1. 16 Oct, 2009 2 commits
    • Andrew Morton's avatar
      simplify · 206df4df
      Andrew Morton authored
      Cc: Amerigo Wang <amwang@redhat.com>
      Cc: Ben Woodard <bwoodard@llnl.gov>
      Cc: Brian Behlendorf <behlendorf1@llnl.gov>
      Cc: David Howells <dhowells@redhat.com>
      Cc: WANG Cong <amwang@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      206df4df
    • Amerigo Wang's avatar
      rwsem_is_locked() tests ->activity without locks, so we should always keep · 2580e032
      Amerigo Wang authored
      ->activity consistent.  However, the code in __rwsem_do_wake() breaks this
      rule, it updates ->activity after _all_ readers waken up, this may give
      some reader a wrong ->activity value, thus cause rwsem_is_locked() behaves
      wrong.
      
      Quote from Andrew:
      
      "
      - we have one or more processes sleeping in down_read(), waiting for access.
      
      - we wake one or more processes up without altering ->activity
      
      - they start to run and they do rwsem_is_locked().  This incorrectly
        returns "false", because the waker process is still crunching away in
        __rwsem_do_wake().
      
      - the waker now alters ->activity, but it was too late.
      "
      
      So we need get a spinlock to protect this.  And rwsem_is_locked() should
      not block, thus we use spin_trylock_irqsave().
      Reported-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
      Cc: Ben Woodard <bwoodard@llnl.gov>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarWANG Cong <amwang@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      2580e032
  2. 14 Oct, 2009 1 commit
  3. 11 Nov, 2009 1 commit
  4. 13 Oct, 2009 2 commits
    • H Hartley Sweeten's avatar
      The symbol 'call' is a static symbol used for initcall_debug. This same · eb62bab7
      H Hartley Sweeten authored
      symbol name is used locally by a couple functions and produces the
      following sparse warnings:
      
      	warning: symbol 'call' shadows an earlier one
      
      Fix this noise by renaming the local symbols.
      Signed-off-by: default avatarH Hartley Sweeten <hsweeten@visionengravers.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      eb62bab7
    • Daniel Mack's avatar
      On Mon, Oct 12, 2009 at 12:31:46PM -0400, H Hartley Sweeten wrote: · e8a65c9e
      Daniel Mack authored
      > On Wednesday, October 07, 2009 1:01 PM, Daniel Mack wrote:
      > > This is actually too trivial to publish, but to export the function of
      > > that chip to the userspace, a module like this is needed.
      > >
      > > Signed-off-by: Daniel Mack <daniel@caiaq.de>
      > > Cc: Andrew Morton <akpm@linux-foundation.org>
      > > Cc: David Brownell <dbrownell@users.sourceforge.net>
      > > Cc: spi-devel-general@lists.sourceforge.net
      > > ---
      >
      > [snip]
      >
      > > +static ssize_t dac7512_store_val(struct device *dev,
      > > +				 struct device_attribute *attr,
      > > +				 const char *buf, size_t count)
      > > +{
      > > +	struct spi_device *spi = to_spi_device(dev);
      > > +	unsigned char tmp[2];
      > > +	unsigned long val;
      > > +
      > > +	if (strict_strtoul(buf, 10, &val) < 0)
      > > +		return -EINVAL;
      > > +
      > > +	tmp[0] = val >> 8;
      > > +	tmp[1] = val & 0xff;
      > > +	spi_write(spi, tmp, sizeof(tmp));
      > > +	return count;
      > > +}
      > > +
      > > +static DEVICE_ATTR(value, S_IWUSR | S_IRUGO,
      > > +		   NULL, dac7512_store_val);
      >
      > You have declared the "value" device attribute with mode S_IWUSR | S_IRUGO
      > but have not provided a show callback.
      
      Sorry, forget my last mail, I got you wrong. You're of course right,
      S_IRUGO shouldn't be set for write-only attributes. Updates patch below.
      
      Thanks,
      Daniel
      
      >From ab18a967e55d2bb1d39559333bca81a01c2838f0 Mon Sep 17 00:00:00 2001
      Date: Thu, 8 Oct 2009 03:55:46 +0800
      Subject: [PATCH] drivers/misc: add driver for Texas Instruments DAC7512
      This is actually too trivial to publish, but to export the function of
      that chip to the userspace, a module like this is needed.
      Signed-off-by: default avatarDaniel Mack <daniel@caiaq.de>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: "H Hartley Sweeten" <hartleys@visionengravers.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      e8a65c9e
  5. 26 Oct, 2009 1 commit
  6. 23 Sep, 2009 1 commit
  7. 09 Oct, 2009 1 commit
  8. 11 Nov, 2009 1 commit
  9. 30 Sep, 2009 2 commits
  10. 28 Oct, 2009 1 commit
    • Andrew Lunn's avatar
      There is a race condition in um_request_irq(). The SIGIO handling is · 356968d7
      Andrew Lunn authored
      first enabled with the call to activate_fd().  The irq handler is then
      registered with request_irq().  What can happen is that directly after
      activate_fd() the SIGIO goes off and the IRQ source is disabled at the low
      level, the pollfd is set to -1.  Since no irq handler has yet been
      registered, the interrupt it left disabled at the low level.  The
      interrupt handler is then registered, but its too late, the interrupt
      source has been disabled at the lower level and is never re-enabled.  To
      fix this race condition i swapped the order.  First request_irq() then
      activate_fd() the interrupt sources.
      
      There is a second bug.  In 2.6.31 there was a change to the way __do_IRQ()
      and friends work for chained interrupt sources.  The old way was that all
      chained interrupt handlers were called.  The new way is that the chain is
      walked only until a handler returns IRQ_HANDLED or IRQ_WAKE_THREAD. 
      uml_net_interrupt() would always return IRQ_HANDLED, irrespective of if
      the device really did receive an interrupt or not.  This mean with the new
      code only the first device on a chained interrupt ever got its interrupts
      handled.  The second/third/...  device never got any interrupts processed.
       I changed uml_net_interrupt() to always return IRQ_NONE so that all
      handlers get called on a chained interrupt.
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Cc: Jeff Dike <jdike@addtoit.com>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      356968d7
  11. 30 Sep, 2009 1 commit
  12. 14 Oct, 2009 1 commit
    • Arjan van de Ven's avatar
      gcc is not convinced that the floppy.c ioctl has sufficient bound checks: · ca4665c7
      Arjan van de Ven authored
      In function `copy_from_user',
          inlined from `fd_copyin' at drivers/block/floppy.c:3080,
          inlined from `fd_ioctl' at drivers/block/floppy.c:3503:
      /home/arjan/linux/arch/x86/include/asm/uaccess_32.h:211:
      warning: call to `copy_from_user_overflow' declared with attribute
      warning: copy_from_user buffer size is not provably correct
      
      And frankly, as a human I have a hard time proving the same more or less
      (the size comes from the ioctl argument.  humpf.  maybe.  the code isn't
      very nice)
      
      This patch adds an explicit check to make 100% sure it's safe, better than
      finding out later that there indeed was a gap.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      ca4665c7
  13. 12 Oct, 2009 1 commit
  14. 23 Jul, 2009 1 commit
  15. 03 Nov, 2009 1 commit
  16. 17 Nov, 2009 1 commit
  17. 09 Nov, 2009 1 commit
  18. 17 Nov, 2009 1 commit
  19. 03 Nov, 2009 1 commit
  20. 14 Feb, 2009 2 commits
  21. 09 Nov, 2009 1 commit
  22. 17 Nov, 2009 1 commit
    • Larry Woodman's avatar
      hugetlb_fault() takes the mm->page_table_lock spinlock then calls · 7147153d
      Larry Woodman authored
      hugetlb_cow().  If the alloc_huge_page() in hugetlb_cow() fails due to an
      insufficient huge page pool it calls unmap_ref_private() with the
      mm->page_table_lock held.  unmap_ref_private() then calls
      unmap_hugepage_range() which tries to acquire the mm->page_table_lock.
      
      [<ffffffff810928c3>] print_circular_bug_tail+0x80/0x9f
       [<ffffffff8109280b>] ? check_noncircular+0xb0/0xe8
       [<ffffffff810935e0>] __lock_acquire+0x956/0xc0e
       [<ffffffff81093986>] lock_acquire+0xee/0x12e
       [<ffffffff8111a7a6>] ? unmap_hugepage_range+0x3e/0x84
       [<ffffffff8111a7a6>] ? unmap_hugepage_range+0x3e/0x84
       [<ffffffff814c348d>] _spin_lock+0x40/0x89
       [<ffffffff8111a7a6>] ? unmap_hugepage_range+0x3e/0x84
       [<ffffffff8111afee>] ? alloc_huge_page+0x218/0x318
       [<ffffffff8111a7a6>] unmap_hugepage_range+0x3e/0x84
       [<ffffffff8111b2d0>] hugetlb_cow+0x1e2/0x3f4
       [<ffffffff8111b935>] ? hugetlb_fault+0x453/0x4f6
       [<ffffffff8111b962>] hugetlb_fault+0x480/0x4f6
       [<ffffffff8111baee>] follow_hugetlb_page+0x116/0x2d9
       [<ffffffff814c31a7>] ? _spin_unlock_irq+0x3a/0x5c
       [<ffffffff81107b4d>] __get_user_pages+0x2a3/0x427
       [<ffffffff81107d0f>] get_user_pages+0x3e/0x54
       [<ffffffff81040b8b>] get_user_pages_fast+0x170/0x1b5
       [<ffffffff81160352>] dio_get_page+0x64/0x14a
       [<ffffffff8116112a>] __blockdev_direct_IO+0x4b7/0xb31
       [<ffffffff8115ef91>] blkdev_direct_IO+0x58/0x6e
       [<ffffffff8115e0a4>] ? blkdev_get_blocks+0x0/0xb8
       [<ffffffff810ed2c5>] generic_file_aio_read+0xdd/0x528
       [<ffffffff81219da3>] ? avc_has_perm+0x66/0x8c
       [<ffffffff81132842>] do_sync_read+0xf5/0x146
       [<ffffffff8107da00>] ? autoremove_wake_function+0x0/0x5a
       [<ffffffff81211857>] ? security_file_permission+0x24/0x3a
       [<ffffffff81132fd8>] vfs_read+0xb5/0x126
       [<ffffffff81133f6b>] ? fget_light+0x5e/0xf8
       [<ffffffff81133131>] sys_read+0x54/0x8c
       [<ffffffff81011e42>] system_call_fastpath+0x16/0x1b
      
      This can be fixed by dropping the mm->page_table_lock around the call to
      unmap_ref_private() if alloc_huge_page() fails, its dropped right below in
      the normal path anyway.
      Signed-off-by: default avatarLarry Woodman <lwooman@redhat.com>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Cc: Adam Litke <agl@us.ibm.com>
      Cc: Andy Whitcroft <apw@shadowen.org>
      Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      7147153d
  23. 14 Nov, 2009 1 commit
  24. 13 Nov, 2009 6 commits
    • Hugh Dickins's avatar
      Add a pointer to the ksm page into struct stable_node, holding a reference · b7ceb250
      Hugh Dickins authored
      to the page while the node exists.  Put a pointer to the stable_node into
      the ksm page's ->mapping.
      
      Then we don't need get_ksm_page() while traversing the stable tree: the
      page to compare against is sure to be present and correct, even if it's no
      longer visible through any of its existing rmap_items.
      
      And we can handle the forked ksm page case more efficiently: no need to
      memcmp our way through the tree to find its match.
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      b7ceb250
    • Hugh Dickins's avatar
      Though we still do well to keep rmap_items in the unstable tree without a · 38e81a30
      Hugh Dickins authored
      separate tree_item at the node, for several reasons it becomes awkward to
      keep rmap_items in the stable tree without a separate stable_node: lack of
      space in the nicely-sized rmap_item, the need for an anchor as rmap_items
      are removed, the need for a node even when temporarily no rmap_items are
      attached to it.
      
      So declare struct stable_node (rb_node to place it in the tree and
      hlist_head for the rmap_items hanging off it), and convert stable tree
      handling to use it: without yet taking advantage of it.  Note how one
      stable_tree_insert() of a node now has _two_ stable_tree_append()s of the
      two rmap_items being merged.
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      38e81a30
    • Hugh Dickins's avatar
      Free up a pointer in struct rmap_item, by making the mm_slot's rmap_list a · d02561bf
      Hugh Dickins authored
      singly-linked list: we always traverse that list sequentially, and we
      don't even lose any prefetches (but should consider adding a few later). 
      Name it rmap_list throughout.
      
      Do we need to free up that pointer?  Not immediately, and in the end, we
      could continue to avoid it with a union; but having done the conversion,
      let's keep it this way, since there's no downside, and maybe we'll want
      more in future (struct rmap_item is a cache-friendly 32 bytes on 32-bit
      and 64 bytes on 64-bit, so we shall want to avoid expanding it).
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      d02561bf
    • Hugh Dickins's avatar
      Cleanup: make argument names more consistent from cmp_and_merge_page() · 93c5cded
      Hugh Dickins authored
      down to replace_page(), so that it's easier to follow the rmap_item's page
      and the matching tree_page and the merged kpage through that code.
      
      In some places, e.g.  break_cow(), pass rmap_item instead of separate mm
      and address.
      
      cmp_and_merge_page() initialize tree_page to NULL, to avoid a "may be used
      uninitialized" warning seen in one config by Anil SB.
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      93c5cded
    • Hugh Dickins's avatar
      There is no need for replace_page() to calculate a write-protected prot · 68f51208
      Hugh Dickins authored
      vm_page_prot must already be write-protected for an anonymous page (see
      mm/memory.c do_anonymous_page() for similar reliance on vm_page_prot).
      
      There is no need for try_to_merge_one_page() to get_page and put_page on
      newpage and oldpage: in every case we already hold a reference to each of
      them.
      
      But some instinct makes me move try_to_merge_one_page()'s unlock_page of
      oldpage down after replace_page(): that doesn't increase contention on the
      ksm page, and makes thinking about the transition easier.
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      68f51208
    • Hugh Dickins's avatar
      1. remove_rmap_item_from_tree() is called as a precaution from · 5bfe68c0
      Hugh Dickins authored
         various places: don't dirty the rmap_item cacheline unnecessarily,
         just mask the flags out of the address when they have been set.
      
      2. First get_next_rmap_item() removes an unstable rmap_item from its tree,
         then shortly afterwards cmp_and_merge_page() removes a stable rmap_item
         from its tree: it's easier just to do both at once (but definitely keep
         the BUG_ON(age > 1) which guards against a future omission).
      
      3. When cmp_and_merge_page() moves an rmap_item from unstable to stable
         tree, it does its own rb_erase() and accounting: that's better
         expressed by remove_rmap_item_from_tree().
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Cc: Izik Eidus <ieidus@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      5bfe68c0
  25. 12 Nov, 2009 7 commits