's a #ifdef __KERNEL__ just below that.
Not sure what that is there for. If this turns out to be a problem, I've
tested this with using "unsigned int" for u32 and "unsigned long long" for
u64 and it worked just the same. I'm using u32 and u64 just to be
consistent with what the futex code uses.
Signed-off-by: Steven Rostedt <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Acked-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/linux/thread_info.h | 17 +++++++++++++++--
kernel/futex.c | 25 +++++++++++++------------
2 files changed, 28 insertions(+), 14 deletions(-)
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -7,12 +7,25 @@
#ifndef _LINUX_THREAD_INFO_H
#define _LINUX_THREAD_INFO_H
+#include <linux/types.h>
+
/*
- * System call restart block.
+ * System call restart block.
*/
struct restart_block {
long (*fn)(struct restart_block *);
- unsigned long arg0, arg1, arg2, arg3;
+ union {
+ struct {
+ unsigned long arg0, arg1, arg2, arg3;
+ };
+ /* For futex_wait */
+ struct {
+ u32 *uaddr;
+ u32 val;
+ u32 flags;
+ u64 time;
+ } futex;
+ };
};
extern long do_no_restart_syscall(struct restart_block *parm);
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1129,9 +1129,9 @@ static int fixup_pi_state_owner(u32 __us
/*
* In case we must use restart_block to restart a futex_wait,
- * we encode in the 'arg3' shared capability
+ * we encode in the 'flags' shared capability
*/
-#define ARG3_SHARED 1
+#define FLAGS_SHARED 1
static long futex_wait_restart(struct restart_block *restart);
static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
@@ -1272,12 +1272,13 @@ static int futex_wait(u32 __user *uaddr,
struct restart_block *restart;
restart = ¤t_thread_info()->restart_block;
restart->fn = futex_wait_restart;
- restart->arg0 = (unsigned long)uaddr;
- restart->arg1 = (unsigned long)val;
- restart->arg2 = (unsigned long)abs_time;
- restart->arg3 = 0;
+ restart->futex.uaddr = (u32 *)uaddr;
+ restart->futex.val = val;
+ restart->futex.time = abs_time->tv64;
+ restart->futex.flags = 0;
+
if (fshared)
- restart->arg3 |= ARG3_SHARED;
+ restart->futex.flags |= FLAGS_SHARED;
return -ERESTART_RESTARTBLOCK;
}
@@ -1293,15 +1294,15 @@ static int futex_wait(u32 __user *uaddr,
static long futex_wait_restart(struct restart_block *restart)
{
- u32 __user *uaddr = (u32 __user *)restart->arg0;
- u32 val = (u32)restart->arg1;
- ktime_t *abs_time = (ktime_t *)restart->arg2;
+ u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
struct rw_semaphore *fshared = NULL;
+ ktime_t t;
+ t.tv64 = restart->futex.time;
restart->fn = do_no_restart_syscall;
- if (restart->arg3 & ARG3_SHARED)
+ if (restart->futex.flags & FLAGS_SHARED)
fshared = ¤t->mm->mmap_sem;
- return (long)futex_wait(uaddr, fshared, val, abs_time);
+ return (long)futex_wait(uaddr, fshared, restart->futex.val, &t);
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Ayaz Abdulla <[email protected]>
patch 490dde8990c55662596a4be71b5070bd7d382d4a in mainline.
This patch adds new device ids and features for mcp79 devices into the
forcedeth driver.
Signed-off-by: Ayaz Abdulla <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
index 92ce2e3..f9ba0ac 100644
---
drivers/net/forcedeth.c | 16 ++++++++++++++++
include/linux/pci_ids.h | 4 ++++
2 files changed, 20 insertions(+)
--- a/drivers/net/forcedeth.c
+++ b/drivers/net/forcedeth.c
@@ -5553,6 +5553,22 @@ static struct pci_device_id pci_tbl[] =
PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_27),
.driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_HIGH_DMA|DEV_HAS_POWER_CNTRL|DEV_HAS_MSI|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
},
+ { /* MCP79 Ethernet Controller */
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_36),
+ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
+ },
+ { /* MCP79 Ethernet Controller */
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_37),
+ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
+ },
+ { /* MCP79 Ethernet Controller */
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_38),
+ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
+ },
+ { /* MCP79 Ethernet Controller */
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_39),
+ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
+ },
{0,},
};
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1239,6 +1239,10 @@
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP67_IDE 0x0560
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP73_IDE 0x056C
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP77_IDE 0x0759
+#define PCI_DEVICE_ID_NVIDIA_NVENET_36 0x0AB0
+#define PCI_DEVICE_ID_NVIDIA_NVENET_37 0x0AB1
+#define PCI_DEVICE_ID_NVIDIA_NVENET_38 0x0AB2
+#define PCI_DEVICE_ID_NVIDIA_NVENET_39 0x0AB3
#define PCI_VENDOR_ID_IMS 0x10e0
#define PCI_DEVICE_ID_IMS_TT128 0x9128
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Ayaz Abdulla <[email protected]>
patch 9e555930bd873d238f5f7b9d76d3bf31e6e3ce93 in mainline.
Fix a long boot delay in the forcedeth driver. During initialization, the
timeout for the handshake between mgmt unit and driver can be very long.
The patch reduces the timeout by eliminating a extra loop around the
timeout logic.
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9308
Signed-off-by: Ayaz Abdulla <[email protected]>
Cc: Alex Howells <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/forcedeth.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
--- a/drivers/net/forcedeth.c
+++ b/drivers/net/forcedeth.c
@@ -5283,19 +5283,15 @@ static int __devinit nv_probe(struct pci
if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
- for (i = 0; i < 5000; i++) {
- msleep(1);
- if (nv_mgmt_acquire_sema(dev)) {
- /* management unit setup the phy already? */
- if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
- NVREG_XMITCTL_SYNC_PHY_INIT) {
- /* phy is inited by mgmt unit */
- phyinitialized = 1;
- dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
- } else {
- /* we need to init the phy */
- }
- break;
+ if (nv_mgmt_acquire_sema(dev)) {
+ /* management unit setup the phy already? */
+ if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
+ NVREG_XMITCTL_SYNC_PHY_INIT) {
+ /* phy is inited by mgmt unit */
+ phyinitialized = 1;
+ dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
+ } else {
+ /* we need to init the phy */
}
}
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Sam Jansen <[email protected]>
[TCP]: Problem bug with sysctl_tcp_congestion_control function
[ Upstream commit: 5487796f0c9475586277a0a7a91211ce5746fa6a ]
sysctl_tcp_congestion_control seems to have a bug that prevents it
from actually calling the tcp_set_default_congestion_control
function. This is not so apparent because it does not return an error
and generally the /proc interface is used to configure the default TCP
congestion control algorithm. This is present in 2.6.18 onwards and
probably earlier, though I have not inspected 2.6.15--2.6.17.
sysctl_tcp_congestion_control calls sysctl_string and expects a successful
return code of 0. In such a case it actually sets the congestion control
algorithm with tcp_set_default_congestion_control. Otherwise, it returns the
value returned by sysctl_string. This was correct in 2.6.14, as sysctl_string
returned 0 on success. However, sysctl_string was updated to return 1 on
success around about 2.6.15 and sysctl_tcp_congestion_control was not updated.
Even though sysctl_tcp_congestion_control returns 1, do_sysctl_strategy
converts this return code to '0', so the caller never notices the error.
Signed-off-by: David S. Miller <[email protected]>
Cc: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/sysctl_net_ipv4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control
tcp_get_default_congestion_control(val);
ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
- if (ret == 0 && newval && newlen)
+ if (ret == 1 && newval && newlen)
ret = tcp_set_default_congestion_control(val);
return ret;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Jean Delvare <[email protected]>
patch b64d70825abbf706bbe80be1b11b09514b71f45e in mainline.
The code in fb_ddc_read() is said to be based on the implementation of the
radeon driver:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc5891c8a3ba284f13994d7bc1f1bfa8283982de
However, comparing the old radeon driver code with the new fb_ddc code
reveals some differences. Most notably, the I2C bus lines are held at the
end of the function, while the original code was releasing them (as the
comment above correctly says.)
There are a few other differences, which appear to be responsible for read
failures on my system. While tracing low-level I2C code in i2c-algo-bit, I
noticed that the initial attempt to read the EDID always failed. It takes
one retry for the read to succeed. As we are about to remove this
automatic retry property from i2c-algo-bit, reading the EDID would really
fail.
As a summary, the I2C lines quirk which is supposedly needed to read EDID
on some older monitors is currently breaking the (first) read on all other
monitors (and might not even work with older ones - did anyone try since
October 2006?)
After applying the patch below, which makes the code in fb_ddc_read()
really similar to what the radeon driver used to have, the first EDID read
succeeds again.
On top of that, as it appears that this code has been broken for one year
now and nobody seems to have complained, I'm curious if it makes sense to
keep this quirk in place. It makes the code more complex and slower just
for the sake of monitors which I guess nobody uses anymore. Can't we just
get rid of it?
Signed-off-by: Jean Delvare <[email protected]>
Acked-by: Benjamin Herrenschmidt <[email protected]>
Tested-by: Roger Leigh <[email protected]>
Tested-by: Michael Buesch <[email protected]>
Cc: "Antonino A. Daplas" <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/video/fb_ddc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/video/fb_ddc.c
+++ b/drivers/video/fb_ddc.c
@@ -56,13 +56,12 @@ unsigned char *fb_ddc_read(struct i2c_ad
int i, j;
algo_data->setscl(algo_data->data, 1);
- algo_data->setscl(algo_data->data, 0);
for (i = 0; i < 3; i++) {
/* For some old monitors we need the
* following process to initialize/stop DDC
*/
- algo_data->setsda(algo_data->data, 0);
+ algo_data->setsda(algo_data->data, 1);
msleep(13);
algo_data->setscl(algo_data->data, 1);
@@ -97,14 +96,15 @@ unsigned char *fb_ddc_read(struct i2c_ad
algo_data->setsda(algo_data->data, 1);
msleep(15);
algo_data->setscl(algo_data->data, 0);
+ algo_data->setsda(algo_data->data, 0);
if (edid)
break;
}
/* Release the DDC lines when done or the Apple Cinema HD display
* will switch off
*/
- algo_data->setsda(algo_data->data, 0);
- algo_data->setscl(algo_data->data, 0);
+ algo_data->setsda(algo_data->data, 1);
+ algo_data->setscl(algo_data->data, 1);
return edid;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Ilpo J?rvinen <[email protected]>
[TCP] MTUprobe: fix potential sk_send_head corruption
[ Upstream commit: 6e42141009ff18297fe19d19296738b742f861db ]
When the abstraction functions got added, conversion here was
made incorrectly. As a result, the skb may end up pointing
to skb which got included to the probe skb and then was freed.
For it to trigger, however, skb_transmit must fail sending as
well.
Signed-off-by: Ilpo J?rvinen <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Cc: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/net/tcp.h | 3 +++
net/ipv4/tcp_output.c | 1 -
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1258,6 +1258,9 @@ static inline void tcp_insert_write_queu
struct sock *sk)
{
__skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
+
+ if (sk->sk_send_head == skb)
+ sk->sk_send_head = new;
}
static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1279,7 +1279,6 @@ static int tcp_mtu_probe(struct sock *sk
skb = tcp_send_head(sk);
tcp_insert_write_queue_before(nskb, skb, sk);
- tcp_advance_send_head(sk, skb);
TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Charles Hardin <[email protected]>
[PFKEY]: Sending an SADB_GET responds with an SADB_GET
[ Upstream commit: 435000bebd94aae3a7a50078d142d11683d3b193 ]
Kernel needs to respond to an SADB_GET with the same message type to
conform to the RFC 2367 Section 3.1.5
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/key/af_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1543,7 +1543,7 @@ static int pfkey_get(struct sock *sk, st
out_hdr = (struct sadb_msg *) out_skb->data;
out_hdr->sadb_msg_version = hdr->sadb_msg_version;
- out_hdr->sadb_msg_type = SADB_DUMP;
+ out_hdr->sadb_msg_type = SADB_GET;
out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
out_hdr->sadb_msg_errno = 0;
out_hdr->sadb_msg_reserved = 0;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Eric Dumazet <[email protected]>
[NET]: Corrects a bug in ip_rt_acct_read()
[ Upstream commit: 483b23ffa3a5f44767038b0a676d757e0668437e ]
It seems that stats of cpu 0 are counted twice, since
for_each_possible_cpu() is looping on all possible cpus, including 0
Before percpu conversion of ip_rt_acct, we should also remove the
assumption that CPU 0 is online (or even possible)
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/route.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3150,18 +3150,14 @@ static int ip_rt_acct_read(char *buffer,
offset /= sizeof(u32);
if (length > 0) {
- u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
u32 *dst = (u32 *) buffer;
- /* Copy first cpu. */
*start = buffer;
- memcpy(dst, src, length);
+ memset(dst, 0, length);
- /* Add the other cpus in, one int at a time */
for_each_possible_cpu(i) {
unsigned int j;
-
- src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
+ u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
for (j = 0; j < length/4; j++)
dst[j] += src[j];
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Adrian Bunk <[email protected]>
[IPV4]: Remove bogus ifdef mess in arp_process
[ Upstream commit: 3660019e5f96fd9a8b7d4214a96523c0bf7b676d ]
The #ifdef's in arp_process() were not only a mess, they were also wrong
in the CONFIG_NET_ETHERNET=n and (CONFIG_NETDEV_1000=y or
CONFIG_NETDEV_10000=y) cases.
Since they are not required this patch removes them.
Also removed are some #ifdef's around #include's that caused compile
errors after this change.
Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Cc: David Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/arp.c | 19 -------------------
1 file changed, 19 deletions(-)
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -110,12 +110,8 @@
#include <net/tcp.h>
#include <net/sock.h>
#include <net/arp.h>
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
#include <net/ax25.h>
-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
#include <net/netrom.h>
-#endif
-#endif
#if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
#include <net/atmclip.h>
struct neigh_table *clip_tbl_hook;
@@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *s
htons(dev_type) != arp->ar_hrd)
goto out;
break;
-#ifdef CONFIG_NET_ETHERNET
case ARPHRD_ETHER:
-#endif
-#ifdef CONFIG_TR
case ARPHRD_IEEE802_TR:
-#endif
-#ifdef CONFIG_FDDI
case ARPHRD_FDDI:
-#endif
-#ifdef CONFIG_NET_FC
case ARPHRD_IEEE802:
-#endif
-#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
- defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
/*
* ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
* devices, according to RFC 2625) devices will accept ARP
@@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *s
arp->ar_pro != htons(ETH_P_IP))
goto out;
break;
-#endif
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
case ARPHRD_AX25:
if (arp->ar_pro != htons(AX25_P_IP) ||
arp->ar_hrd != htons(ARPHRD_AX25))
goto out;
break;
-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
case ARPHRD_NETROM:
if (arp->ar_pro != htons(AX25_P_IP) ||
arp->ar_hrd != htons(ARPHRD_NETROM))
goto out;
break;
-#endif
-#endif
}
/* Understand only these message types */
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <[email protected]>
[CRYPTO] api: Fix potential race in crypto_remove_spawn
[ Upstream commit: 38cb2419f544ad413c7f7aa8c17fd7377610cdd8 ]
As it is crypto_remove_spawn may try to unregister an instance which is
yet to be registered. This patch fixes this by checking whether the
instance has been registered before attempting to remove it.
It also removes a bogus cra_destroy check in crypto_register_instance as
1) it's outside the mutex;
2) we have a check in __crypto_register_alg already.
Signed-off-by: Herbert Xu <[email protected]>
Cc: David Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
crypto/algapi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct c
return;
inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
+ if (hlist_unhashed(&inst->list))
+ return;
+
if (!tmpl || !crypto_tmpl_get(tmpl))
return;
@@ -333,9 +336,6 @@ int crypto_register_instance(struct cryp
LIST_HEAD(list);
int err = -EINVAL;
- if (inst->alg.cra_destroy)
- goto err;
-
err = crypto_check_alg(&inst->alg);
if (err)
goto err;
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: chas williams <[email protected]>
[ATM]: [he] initialize lock and tasklet earlier
[ Upstream commit: 8a8037ac9dbe4eb20ce50aa20244faf77444f4a3 ]
if you are lucky (unlucky?) enough to have shared interrupts, the
interrupt handler can be called before the tasklet and lock are ready
for use.
Signed-off-by: chas williams <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Cc: David Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/atm/he.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/atm/he.c
+++ b/drivers/atm/he.c
@@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, con
he_dev->atm_dev->dev_data = he_dev;
atm_dev->dev_data = he_dev;
he_dev->number = atm_dev->number;
+#ifdef USE_TASKLET
+ tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
+#endif
+ spin_lock_init(&he_dev->global_lock);
+
if (he_start(atm_dev)) {
he_stop(he_dev);
err = -ENODEV;
@@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
if ((err = he_init_irq(he_dev)) != 0)
return err;
-#ifdef USE_TASKLET
- tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
-#endif
- spin_lock_init(&he_dev->global_lock);
-
/* 4.11 enable pci bus controller state machines */
host_cntl |= (OUTFF_ENB | CMDFF_ENB |
QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Florian Zumbiehl <[email protected]>
[UNIX]: EOF on non-blocking SOCK_SEQPACKET
[ Upstream commit: 0a11225887fe6cbccd882404dc36ddc50f47daf9 ]
I am not absolutely sure whether this actually is a bug (as in: I've got
no clue what the standards say or what other implementations do), but at
least I was pretty surprised when I noticed that a recv() on a
non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
oriented, after all) where the remote end has closed the connection
returned -1 (EAGAIN) rather than 0 to indicate end of file.
This is a test case:
| #include <sys/types.h>
| #include <unistd.h>
| #include <sys/socket.h>
| #include <sys/un.h>
| #include <fcntl.h>
| #include <string.h>
| #include <stdlib.h>
|
| int main(){
| int sock;
| struct sockaddr_un addr;
| char buf[4096];
| int pfds[2];
|
| pipe(pfds);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| addr.sun_family=AF_UNIX;
| strcpy(addr.sun_path,"/tmp/foobar_testsock");
| bind(sock,(struct sockaddr *)&addr,sizeof(addr));
| listen(sock,1);
| if(fork()){
| close(sock);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| connect(sock,(struct sockaddr *)&addr,sizeof(addr));
| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
| close(pfds[1]);
| read(pfds[0],buf,sizeof(buf));
| recv(sock,buf,sizeof(buf),0); // <-- this one
| }else accept(sock,NULL,NULL);
| exit(0);
| }
If you try it, make sure /tmp/foobar_testsock doesn't exist.
The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
patch that fixes that.
Signed-off-by: Florian Zumbiehl <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/unix/af_unix.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1608,8 +1608,15 @@ static int unix_dgram_recvmsg(struct kio
mutex_lock(&u->readlock);
skb = skb_recv_datagram(sk, flags, noblock, &err);
- if (!skb)
+ if (!skb) {
+ unix_state_lock(sk);
+ /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
+ if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
+ (sk->sk_shutdown & RCV_SHUTDOWN))
+ err = 0;
+ unix_state_unlock(sk);
goto out_unlock;
+ }
wake_up_interruptible(&u->peer_wait);
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Pablo Neira Ayuso <[email protected]>
[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
[ Upstream commit: e03ba84adb62fbc6049325a5bc00ef6932fa5e39 ]
If a zero length pattern is passed then return EINVAL.
Avoids infinite loops (bm) or invalid memory accesses (kmp).
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
lib/textsearch.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/lib/textsearch.c
+++ b/lib/textsearch.c
@@ -7,7 +7,7 @@
* 2 of the License, or (at your option) any later version.
*
* Authors: Thomas Graf <[email protected]>
- * Pablo Neira Ayuso <[email protected]>
+ * Pablo Neira Ayuso <[email protected]>
*
* ==========================================================================
*
@@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(
* the various search algorithms.
*
* Returns a new textsearch configuration according to the specified
- * parameters or a ERR_PTR().
+ * parameters or a ERR_PTR(). If a zero length pattern is passed, this
+ * function returns EINVAL.
*/
struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
unsigned int len, gfp_t gfp_mask, int flags)
@@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(con
struct ts_config *conf;
struct ts_ops *ops;
+ if (len == 0)
+ return ERR_PTR(-EINVAL);
+
ops = lookup_ts_algo(algo);
#ifdef CONFIG_KMOD
/*
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Stephen Hemminger <[email protected]>
[TCP] illinois: Incorrect beta usage
[ Upstream commit: a357dde9df33f28611e6a3d4f88265e39bcc8880 ]
Lachlan Andrew observed that my TCP-Illinois implementation uses the
beta value incorrectly:
The parameter beta in the paper specifies the amount to decrease
*by*: that is, on loss,
W <- W - beta*W
but in tcp_illinois_ssthresh() uses beta as the amount
to decrease *to*: W <- beta*W
This bug makes the Linux TCP-Illinois get less-aggressive on uncongested network,
hurting performance. Note: since the base beta value is .5, it has no
impact on a congested network.
Signed-off-by: Stephen Hemminger <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp_illinois.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -300,7 +300,7 @@ static u32 tcp_illinois_ssthresh(struct
struct illinois *ca = inet_csk_ca(sk);
/* Multiplicative decrease */
- return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U);
+ return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: David Howells <[email protected]>
[RXRPC]: Add missing select on CRYPTO
[ Upstream commit: d5a784b3719ae364f49ecff12a0248f6e4252720 ]
AF_RXRPC uses the crypto services, so should depend on or select CRYPTO.
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rxrpc/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/net/rxrpc/Kconfig
+++ b/net/rxrpc/Kconfig
@@ -5,6 +5,7 @@
config AF_RXRPC
tristate "RxRPC session sockets"
depends on INET && EXPERIMENTAL
+ select CRYPTO
select KEYS
help
Say Y or M here to include support for RxRPC session sockets (just
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Evgeniy Polyakov <[email protected]>
[IPV6]: Restore IPv6 when MTU is big enough
[ Upstream commit: d31c7b8fa303eb81311f27b80595b8d2cbeef950 ]
Avaid provided test application, so bug got fixed.
IPv6 addrconf removes ipv6 inner device from netdev each time cmu
changes and new value is less than IPV6_MIN_MTU (1280 bytes).
When mtu is changed and new value is greater than IPV6_MIN_MTU,
it does not add ipv6 addresses and inner device bac.
This patch fixes that.
Tested with Avaid's application, which works ok now.
Signed-off-by: Evgeniy Polyakov <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv6/addrconf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2285,6 +2285,9 @@ static int addrconf_notify(struct notifi
break;
}
+ if (!idev && dev->mtu >= IPV6_MIN_MTU)
+ idev = ipv6_add_dev(dev);
+
if (idev)
idev->if_flags |= IF_READY;
} else {
@@ -2349,12 +2352,18 @@ static int addrconf_notify(struct notifi
break;
case NETDEV_CHANGEMTU:
- if ( idev && dev->mtu >= IPV6_MIN_MTU) {
+ if (idev && dev->mtu >= IPV6_MIN_MTU) {
rt6_mtu_change(dev, dev->mtu);
idev->cnf.mtu6 = dev->mtu;
break;
}
+ if (!idev && dev->mtu >= IPV6_MIN_MTU) {
+ idev = ipv6_add_dev(dev);
+ if (idev)
+ break;
+ }
+
/* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
case NETDEV_DOWN:
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Pavel Emelyanov <[email protected]>
[DECNET]: dn_nl_deladdr() almost always returns no error
[ Upstream commit: 3ccd86241b277249d5ac08e91eddfade47184520 ]
As far as I see from the err variable initialization
the dn_nl_deladdr() routine was designed to report errors
like "EADDRNOTAVAIL" and probaby "ENODEV".
But the code sets this err to 0 after the first nlmsg_parse
and goes on, returning this 0 in any case.
Signed-off-by: Pavel Emelyanov <[email protected]>
Acked-by: Steven Whitehouse <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/decnet/dn_dev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -651,16 +651,18 @@ static int dn_nl_deladdr(struct sk_buff
struct dn_dev *dn_db;
struct ifaddrmsg *ifm;
struct dn_ifaddr *ifa, **ifap;
- int err = -EADDRNOTAVAIL;
+ int err;
err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy);
if (err < 0)
goto errout;
+ err = -ENODEV;
ifm = nlmsg_data(nlh);
if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL)
goto errout;
+ err = -EADDRNOTAVAIL;
for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) {
if (tb[IFA_LOCAL] &&
nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2))
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Pavel Emelyanov <[email protected]>
[BRIDGE]: Lost call to br_fdb_fini() in br_init() error path
[ Upstream commit: 17efdd45755c0eb8d1418a1368ef7c7ebbe98c6e ]
In case the br_netfilter_init() (or any subsequent call)
fails, the br_fdb_fini() must be called to free the allocated
in br_fdb_init() br_fdb_cache kmem cache.
Signed-off-by: Pavel Emelyanov <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/bridge/br.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -39,7 +39,7 @@ static int __init br_init(void)
err = br_fdb_init();
if (err)
- goto err_out1;
+ goto err_out;
err = br_netfilter_init();
if (err)
@@ -65,6 +65,8 @@ err_out3:
err_out2:
br_netfilter_fini();
err_out1:
+ br_fdb_fini();
+err_out:
llc_sap_put(br_stp_sap);
return err;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Neil Brown <[email protected]>
patch b8da0d1c27f144bce999c653467106f3f0d5a308 in mainline.
fsid_source decided where to get the 'fsid' number to
return for a GETATTR based on the type of filehandle.
It can be from the device, from the fsid, or from the
UUID.
It is possible for the filehandle to be inconsistent
with the export information, so make sure the export information
actually has the info implied by the value returned by
fsid_source.
Signed-off-by: Neil Brown <[email protected]>
Cc: "Luiz Fernando N. Capitulino" <[email protected]>
Signed-off-by: "J. Bruce Fields" <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Cc: Oliver Pintr <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/nfsd/nfsfh.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -565,13 +565,23 @@ enum fsid_source fsid_source(struct svc_
case FSID_DEV:
case FSID_ENCODE_DEV:
case FSID_MAJOR_MINOR:
- return FSIDSOURCE_DEV;
+ if (fhp->fh_export->ex_dentry->d_inode->i_sb->s_type->fs_flags
+ & FS_REQUIRES_DEV)
+ return FSIDSOURCE_DEV;
+ break;
case FSID_NUM:
- return FSIDSOURCE_FSID;
- default:
if (fhp->fh_export->ex_flags & NFSEXP_FSID)
return FSIDSOURCE_FSID;
- else
- return FSIDSOURCE_UUID;
+ break;
+ default:
+ break;
}
+ /* either a UUID type filehandle, or the filehandle doesn't
+ * match the export.
+ */
+ if (fhp->fh_export->ex_flags & NFSEXP_FSID)
+ return FSIDSOURCE_FSID;
+ if (fhp->fh_export->ex_uuid)
+ return FSIDSOURCE_UUID;
+ return FSIDSOURCE_DEV;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Greg Kroah-Hartman <[email protected]>
This reverts the following changeset in 2.6.22.10 that caused a lot of
reported problems.
From: Mark Lord <[email protected]>
commit 4047727e5ae33f9b8d2b7766d1994ea6e5ec2991 from upstream
We need to disable all CPUs other than the boot CPU (usually 0) before
attempting to power-off modern SMP machines. This fixes the
hang-on-poweroff issue on my MythTV SMP box, and also on Thomas Gleixner's
new toybox.
Signed-off-by: Mark Lord <[email protected]>
Acked-by: Thomas Gleixner <[email protected]>
Cc: "Rafael J. Wysocki" <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
There still is a remaining shutdown problem in 2.6.22 with old APM based
systems, but this fix is not the correct one
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/sys.c | 2 --
1 file changed, 2 deletions(-)
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -31,7 +31,6 @@
#include <linux/cn_proc.h>
#include <linux/getcpu.h>
#include <linux/task_io_accounting_ops.h>
-#include <linux/cpu.h>
#include <linux/compat.h>
#include <linux/syscalls.h>
@@ -866,7 +865,6 @@ EXPORT_SYMBOL_GPL(kernel_halt);
void kernel_power_off(void)
{
kernel_shutdown_prepare(SYSTEM_POWER_OFF);
- disable_nonboot_cpus();
printk(KERN_EMERG "Power down.\n");
machine_power_off();
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Rafael J. Wysocki <[email protected]>
patch 978c7b2ff49597ab76ff7529a933bd366941ac25 in mainline
Fix breakage caused by commit 831441862956fffa17b9801db37e6ea1650b0f69
that did not introduce the necessary call to set_freezable() in
xfs/linux-2.6/xfs_buf.c .
SGI-PV: 974224
SGI-Modid: xfs-linux-melb:xfs-kern:30203a
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: David Chinner <[email protected]>
Signed-off-by: Lachlan McIlroy <[email protected]>
Cc: Oliver Pintr <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/xfs/linux-2.6/xfs_buf.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/xfs/linux-2.6/xfs_buf.c
+++ b/fs/xfs/linux-2.6/xfs_buf.c
@@ -1733,6 +1733,8 @@ xfsbufd(
current->flags |= PF_MEMALLOC;
+ set_freezable();
+
do {
if (unlikely(freezing(current))) {
set_bit(XBT_FORCE_SLEEP, &target->bt_flags);
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Patrick McHardy <[email protected]>
[XFRM]: Fix leak of expired xfrm_states
[ Upstream commit: 5dba4797115c8fa05c1a4d12927a6ae0b33ffc41 ]
The xfrm_timer calls __xfrm_state_delete, which drops the final reference
manually without triggering destruction of the state. Change it to use
xfrm_state_put to add the state to the gc list when we're dropping the
last reference. The timer function may still continue to use the state
safely since the final destruction does a del_timer_sync().
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/xfrm/xfrm_state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -371,7 +371,7 @@ int __xfrm_state_delete(struct xfrm_stat
* The xfrm_state_alloc call gives a reference, and that
* is what we are dropping here.
*/
- __xfrm_state_put(x);
+ xfrm_state_put(x);
err = 0;
}
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Patrick McHardy <[email protected]>
[NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON
[ Upstream commit: 9dc0564e862b1b9a4677dec2c736b12169e03e99 ]
ipv6_skip_exthdr() returns -1 for invalid packets. don't WARN_ON
that.
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/netfilter/xt_TCPMSS.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -178,10 +178,8 @@ xt_tcpmss_target6(struct sk_buff **pskb,
nexthdr = ipv6h->nexthdr;
tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
- if (tcphoff < 0) {
- WARN_ON(1);
+ if (tcphoff < 0)
return NF_DROP;
- }
ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
sizeof(*ipv6h) + sizeof(struct tcphdr));
if (ret < 0)
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Tejun Heo <[email protected]>
patch 459ad68893a84fb0881e57919340b97edbbc3dc7 in mainline.
Spurious NCQ completion detection implemented in ahci was incorrect.
On AHCI receving and processing FISes and raising interrupts are not
interlocked and spurious interrupts are expected.
For example, if an interrupt occurs while interrupt handler is running
and the running interrupt handler handles the event the new IRQ
indicated, after IRQ handler finishes, it will be executed again
because IRQ pending bit is set by the new interrupt but there won't be
anything to process.
Please read the following message for more information.
http://article.gmane.org/gmane.linux.ide/26012
This patch...
* Removes all spurious IRQ whining from ahci. Spurious NCQ completion
detection was completely wrong. Spurious D2H Register FIS taught us
that some early drives send spurious D2H Register FIS with I bit set
while NCQ commands are in progress but none of recent drives does
that and even the ones which show such behavior can do NCQ fine.
* Kills all NCQ blacklist entries which were added because of spurious
NCQ completions. I tracked down each commit and verified all
removed ones are actually added because of spurious completions.
WD740ADFD-00NLR1 wasn't deleted but moved upward because the drive
not only had spurious NCQ completions but also is slow on sequential
data transfers if NCQ is enabled.
Maxtor 7V300F0 was added by 0e3dbc01d53940fe10e5a5cfec15ede3e929c918
from Alan Cox. I can only find evidences that the drive only had
troubles with spuruious completions by searching the mailing list.
This entry needs to be verified and removed if it doesn't have other
NCQ related problems.
Signed-off-by: Tejun Heo <[email protected]>
Cc: Alan Cox <[email protected]>
Signed-off-by: Jeff Garzik <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/ata/ahci.c | 65 ----------------------------------------------
drivers/ata/libata-core.c | 10 -------
2 files changed, 2 insertions(+), 73 deletions(-)
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1241,7 +1241,7 @@ static void ahci_host_intr(struct ata_po
struct ata_eh_info *ehi = &ap->eh_info;
struct ahci_port_priv *pp = ap->private_data;
u32 status, qc_active;
- int rc, known_irq = 0;
+ int rc;
status = readl(port_mmio + PORT_IRQ_STAT);
writel(status, port_mmio + PORT_IRQ_STAT);
@@ -1257,74 +1257,11 @@ static void ahci_host_intr(struct ata_po
qc_active = readl(port_mmio + PORT_CMD_ISSUE);
rc = ata_qc_complete_multiple(ap, qc_active, NULL);
- if (rc > 0)
- return;
if (rc < 0) {
ehi->err_mask |= AC_ERR_HSM;
ehi->action |= ATA_EH_SOFTRESET;
ata_port_freeze(ap);
- return;
- }
-
- /* hmmm... a spurious interupt */
-
- /* if !NCQ, ignore. No modern ATA device has broken HSM
- * implementation for non-NCQ commands.
- */
- if (!ap->sactive)
- return;
-
- if (status & PORT_IRQ_D2H_REG_FIS) {
- if (!pp->ncq_saw_d2h)
- ata_port_printk(ap, KERN_INFO,
- "D2H reg with I during NCQ, "
- "this message won't be printed again\n");
- pp->ncq_saw_d2h = 1;
- known_irq = 1;
- }
-
- if (status & PORT_IRQ_DMAS_FIS) {
- if (!pp->ncq_saw_dmas)
- ata_port_printk(ap, KERN_INFO,
- "DMAS FIS during NCQ, "
- "this message won't be printed again\n");
- pp->ncq_saw_dmas = 1;
- known_irq = 1;
- }
-
- if (status & PORT_IRQ_SDB_FIS) {
- const __le32 *f = pp->rx_fis + RX_FIS_SDB;
-
- if (le32_to_cpu(f[1])) {
- /* SDB FIS containing spurious completions
- * might be dangerous, whine and fail commands
- * with HSM violation. EH will turn off NCQ
- * after several such failures.
- */
- ata_ehi_push_desc(ehi,
- "spurious completions during NCQ "
- "issue=0x%x SAct=0x%x FIS=%08x:%08x",
- readl(port_mmio + PORT_CMD_ISSUE),
- readl(port_mmio + PORT_SCR_ACT),
- le32_to_cpu(f[0]), le32_to_cpu(f[1]));
- ehi->err_mask |= AC_ERR_HSM;
- ehi->action |= ATA_EH_SOFTRESET;
- ata_port_freeze(ap);
- } else {
- if (!pp->ncq_saw_sdb)
- ata_port_printk(ap, KERN_INFO,
- "spurious SDB FIS %08x:%08x during NCQ, "
- "this message won't be printed again\n",
- le32_to_cpu(f[0]), le32_to_cpu(f[1]));
- pp->ncq_saw_sdb = 1;
- }
- known_irq = 1;
}
-
- if (!known_irq)
- ata_port_printk(ap, KERN_INFO, "spurious interrupt "
- "(irq_stat 0x%x active_tag 0x%x sactive 0x%x)\n",
- status, ap->active_tag, ap->sactive);
}
static void ahci_irq_clear(struct ata_port *ap)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -3785,6 +3785,7 @@ static const struct ata_blacklist_entry
/* Devices where NCQ should be avoided */
/* NCQ is slow */
{ "WDC WD740ADFD-00", NULL, ATA_HORKAGE_NONCQ },
+ { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
/* http://thread.gmane.org/gmane.linux.ide/14907 */
{ "FUJITSU MHT2060BH", NULL, ATA_HORKAGE_NONCQ },
/* NCQ is broken */
@@ -3803,15 +3804,6 @@ static const struct ata_blacklist_entry
{ "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, },
{ "HTS541080G9SA00", "MB4OC60D", ATA_HORKAGE_NONCQ, },
{ "HTS541010G9SA00", "MBZOC60D", ATA_HORKAGE_NONCQ, },
- /* Drives which do spurious command completion */
- { "HTS541680J9SA00", "SB2IC7EP", ATA_HORKAGE_NONCQ, },
- { "HTS541612J9SA00", "SBDIC7JP", ATA_HORKAGE_NONCQ, },
- { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, },
- { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
- { "FUJITSU MHV2080BH", "00840028", ATA_HORKAGE_NONCQ, },
- { "ST9160821AS", "3.CLF", ATA_HORKAGE_NONCQ, },
- { "ST3160812AS", "3.AD", ATA_HORKAGE_NONCQ, },
- { "SAMSUNG HD401LJ", "ZZ100-15", ATA_HORKAGE_NONCQ, },
/* End Marker */
{ }
--
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Pavel Emelyanov <[email protected]>
[BRIDGE]: Properly dereference the br_should_route_hook
[ Upstream commit: 82de382ce8e1c7645984616728dc7aaa057821e4 ]
This hook is protected with the RCU, so simple
if (br_should_route_hook)
br_should_route_hook(...)
is not enough on some architectures.
Use the rcu_dereference/rcu_assign_pointer in this case.
Fixed Stephen's comment concerning using the typeof().
Signed-off-by: Pavel Emelyanov <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/bridge/br_input.c | 7 ++++---
net/bridge/netfilter/ebtable_broute.c | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -127,6 +127,7 @@ static inline int is_link_local(const un
struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
{
const unsigned char *dest = eth_hdr(skb)->h_dest;
+ int (*rhook)(struct sk_buff **pskb);
if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
goto drop;
@@ -148,9 +149,9 @@ struct sk_buff *br_handle_frame(struct n
switch (p->state) {
case BR_STATE_FORWARDING:
-
- if (br_should_route_hook) {
- if (br_should_route_hook(&skb))
+ rhook = rcu_dereference(br_should_route_hook);
+ if (rhook != NULL) {
+ if (rhook(&skb))
return skb;
dest = eth_hdr(skb)->h_dest;
}
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -70,13 +70,13 @@ static int __init ebtable_broute_init(vo
if (ret < 0)
return ret;
/* see br_input.c */
- br_should_route_hook = ebt_broute;
+ rcu_assign_pointer(br_should_route_hook, ebt_broute);
return ret;
}
static void __exit ebtable_broute_fini(void)
{
- br_should_route_hook = NULL;
+ rcu_assign_pointer(br_should_route_hook, NULL);
synchronize_net();
ebt_unregister_table(&broute_table);
}
--
On Wed, Dec 12, 2007 at 10:33:08PM -0800, Greg KH wrote:
> This is the start of the stable review cycle for the 2.6.22.15 release.
> There are 36 patches in this series, all will be posted as a response to
> this one. If anyone has any issues with these being applied, please let
> us know. If anyone is a maintainer of the proper subsystem, and wants
> to add a Signed-off-by: line to the patch, please respond with it.
The rolled-up patch can be found at:
kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.22.15-rc1.gz
the full diffstat can be found below for those interested.
thanks,
greg k-h
---------------
Makefile | 2 -
crypto/algapi.c | 6 +--
drivers/ata/ahci.c | 65 ----------------------------------
drivers/ata/libata-core.c | 10 -----
drivers/atm/he.c | 10 ++---
drivers/block/rd.c | 13 ++++++
drivers/isdn/i4l/isdn_common.c | 5 ++
drivers/isdn/i4l/isdn_net.c | 8 ++--
drivers/net/atl1/atl1_main.c | 25 ++++++-------
drivers/net/forcedeth.c | 38 +++++++++++++------
drivers/usb/host/ehci-hcd.c | 5 ++
drivers/usb/image/microtek.c | 2 -
drivers/video/fb_ddc.c | 8 ++--
fs/nfsd/nfsfh.c | 20 +++++++---
fs/xfs/linux-2.6/xfs_buf.c | 2 +
include/linux/pci_ids.h | 4 ++
include/linux/thread_info.h | 17 +++++++-
include/net/tcp.h | 3 +
kernel/exit.c | 2 -
kernel/futex.c | 25 ++++++-------
kernel/hrtimer.c | 8 ++++
kernel/sys.c | 2 -
lib/libcrc32c.c | 7 +--
lib/textsearch.c | 8 +++-
mm/shmem.c | 5 +-
net/bridge/br.c | 4 +-
net/bridge/br_input.c | 7 ++-
net/bridge/netfilter/ebtable_broute.c | 4 +-
net/decnet/dn_dev.c | 4 +-
net/ipv4/arp.c | 19 ---------
net/ipv4/netfilter/nf_nat_core.c | 2 -
net/ipv4/route.c | 8 +---
net/ipv4/sysctl_net_ipv4.c | 2 -
net/ipv4/tcp_illinois.c | 2 -
net/ipv4/tcp_output.c | 1
net/ipv6/addrconf.c | 11 +++++
net/key/af_key.c | 2 -
net/netfilter/xt_TCPMSS.c | 4 --
net/rxrpc/Kconfig | 1
net/unix/af_unix.c | 9 ++++
net/xfrm/xfrm_state.c | 2 -
41 files changed, 190 insertions(+), 192 deletions(-)
> -----Message d'origine-----
> De : [email protected]
> [mailto:[email protected]] De la part de Greg KH
> Envoy? : 13 d?cembre 2007 01:35
>
> 2.6.22-stable review patch. If anyone has any objections,
> please let us know.
>
> ------------------
> From: Rafael J. Wysocki <[email protected]>
>
> patch 978c7b2ff49597ab76ff7529a933bd366941ac25 in mainline
>
> Fix breakage caused by commit 831441862956fffa17b9801db37e6ea1650b0f69
> that did not introduce the necessary call to set_freezable()
> in xfs/linux-2.6/xfs_buf.c .
>
> SGI-PV: 974224
> SGI-Modid: xfs-linux-melb:xfs-kern:30203a
>
> Signed-off-by: Rafael J. Wysocki <[email protected]>
> Signed-off-by: David Chinner <[email protected]>
> Signed-off-by: Lachlan McIlroy <[email protected]>
> Cc: Oliver Pintr <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>
> ---
Hi Greg,
Don't know if it is related but I got this while building on Debian Etch 4.0:
Building modules, stage 2.
MODPOST 1882 modules
ERROR: "set_freezable" [fs/xfs/xfs.ko] undefined!
make[2]: *** [__modpost] Error 1
make[1]: *** [modules] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.22.15-rc1-cfs-etch-686-envcan'
make: *** [debian/stamp-build-kernel] Error 2
- vin
http://lwn.net/Articles/235908/
On 12/13/07, Fortier,Vincent [Montreal] <[email protected]> wrote:
> > -----Message d'origine-----
> > De : [email protected]
> > [mailto:[email protected]] De la part de Greg KH
> > Envoy? : 13 d?cembre 2007 01:35
> >
> > 2.6.22-stable review patch. If anyone has any objections,
> > please let us know.
> >
> > ------------------
> > From: Rafael J. Wysocki <[email protected]>
> >
> > patch 978c7b2ff49597ab76ff7529a933bd366941ac25 in mainline
> >
> > Fix breakage caused by commit 831441862956fffa17b9801db37e6ea1650b0f69
> > that did not introduce the necessary call to set_freezable()
> > in xfs/linux-2.6/xfs_buf.c .
> >
> > SGI-PV: 974224
> > SGI-Modid: xfs-linux-melb:xfs-kern:30203a
> >
> > Signed-off-by: Rafael J. Wysocki <[email protected]>
> > Signed-off-by: David Chinner <[email protected]>
> > Signed-off-by: Lachlan McIlroy <[email protected]>
> > Cc: Oliver Pintr <[email protected]>
> > Signed-off-by: Greg Kroah-Hartman <[email protected]>
> >
> > ---
>
> Hi Greg,
>
> Don't know if it is related but I got this while building on Debian Etch
> 4.0:
> Building modules, stage 2.
> MODPOST 1882 modules
> ERROR: "set_freezable" [fs/xfs/xfs.ko] undefined!
> make[2]: *** [__modpost] Error 1
> make[1]: *** [modules] Error 2
> make[1]: Leaving directory
> `/usr/src/linux-headers-2.6.22.15-rc1-cfs-etch-686-envcan'
> make: *** [debian/stamp-build-kernel] Error 2
>
> - vin
>
--
Thanks,
Oliver
http://lwn.net/Articles/235908/
or then drop this patch... while to big change are im kernel
On Thu, Dec 13, 2007 at 08:16:46PM +0100, Oliv?r Pint?r wrote:
> http://lwn.net/Articles/235908/
>
> or then drop this patch... while to big change are im kernel
It's now dropped.
Oliver, in the future, can you at least test the patches you wish to
have applied to the -stable tree? :)
thanks,
greg k-h